Ubuntu
linux package

3.2.0-24-virtual rejects sec=krb5p NFS mount option

Bug #992678 reported by Sergio Gelato
This bug report is a duplicate of:  Bug #769527: Missing rpcsec_gss_krb5 module. Edit Remove
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

# uname -a
Linux client 3.2.0-24-virtual #37-Ubuntu SMP Wed Apr 25 12:51:49 UTC 2012 i686 i686 i386 GNU/Linux
# mount -v -t nfs -o sec=krb5p server:/srv/nfs/k /mnt
mount.nfs: timeout set for Tue May 1 17:46:30 2012
mount.nfs: trying text-based options 'sec=krb5p,vers=4,addr=192.168.0.10,clientaddr=192.168.0.20'
mount.nfs: mount(2): Invalid argument
mount.nfs: an incorrect mount option was specified

If I boot the same VM using 3.2.0-24-generic-pae (no other changes), the mount succeeds.

sec=sys NFS mounts work just fine with either kernel.

After each failed mount attempt, dmesg says:
gss_create: Pseudoflavor 390005 not found!
RPC: Couldn't create auth handle (flavor 390005)

Additional info:
# cat /proc/version_signature
Ubuntu 3.2.0-24.37-virtual 3.2.14

lspci -vnvn produces no output. This is running as a guest on a Debian squeeze Xen 4.0.1 host.

The auth_rpcgss module is loaded:
# lsmod
Module Size Used by
autofs4 27969 31
xt_tcpudp 12531 14
nf_conntrack_ipv4 19084 5
nf_defrag_ipv4 12649 1 nf_conntrack_ipv4
xt_state 12514 5
nf_conntrack 73847 2 nf_conntrack_ipv4,xt_state
iptable_filter 12706 1
ip_tables 18106 1 iptable_filter
x_tables 21974 4 xt_tcpudp,xt_state,iptable_filter,ip_tables
nfsd 229850 2
nfs 307289 0
lockd 78804 2 nfsd,nfs
fscache 50642 1 nfs
auth_rpcgss 39597 2 nfsd,nfs
nfs_acl 12771 2 nfsd,nfs
sunrpc 205647 6 nfsd,nfs,lockd,auth_rpcgss,nfs_acl
ext2 67987 1
lp 17455 0
parport 40930 1 lp

Comparing the kernel config files in /boot shows only these differences:

-CONFIG_VERSION_SIGNATURE="Ubuntu 3.2.0-24.37-generic-pae 3.2.14"
+CONFIG_VERSION_SIGNATURE="Ubuntu 3.2.0-24.37-virtual 3.2.14"
-CONFIG_PHYSICAL_START=0x1000000
+CONFIG_PHYSICAL_START=0x100000
-CONFIG_PHYSICAL_ALIGN=0x1000000
+CONFIG_PHYSICAL_ALIGN=0x100000
-CONFIG_INTEL_IDLE=y
+# CONFIG_INTEL_IDLE is not set

dmesg says:
gss_create: Pseudoflavor 390005 not found!
RPC: Couldn't create auth handle (flavor 390005)

Tags: precise
Revision history for this message
Brad Figg (brad-figg) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 992678

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: precise
Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Sergio Gelato (sergio-gelato) wrote :

The VM in question is not connected to the public internet; apport-collect can't communicate with launchpad.net. I remain available to answer specific questions and conduct further tests.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Julian Wiedmann (jwiedmann) wrote :

You're probably missing the rpcsec_gss_krb5 module. Try installing the linux-image-extra-virtual package.

Revision history for this message
Sergio Gelato (sergio-gelato) wrote : Re: [Bug 992678] Re: 3.2.0-24-virtual rejects sec=krb5p NFS mount option

* Julian Wiedmann [2012-05-10 22:29:19 -0000]:
> You're probably missing the rpcsec_gss_krb5 module. Try installing the
> linux-image-extra-virtual package.

Indeed that does the trick.

Now a couple of questions:

1) On what basis was rpcsec_gss_krb5 relegated to linux-image-extra-virtual
while auth_rpcgss is in linux-image-virtual? This makes no sense to me.
Most of linux-image-extra-virtual seems to be drivers that are unlikely to
be of interest on virtual hardware because hypervisors don't usually expose
those devices to the guest OS. rpcsec_gss_krb5, however, does not fit into
this category; I'd say it's just as likely to be needed in a virtual host
as in a physical one. And what's the point of shipping auth_rpcgss without
any actual GSS mechanisms?

2) Why is the description for package linux-image-extra-3.2.0-24-virtual
identical to that for package linux-image-3.2.0-24-virtual? It suggests
installing linux-virtual instead, but doing so will *not* pull in
limux-image-extra-virtual.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.