Kerberized安装停止使用Ubuntu21.10(仍在22.10)
Kerberized安装停止使用Ubuntu21.10(仍在22.10)
提问于 2023-03-05 12:06:15
我正在运行一个覆盆子Pi 400与Ubuntu。我曾经使用Ubuntu20.04LTS连接到一个基于Debian的NFS服务器。另外,我正在使用20.04LTS运行另一个客户端,它仍然可以连接到NFS服务器,而不会出现问题。自从我将Raspberry PI升级到21.10 (当时是22.04,现在是22.10),kerberized连接就不再工作了。我还认为,这可能是由于弱密码,应该从内核5.10开始删除。但与此同时,我也在我的Kerberos服务器上关闭了它们,并重新生成了Raspberry Pi的密钥。还是不起作用。我还设置了一个Ubuntu映像(22.04LTS),以检查是否可以连接到该映像。但这也不起作用。因此,我已经证明,问题不是我的基于Debian的NFS服务器(这是相当老的,Debian扩展9.13)。
问题如下:
试图登顶:
sudo mount -t nfs -vvvv -o vers=4.2,sec=krb5i,async,soft vmus01.fritz.box:/srv/nfs4/homes /mnt/vmfs01/srv返回
mount.nfs: timeout set for Sun Mar 5 12:46:14 2023
mount.nfs: trying text-based options 'vers=4.2,sec=krb5i,soft,addr=192.168.178.48,clientaddr=192.168.178.32'
mount.nfs: mount(2): Invalid argument
mount.nfs: an incorrect mount option was specified我假设这个问题与rpc.gssd有关,但我无法找到根本原因。在日志中,我找到了以下信息:
Mär 05 12:44:14 pi400 kernel: audit: type=1400 audit(1678016654.181:199): apparmor="ALLOWED" operation="open" class="file" profile="/usr/sbin/sssd" name="/proc/7126/cmdline" pid=958 comm="sssd_nss" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Mär 05 12:44:14 pi400 sudo[7126]: administrator : TTY=pts/3 ; PWD=/tmp ; USER=root ; COMMAND=/usr/bin/mount -t nfs -vvvv -o vers=4.2,sec=krb5i,async,soft vmus01.fritz.box:/srv/nfs4/homes /mnt/vmfs01/srv
Mär 05 12:44:14 pi400 sudo[7126]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
Mär 05 12:44:14 pi400 kernel: NFS: parsing nfs mount option 'source'
Mär 05 12:44:14 pi400 kernel: NFS: parsing nfs mount option 'vers'
Mär 05 12:44:14 pi400 kernel: NFS: parsing nfs mount option 'sec'
Mär 05 12:44:14 pi400 kernel: NFS: parsing sec=krb5i option
Mär 05 12:44:14 pi400 kernel: NFS: parsing nfs mount option 'soft'
Mär 05 12:44:14 pi400 kernel: NFS: parsing nfs mount option 'addr'
Mär 05 12:44:14 pi400 kernel: NFS: parsing nfs mount option 'clientaddr'
Mär 05 12:44:14 pi400 kernel: NFS: MNTPATH: '/srv/nfs4/homes'
Mär 05 12:44:14 pi400 kernel: --> nfs4_try_get_tree()
Mär 05 12:44:14 pi400 kernel: RPC: set up xprt to 192.168.178.48 (port 2049) via tcp
Mär 05 12:44:14 pi400 rpc.gssd[7119]: inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt5c) ev->mask (0x40000100)
Mär 05 12:44:14 pi400 kernel: RPC: Couldn't create auth handle (flavor 390004)
Mär 05 12:44:14 pi400 kernel: RPC: destroy backchannel transport
Mär 05 12:44:14 pi400 kernel: RPC: backchannel list empty= true
Mär 05 12:44:14 pi400 kernel: RPC: xs_destroy xprt 00000000c38fab83
Mär 05 12:44:14 pi400 kernel: RPC: xs_close xprt 00000000c38fab83
Mär 05 12:44:14 pi400 kernel: nfs_create_rpc_client: cannot create RPC client. Error = -22
Mär 05 12:44:14 pi400 kernel: RPC: set up xprt to 192.168.178.48 (port 2049) via tcp
Mär 05 12:44:14 pi400 kernel: RPC: xs_connect scheduled xprt 0000000038cff69a
Mär 05 12:44:14 pi400 kernel: RPC: xs_bind 0.0.0.0:902: ok (0)
Mär 05 12:44:14 pi400 kernel: RPC: worker connecting xprt 0000000038cff69a via tcp to 192.168.178.48 (port 2049)
Mär 05 12:44:14 pi400 kernel: RPC: 0000000038cff69a connect status 115 connected 0 sock state 2
Mär 05 12:44:14 pi400 kernel: RPC: xs_tcp_state_change client 0000000038cff69a...
Mär 05 12:44:14 pi400 kernel: RPC: state 1 conn 0 dead 0 zapped 1 sk_shutdown 0
Mär 05 12:44:14 pi400 kernel: RPC: xs_tcp_send_request(40) = 0
Mär 05 12:44:14 pi400 kernel: RPC: xs_data_ready...
Mär 05 12:44:14 pi400 kernel: RPC: setup backchannel transport
Mär 05 12:44:14 pi400 kernel: RPC: adding req= 00000000499993bf
Mär 05 12:44:14 pi400 kernel: RPC: setup backchannel transport done
Mär 05 12:44:14 pi400 kernel: svc: initialising pool 0 for NFSv4 callback
Mär 05 12:44:14 pi400 kernel: nfs_callback_create_svc: service created
Mär 05 12:44:14 pi400 kernel: NFS: create per-net callback data; net=f0000000
Mär 05 12:44:14 pi400 kernel: nfs_callback_up: service started
Mär 05 12:44:14 pi400 kernel: NFS: nfs4_discover_server_trunking: testing 'vmus01.fritz.box'
Mär 05 12:44:14 pi400 kernel: RPC: xs_tcp_send_request(244) = 0
Mär 05 12:44:14 pi400 kernel: RPC: xs_data_ready...
Mär 05 12:44:14 pi400 kernel: RPC: xs_tcp_send_request(244) = 0
Mär 05 12:44:14 pi400 kernel: RPC: xs_data_ready...
Mär 05 12:44:14 pi400 kernel: --> nfs4_proc_create_session clp=00000000651ffdf2 session=00000000ca6dcaff
Mär 05 12:44:14 pi400 kernel: nfs4_init_channel_attrs: Fore Channel : max_rqst_sz=1049620 max_resp_sz=1049480 max_ops=8 max_reqs=64
Mär 05 12:44:14 pi400 kernel: nfs4_init_channel_attrs: Back Channel : max_rqst_sz=4096 max_resp_sz=4096 max_resp_sz_cached=0 max_ops=2 max_reqs=16
Mär 05 12:44:14 pi400 kernel: RPC: xs_tcp_send_request(196) = 0
Mär 05 12:44:14 pi400 kernel: RPC: xs_data_ready...
Mär 05 12:44:14 pi400 kernel: --> nfs4_setup_session_slot_tables
Mär 05 12:44:14 pi400 kernel: --> nfs4_realloc_slot_table: max_reqs=30, tbl->max_slots 0
Mär 05 12:44:14 pi400 kernel: nfs4_realloc_slot_table: tbl=00000000ee80cb51 slots=000000007ba616d7 max_slots=30
Mär 05 12:44:14 pi400 kernel: <-- nfs4_realloc_slot_table: return 0
Mär 05 12:44:14 pi400 kernel: --> nfs4_realloc_slot_table: max_reqs=16, tbl->max_slots 0
Mär 05 12:44:14 pi400 kernel: nfs4_realloc_slot_table: tbl=00000000864b6a6c slots=000000005f4f194c max_slots=16
Mär 05 12:44:14 pi400 kernel: <-- nfs4_realloc_slot_table: return 0
Mär 05 12:44:14 pi400 kernel: slot table setup returned 0
Mär 05 12:44:14 pi400 kernel: nfs4_proc_create_session client>seqid 2 sessionid 1678011050:3914836531:203:0
Mär 05 12:44:14 pi400 kernel: nfs4_schedule_state_renewal: requeueing work. Lease period = 5
Mär 05 12:44:14 pi400 kernel: NFS: nfs4_discover_server_trunking: status = 0
Mär 05 12:44:14 pi400 kernel: --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30
Mär 05 12:44:14 pi400 kernel: <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0
Mär 05 12:44:14 pi400 kernel: encode_sequence: sessionid=1678011050:3914836531:203:0 seqid=1 slotid=0 max_slotid=0 cache_this=0
Mär 05 12:44:14 pi400 kernel: RPC: xs_tcp_send_request(124) = 0
Mär 05 12:44:14 pi400 rpc.gssd[7119]: creating client nfs/clnt5c
Mär 05 12:44:14 pi400 rpc.gssd[7119]: scanning client nfs/clnt5c
Mär 05 12:44:14 pi400 rpc.gssd[7119]: inotify event for clntdir (nfs/clnt5c) - ev->wd (11) ev->name (info) ev->mask (0x00000200)
Mär 05 12:44:14 pi400 kernel: RPC: Couldn't create auth handle (flavor 390004)
Mär 05 12:44:14 pi400 kernel: nfs_init_server_rpcclient: couldn't create rpc_client!
Mär 05 12:44:14 pi400 rpc.gssd[7119]: inotify event for clntdir (nfs/clnt5c) - ev->wd (11) ev->name (<?>) ev->mask (0x00008000)
Mär 05 12:44:14 pi400 rpc.gssd[7119]: destroying client nfs/clnt5c
Mär 05 12:44:14 pi400 rpc.gssd[7119]: freeing client nfs/clnt5c
Mär 05 12:44:14 pi400 rpc.gssd[7119]: inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt5d) ev->mask (0x40000100)
Mär 05 12:44:14 pi400 rpc.gssd[7119]: creating client nfs/clnt5d
Mär 05 12:44:14 pi400 rpc.gssd[7119]: scanning client nfs/clnt5d
Mär 05 12:44:14 pi400 rpc.gssd[7119]: inotify event for clntdir (nfs/clnt5d) - ev->wd (12) ev->name (info) ev->mask (0x00000100)
Mär 05 12:44:14 pi400 rpc.gssd[7119]: scanning client nfs/clnt5d
Mär 05 12:44:14 pi400 rpc.gssd[7119]: inotify event for clntdir (nfs/clnt5d) - ev->wd (12) ev->name (idmap) ev->mask (0x00000100)
Mär 05 12:44:14 pi400 rpc.gssd[7119]: inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt5e) ev->mask (0x40000100)
Mär 05 12:44:14 pi400 rpc.gssd[7119]: creating client nfs/clnt5e
Mär 05 12:44:14 pi400 rpc.gssd[7119]: scanning client nfs/clnt5e
Mär 05 12:44:14 pi400 rpc.gssd[7119]: inotify event for clntdir (nfs/clnt5e) - ev->wd (13) ev->name (info) ev->mask (0x00000200)
Mär 05 12:44:14 pi400 rpc.gssd[7119]: inotify event for clntdir (nfs/clnt5e) - ev->wd (13) ev->name (<?>) ev->mask (0x00008000)
Mär 05 12:44:14 pi400 rpc.gssd[7119]: destroying client nfs/clnt5e
Mär 05 12:44:14 pi400 rpc.gssd[7119]: freeing client nfs/clnt5e
Mär 05 12:44:14 pi400 kernel: NFS4: Couldn't follow remote path
Mär 05 12:44:14 pi400 kernel: <-- nfs4_try_get_tree() = -22 [error]
Mär 05 12:44:14 pi400 sudo[7126]: pam_unix(sudo:session): session closed for user root
Mär 05 12:44:14 pi400 kernel: RPC: xs_data_ready...
Mär 05 12:44:14 pi400 kernel: --> nfs4_alloc_slot used_slots=0001 highest_used=0 max_slots=30
Mär 05 12:44:14 pi400 kernel: <-- nfs4_alloc_slot used_slots=0003 highest_used=1 slotid=1
Mär 05 12:44:14 pi400 kernel: nfs4_free_slot: slotid 1 highest_used_slotid 0
Mär 05 12:44:14 pi400 kernel: nfs41_sequence_process: Error 0 free the slot
Mär 05 12:44:14 pi400 kernel: nfs4_free_slot: slotid 0 highest_used_slotid 4294967295
Mär 05 12:44:14 pi400 kernel: <-- nfs41_proc_reclaim_complete status=0
Mär 05 12:44:14 pi400 kernel: --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=16
Mär 05 12:44:14 pi400 kernel: <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0
Mär 05 12:44:14 pi400 kernel: nfs4_free_slot: slotid 0 highest_used_slotid 4294967295
Mär 05 12:44:14 pi400 kernel: --> nfs4_alloc_slot used_slots=0000 highest_used=4294967295 max_slots=30
Mär 05 12:44:14 pi400 kernel: <-- nfs4_alloc_slot used_slots=0001 highest_used=0 slotid=0
Mär 05 12:44:14 pi400 kernel: nfs4_free_slot: slotid 0 highest_used_slotid 4294967295
Mär 05 12:44:14 pi400 kernel: RPC: xs_tcp_send_request(100) = 0
Mär 05 12:44:14 pi400 kernel: RPC: xs_data_ready...
Mär 05 12:44:14 pi400 kernel: nfs4_destroy_session Destroy backchannel for xprt 0000000038cff69a
Mär 05 12:44:14 pi400 kernel: RPC: destroy backchannel transport
Mär 05 12:44:14 pi400 kernel: RPC: req=00000000499993bf
Mär 05 12:44:14 pi400 kernel: RPC: free allocations for req= 00000000499993bf
Mär 05 12:44:14 pi400 kernel: RPC: backchannel list empty= true
Mär 05 12:44:14 pi400 kernel: RPC: xs_tcp_send_request(92) = 0
Mär 05 12:44:14 pi400 rpc.gssd[7119]: inotify event for clntdir (nfs/clnt5d) - ev->wd (12) ev->name (idmap) ev->mask (0x00000200)
Mär 05 12:44:14 pi400 rpc.gssd[7119]: inotify event for clntdir (nfs/clnt5d) - ev->wd (12) ev->name (info) ev->mask (0x00000200)
Mär 05 12:44:14 pi400 rpc.gssd[7119]: inotify event for clntdir (nfs/clnt5d) - ev->wd (12) ev->name (<?>) ev->mask (0x00008000)
Mär 05 12:44:14 pi400 rpc.gssd[7119]: destroying client nfs/clnt5d
Mär 05 12:44:14 pi400 kernel: RPC: xs_data_ready...
Mär 05 12:44:14 pi400 kernel: NFS: destroy per-net callback data; net=f0000000
Mär 05 12:44:14 pi400 kernel: svc: svc_destroy(NFSv4 callback)
Mär 05 12:44:14 pi400 kernel: nfs_callback_down: service destroyed
Mär 05 12:44:14 pi400 kernel: RPC: destroy backchannel transport
Mär 05 12:44:14 pi400 kernel: RPC: backchannel list empty= true
Mär 05 12:44:14 pi400 kernel: RPC: xs_destroy xprt 0000000038cff69a
Mär 05 12:44:14 pi400 kernel: RPC: xs_close xprt 0000000038cff69a
Mär 05 12:44:14 pi400 kernel: RPC: xs_tcp_state_change client 0000000038cff69a...
Mär 05 12:44:14 pi400 kernel: RPC: state 4 conn 1 dead 0 zapped 1 sk_shutdown 3
Mär 05 12:44:14 pi400 rpc.gssd[7119]: freeing client nfs/clnt5d
Mär 05 12:44:36 pi400 rpc.gssd[7119]: watchdog: sleeping 30 secs我试图修改nfs.conf中的设置,但没有成功。目前的情况如下:
#
# This is a general configuration for the
# NFS daemons and tools
#
[general]
pipefs-directory=/run/rpc_pipefs
#
[exports]
# rootdir=/export
#
[exportfs]
# debug=0
#
[gssd]
verbosity=9
rpc-verbosity=9
# use-memcache=0
use-machine-creds=1
#use-gss-proxy=1
#avoid-dns=1
# limit-to-legacy-enctypes=1
context-timeout=10
rpc-timeout=10
keytab-file=/etc/krb5.keytab
cred-cache-directory=/tmp
preferred-realm= FRITZ.BOX
# set-home=1
upcall-timeout=30
cancel-timed-out-upcalls=0
#
[lockd]
# port=0
# udp-port=0
#
[exportd]
# debug="all|auth|call|general|parse"
# manage-gids=n
# state-directory-path=/var/lib/nfs
# threads=1
# cache-use-ipaddr=n
# ttl=1800
[mountd]
debug="all|auth|call|general|parse"
manage-gids=y
# descriptors=0
# port=0
# threads=1
reverse-lookup=y
# state-directory-path=/var/lib/nfs
# ha-callout=
# cache-use-ipaddr=n
# ttl=1800
#
[nfsdcld]
debug=9
# storagedir=/var/lib/nfs/nfsdcld
#
[nfsdcltrack]
debug=9
# storagedir=/var/lib/nfs/nfsdcltrack
#
[nfsd]
debug=9
# threads=8
# host=
# port=0
# grace-time=90
# lease-time=90
udp=n
tcp=y
vers3=n
vers4=n
vers4.0=n
vers4.1=n
vers4.2=n
# rdma=n
# rdma-port=20049
[statd]
debug=9
# port=0
# outgoing-port=0
# name=
# state-directory-path=/var/lib/nfs/statd
# ha-callout=
# no-notify=0
#
[sm-notify]
debug=9
# force=0
# retry-time=900
# outgoing-port=
# outgoing-addr=
# lift-grace=y
#
[svcgssd]
# principal=/etc/krb5.keytab包含以下内容:
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 nfs/pi400.fritz.box@FRITZ.BOX (aes256-cts-hmac-sha1-96)
2 host/pi400.fritz.box@FRITZ.BOX (aes256-cts-hmac-sha1-96) 在这方面的任何帮助都将受到高度赞赏。非常感谢。
向马丁问好
回答 1
Ask Ubuntu用户
回答已采纳
发布于 2023-03-07 00:21:28
我找到了原因。我检查了内核模块,发现Raspberry PI上缺少一个模块。在我工作的Ubuntu客户端(Intel I3,Ubuntu20.04)上是这样的:
lsmod | grep gss返回
rpcsec_gss_krb5 40960 11
auth_rpcgss 94208 4 rpcsec_gss_krb5
sunrpc 397312 31 nfsv4,auth_rpcgss,lockd,nfsv3,rpcsec_gss_krb5,nfs_acl,nfsrpcsec_gss_krb5在Raspberry PI上失踪了。目前,我正在使用内核版本5.19.0-1011-raspi。rpcsec_gss.krb5.ko在这里失踪了!如果我查看packages.ubuntu.com,看起来包含rpcsec模块的最后一个版本是5.19.0-1004-raspi。不知怎么的,他们将内核模块放入一个额外的包中,显然必须手动安装。我刚刚安装了linux模块--Extern-5.19.0-1011-Raspi,现在可以使用rpcsec_gss.krb5.ko了。我是通过调制解调器加载的。nfs*内核模块也不存在,但结果表明它们将在稍后执行挂载命令时加载。试图挂载NFS服务器共享不会导致
mount.nfs: mount(2): Invalid argument再来一次。现在我得到了
mount.nfs: mount(2): Permission denied不知何故,/etc/krb5.keytab的内容似乎无效。我删除了它,并使用
sudo kinit some-kerberos-admin/admin
sudo kadmin -p some-kerberos-admin/admin
ktadd nfs/pi400.fritz.box现在起作用了。为了在启动时自动加载内核模块,我在/etc/模块中添加了rpcsec_gss_krb5,这个模块现在运行得很好。最后,将挂载命令添加到/etc/fstab中,我就完成了。
再多说几句我是如何调侃这个问题的。在gssd部分/etc/nfs.conf中添加/取消注释以下条目:
[gssd]
verbosity=9
rpc-verbosity=9(顺便说一下:我再次注释掉了nfs.conf中的几乎所有条目,因为它是由包维护人员提供的)。完成此操作后,rpc.gssd将在syslog中添加大量输出。此外,以下命令帮助了我,因为它们启用了来自内核的日志输出:
rpcdebug -m rpc -s all # sets all debug flags for RPC
rpcdebug -m nfs -s all # sets all debug flags for RPC为了检查日志输出,我打开了一个新的控制台窗口,并使用
journalctl -f还请参阅来自ARCH团队的这个网页,它非常有用:NFS/故障排除。
我在launchpad上提交了一份错误报告:Kerberized坐骑不工作于树莓PI
也许这些信息对其他人也有用..。
问好马丁
页面原文内容由Ask Ubuntu提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://askubuntu.com/questions/1457852
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号