You are not logged in.

Pages: 1

#1 2014-08-08 19:41:07

gsingh93
Member
Registered: 2013-07-19
Posts: 96

Kerberos errors in journalctl when mounting NFS share

I just set up an NFS share between two computers. When a client mounts the NFS share, I get the following kerberos errors on the client in journalctl.

Aug 08 15:24:55 home rpc.gssd[1379]: ERROR: No credentials found for connection to server arch
Aug 08 15:24:55 home rpc.gssd[1379]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host arch
Aug 08 15:24:55 home rpc.gssd[1379]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1379]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1379]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1379]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1379]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1379]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1378]: ERROR: No credentials found for connection to server arch
Aug 08 15:24:55 home rpc.gssd[1378]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host arch
Aug 08 15:24:55 home rpc.gssd[1378]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1378]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1378]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1378]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1378]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1378]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1377]: ERROR: No credentials found for connection to server arch
Aug 08 15:24:55 home rpc.gssd[1377]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host arch
Aug 08 15:24:55 home rpc.gssd[1377]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1377]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1377]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1377]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1377]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 08 15:24:55 home rpc.gssd[1377]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'

I don't need nor want to use kerberos for authentication. How can I get these errors to go away?

Last edited by gsingh93 (2014-08-08 19:42:14)

Offline

#2 2014-08-13 12:52:26

Painless
Member
Registered: 2006-02-06
Posts: 234

Re: Kerberos errors in journalctl when mounting NFS share

What is the output when you run:

systemctl status rpc-gssd.service

and also:

systemctl status rpc-svcgssd.service

?

Last edited by Painless (2014-08-13 12:55:01)

Offline

#3 2014-08-14 21:16:40

gsingh93
Member
Registered: 2013-07-19
Posts: 96

Re: Kerberos errors in journalctl when mounting NFS share

rpc-svcgssd.service - RPC GSS-API Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/rpc-svcgssd.service; disabled)
   Active: inactive (dead)
     Docs: man:rpc.svcgssd(8)
rpc-gssd.service - RPC GSS-API Client Daemon
   Loaded: loaded (/usr/lib/systemd/system/rpc-gssd.service; disabled)
   Active: active (running) since Thu 2014-08-14 16:55:15 EDT; 17min ago
     Docs: man:rpc.gssd(8)
  Process: 253 ExecStart=/usr/bin/rpc.gssd $GSSD_OPTS (code=exited, status=0/SUCCESS)
 Main PID: 257 (rpc.gssd)
   CGroup: /system.slice/rpc-gssd.service
           └─257 /usr/bin/rpc.gssd

Aug 14 16:55:14 home systemd[1]: Starting RPC GSS-API Client Daemon...
Aug 14 16:55:15 home systemd[1]: Started RPC GSS-API Client Daemon.
Aug 14 17:07:54 home rpc.gssd[637]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 14 17:07:54 home rpc.gssd[638]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
Aug 14 17:07:54 home rpc.gssd[638]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'

Offline

#4 2014-08-15 10:40:06

Painless
Member
Registered: 2006-02-06
Posts: 234

Re: Kerberos errors in journalctl when mounting NFS share

Strange that rpc.gssd is running.

Please run

systemctl list-dependencies --reverse rpc-gssd.service

If the only output marked with a green box is nfs-server.service, then it should be safe to disable/stop rpc-gssd.service.  Also (again, if the only output marked with a green box is nfs-server.service) make sure that /etc/krb5.keytab does not exist.  If it does, rename it, since one of the start conditions for rpc-gssd.service is the existence of this file.

If there is some other service (other than nfs-server.service) which requires rpc-gssd.service, then I'm not sure what you can do.

Hope this helps.

Offline

#5 2014-08-15 13:51:07

gsingh93
Member
Registered: 2013-07-19
Posts: 96

Re: Kerberos errors in journalctl when mounting NFS share

/etc/krb5.keytab doesn't exist, and this is the output of listing the dependencies (where the top two dots were red in the terminal output and the bottom three were green):

rpc-gssd.service
● ├─nfs-server.service
● ├─nfs-utils.service
● └─nfs-client.target
●   └─multi-user.target
●     └─graphical.target

So only nfs-client.target and it's children need it. Is it still safe to disable?

Offline

#6 2014-08-15 19:53:46

Painless
Member
Registered: 2006-02-06
Posts: 234

Re: Kerberos errors in journalctl when mounting NFS share

Sorry, for some reason I've been assuming that those rpc-gssd messages were on the server, hence me going on about nfs.server.  Got to rtfq.  neutral

I have four NFS clients at home and none of them have rpc-gssd.service running.

Before you disable rpc-gssd.service on the client, I'd recommend that you check your server to make sure that rpc-svcgssd.service and rpc-gssd.service are not running as something seems to have triggered rpc-gssd.service on the client.

Offline

Pages: 1

Board footer

Powered by FluxBB