8:04 a.m.
Thanks. I'll try to dig further into this, but for some strange reason,
a compound with <SEQUENCE, PUTROOTFH, GETFH, GETATTRS> is responded to
with <SEQUENCE, PUTROOTFH, SECINFO_NO_NAME>, which causes the session to
be destroyed. A quick look doesn't show me any way that can happen (nor
does a quick read of the spec indicate it's a legal response).
Frank, any ideas?
Daniel
On 04/22/2018 12:39 AM, TomK wrote:
On 4/20/2018 2:31 PM, Daniel Gryniewicz wrote:
Thanks very much Daniel.
Attaching the tcpdump.
What I used:
1) tcpdump -w nfs-trace.dat -s 0
2) tcpdump -r nfs-trace.dat -nnvvveXXS
Cheers,
Tom
> Hi, Tom.
>
> Sorry I missed this when it came in; the new list was not being
> filtered properly.
>
> Rejected Creds is only returned in a few places. It can mean that the
> requested Auth type is completely unknown. This seems unlikely, as
> Ganesha should understand all auth types used by the linux kernel client.
>
> It can mean that AUTH_SHORT was used (which Ganesha doesn't support...).
>
> It can mean that AUTH_GSS was used, but control procedure is unknown.
> Again, unlikely.
>
> It can mean that AUTH_GSS was used with GSS_INIT, but the security
> context was invalid or incorrect.
>
> Unfortunately, tcpdump didn't print enough for us to know. Could you
> get a raw packet capture that we could load into wireshark? Or load
> it yourself, and get a detailed trace of the failed packet?
>
> Thanks,
> Daniel
>
> On 04/19/2018 03:33 AM, TomK wrote:
>> Hey All,
>>
>> I have an external NFS cluster serviced by a VIP. The clients run
>> autofs configured via IPA to provide NFS home directories to client.
>>
>> However, running into an issue on one of the clients and wondering if
>> anyone seen this message from a tcpdump of a simple mount session
>> that's preventing the mount:
>>
>> psql02: mount nfs-c01:/n /m
>>
>> Yields this message
>>
>> ERR 20: Auth Rejected Credentials (client should begin new session)
>>
>> and the mount attempt never exits and never mounts /m . nfs-c01 is a
>> VIP that's serviced by HAproxy / keepalived. nfs-c01 however has a
>> record in IPA Server, both forward and a reverse one. Using one of
>> the underlying hosts that services nfs-c01 works and mounts succeeds
>> for them. All VM hosts are clones of the same template.
>>
>> I have autofs running as part of this IPA client setup and applied
>> the following fix as well:
>>
>> https://access.redhat.com/solutions/3261981
>>
>> /m is a test mount folder I'm using on this client to troubleshoot
>> the autofs mounting issue. So autofs is also running on the same
>> hosts where I'm trying this mount from.
>>
>> Trying to trace the exact source of this error and not quite sure
>> where to look further.
>>
>> idmipa01/02 are the IPA servers. (192.168.0.44/45 respectively)
>> psql01/02 are the problem VM's. (192.168.0.108/124 )
>> nfs01/02 are the NFS hosts. (192.168.0.131/119 )
>> nfs-c01 192.168.0.80
>>
>> This works fine on the other two VM hosts without any issue but I
>> just can't find any difference comparing all the configs and so
>> looking for suggestions to bounce off of.
>>
>