From owner-freebsd-stable@FreeBSD.ORG Fri Jun 29 18:17:12 2012 Return-Path: Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5D00B106564A for ; Fri, 29 Jun 2012 18:17:12 +0000 (UTC) (envelope-from attila.bogar@linguamatics.com) Received: from mail.linguamatics.com (mail.linguamatics.com [188.39.80.203]) by mx1.freebsd.org (Postfix) with ESMTP id 192218FC14 for ; Fri, 29 Jun 2012 18:17:12 +0000 (UTC) Received: from [10.252.10.232] (random.linguamatics.com [10.252.10.232]) by mail.linguamatics.com (Postfix) with ESMTPSA id F2A14EFB44C for ; Fri, 29 Jun 2012 19:11:53 +0100 (BST) Message-ID: <4FEDEFEA.4020105@linguamatics.com> Date: Fri, 29 Jun 2012 19:11:54 +0100 From: =?ISO-8859-1?Q?Attila_Bog=E1r?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-Version: 1.0 To: freebsd-stable@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: NFSv3 + krb5 mysteries - need help tracking down X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jun 2012 18:17:12 -0000 Hi, I have a FreeBSD 9-STABLE acting as a kerberized NFSv3 server. server# ktutil list FILE:/etc/krb5.keytab: Vno Type Principal 5 aes256-cts-hmac-sha1-96 nfs/server.linguamatics.com@LINGUAMATICS.COM 5 des3-cbc-sha1 nfs/server.linguamatics.com@LINGUAMATICS.COM 5 arcfour-hmac-md5 nfs/server.linguamatics.com@LINGUAMATICS.COM ntp in sync everywhere The network is a lagg device composed of two bce interfaces (an add-in card). -- 8< [nfstest.sh] -- #!/bin/bash i=0 fail=0 while [ $i -lt 100 ] do i=$[i+1] echo "RUN: $i" umount -f /mnt sleep 1 mount -v -o sec=krb5i,vers=3,proto=tcp server:/export/share /mnt || fail =$[fail+1] done echo "$fail times failed" -- 8< -- centos62# ./nfstest.sh 54 times failed ubuntu1204# ./nfstest.sh 98 times failed ubuntu1104# ./nfstest.sh 0 times failed centos58# ./nfstest.sh 0 times failed I started rpc.gssd -vvvvv on all linux clients. The clients which did not fail are using gssapi v1 with DES. Jun 29 18:17:41 centos58 rpc.gssd[1452]: prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 Jun 29 18:04:36 ubuntu1104 rpc.gssd[911]: prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 The failing clients are using the newer gssapi v2 with AES256. Jun 29 17:59:37 ubuntu1204 rpc.gssd[756]: prepare_krb5_rfc4121_buffer: serializing key with enctype 18 and size 32 Jun 29 17:55:48 centos62 rpc.gssd[1183]: prepare_krb5_rfc4121_buffer: serializing key with enctype 18 and size 32 Note the different RFC being used. This is just a suspicion, this may not be realted to the problem. The cipher being used is different too. Then I changed my script to proto=udp. from ubuntu1104 fails 0 times. from centos62 fails 0 times. On centos58 and ubuntu1204 mount locks up all the time. Then I added to krb5.conf [libdefaults] default_tgs_enctypes = dec-cbc-crc and rebooted both centos58 and ubuntu1204. After rebooting centos56 and ubuntu1204: nfstest fails 0 times on centos58 with udp I get very long response times for ubuntu1204 mounts and always a permission denied. This is a mystery. I have not tested NFSv4 yet. I need some help to track down this problem. Attila PS: This may be the same problem as this thread: http://lists.freebsd.org/pipermail/freebsd-stable/2012-June/068619.html