From owner-freebsd-fs@FreeBSD.ORG Fri Sep 28 15:53:48 2012 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2924B1065673 for ; Fri, 28 Sep 2012 15:53:48 +0000 (UTC) (envelope-from ulysse31@gmail.com) Received: from mail-oa0-f54.google.com (mail-oa0-f54.google.com [209.85.219.54]) by mx1.freebsd.org (Postfix) with ESMTP id E0E608FC08 for ; Fri, 28 Sep 2012 15:53:47 +0000 (UTC) Received: by oagn9 with SMTP id n9so2214683oag.13 for ; Fri, 28 Sep 2012 08:53:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=emc/ok2b8s4o1oztOObOkpyy6uX2mm74NpAX5/fgUD4=; b=eyJIfZvDHEXfCiFjjAyiq2oDe3warDZjRgxCgIksalzrdcaSAt0l9wXpEkgrTFozil wAynrh32uuByg4IMb9gU+l7Xpc2AZv3KlhlaxKABPEUj8lkR7ZiiK3NVDHKeXUMyHYpv DkCjS0gPUfJIVDOZxwAHjetFpYaLkwKOF3S+bH7YBTgBU0yjobO9FUwlWhrOwQ1vus1x iXN/FChkC/xrJX6wBfMSiwuNN5mu1MxahURW5vqOI92eFOyS1YF1C8vN+duZWjEsmFJw G/9GaXyaoRfpvNCWyh1GrUJWTCPdo6qRdXrUjX0lI4bPJlca4NF9d/xaruAaP6EpgRJ0 pCQg== MIME-Version: 1.0 Received: by 10.182.157.45 with SMTP id wj13mr6211960obb.58.1348847627118; Fri, 28 Sep 2012 08:53:47 -0700 (PDT) Received: by 10.182.80.200 with HTTP; Fri, 28 Sep 2012 08:53:46 -0700 (PDT) Date: Fri, 28 Sep 2012 17:53:46 +0200 Message-ID: From: Ulysse 31 To: freebsd-fs@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: nfsv4 kerberized and gssname=root and allgsname X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Sep 2012 15:53:48 -0000 Hi all, I am actually working on a freebsd 9 backup server. this server would backup the production server via kerberized nfs4 (since the old backup server, a linux one, was doing so). we used on the old backup server a root/ kerberos identity, which allows the backup server to access all the data. I have followed the documentation found at : http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup done : - added to kernel : options KGSSAPI device crypto - added to rc.conf : nfs_client_enable="YES" rpc_lockd_enable="YES" rpc_statd_enable="YES" rpcbind_enable="YES" devfs_enable="YES" gssd_enable="YES" - have done sysctl vfs.rpcsec.keytab_enctype=1 and added it to /etc/sysctl.conf We used MIT kerberos implementation, since it is the one used on all our servers (mostly linux), and we have created and /etc/krb5.keytab containing the following keys : host/ nfs/ root/ and, of course, i have used the available patch at : http://people.freebsd.org/~rmacklem/rpcsec_gss-9.patch When i try to mount with the (B) method (the one of the google wiki), it works as expected, i mean, with a correct user credential, i can access to the user data. But, when i try to access via the (C) method (the one that i need in order to do a full backup of the production storage server) i get a systematic kernel panic when launch the mount command. The mount command looks to something like : mount -t nfs -o nfsv4,sec=krb5i,gssname=root,allgssname : I have activated the kernel debugging stuff to get some infos, here is the message : Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x368 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff80866ab7 stack pointer = 0x28:0xffffff804aa39ce0 frame pointer = 0x28:0xffffff804aa39d30 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 701 (mount_nfs) trap number = 12 panic: page fault cpuid = 0 KDB: stack backtrace: #0 0xffffffff808ae486 at kdb_backtrace+0x66 #1 0xffffffff8087885e at panic+0x1ce #2 0xffffffff80b82380 at trap_fatal+0x290 #3 0xffffffff80b826b8 at trap_pfault+0x1e8 #4 0xffffffff80b82cbe at trap+0x3be #5 0xffffffff80b6c57f at calltrap+0x8 #6 0xffffffff80a78eda at rpc_gss_init+0x72a #7 0xffffffff80a79cd6 at rpc_gss_refresh_auth+0x46 #8 0xffffffff807a5a53 at newnfs_request+0x163 #9 0xffffffff807bf0f7 at nfsrpc_getattrnovp+0xd7 #10 0xffffffff807d9b29 at mountnfs+0x4e9 #11 0xffffffff807db60a at nfs_mount+0x13ba #12 0xffffffff809068fb at vfs_donmount+0x100b #13 0xffffffff80907086 at sys_nmount+0x66 #14 0xffffffff80b81c60 at amd64_syscall+0x540 #15 0xffffffff80b6c867 at Xfast_syscall+0xf7 Uptime: 2m31s Dumping 97 out of 1002 MB:..17%..33%..50%..66%..83%..99% ------------------------------------------------------------------------ Does anyone as experience something similar ? is their a way to correct that ? Thanks for the help. -- Ulysse31