Bug 745412

Summary:	rpc.gssd and rpc.idmapd are not started for secure krb5 nfs4 mounts
Product:	[openSUSE] openSUSE 12.1	Reporter:	Forgotten User Ku1lZ_yaEZ <forgotten_Ku1lZ_yaEZ>
Component:	Network	Assignee:	Will Stephenson <wstephenson>
Status:	RESOLVED WONTFIX	QA Contact:	E-mail List <qa-bugs>
Severity:	Normal
Priority:	P5 - None	CC:	forgotten_fbKqKvv6Lf
Version:	Final
Target Milestone:	---
Hardware:	i586
OS:	openSUSE 12.1
Whiteboard:
Found By:	---	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Forgotten User Ku1lZ_yaEZ 2012-02-06 19:24:42 UTC

User-Agent:       Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2

unless rpc.gssd is running, kerberized nfs4 shares cannot be mounted. This is not running by default upon calling mount. rpc.idmapd has to be started manually on the client too when mounting manually (maybe this is expected but I think mount ought to do that for us when it sees nfs4)

Reproducible: Always

Steps to Reproduce:
1.mount -t nfs4 ... ... -o sec=krb5
2.permission denied
3.rpc.gssd -fvvv
4. repeat mount command
5. Now mounts OK
Actual Results:  
permission denied

(rpc.svcgssd -fvvv gives no poll output)

Expected Results:  
The nfs4 share is mounted

insserv rpcbind
insserv: script jexec is broken: incomplete LSB comment.
insserv: missing `Required-Stop:'  entry: please add even if empty.

cat /etc/exports
/export	gss/krb5(rw,fsid=0,crossmnt,no_subtree_check,insecure)
/export/home	gss/krb5(rw,insecure,no_subtree_check)

rcnfsserver start
 ps aux | grep rpc
root      1037  0.0  0.1   2356   784 ?        Ss   14:41   0:00 /sbin/rpcbind
root      2309  0.0  0.0      0     0 ?        S<   14:45   0:00 [rpciod]
root      2419  0.0  0.2   3684  1212 ?        Ss   14:48   0:00 /usr/sbin/rpc.svcgssd
root      2424  0.0  0.0   2416   348 ?        Ss   14:48   0:00 /usr/sbin/rpc.idmapd
root      2428  0.0  0.1   2976   748 ?        Ss   14:48   0:00 /usr/sbin/rpc.mountd --no-nfs-version 2 --no-nfs-version 3 

There is no output from a rpc.svcgssd -fvvv poll during a mount.

Workaround: start rpc.gssd and rpc.idmapd manually before mounting.

Comment 1 Forgotten User Ku1lZ_yaEZ 2012-02-10 07:41:05 UTC

rpc.svcgssd seems to be obsolete:
http://wiki.linux-nfs.org/wiki/index.php/Nfsv4_configuration

Comment 2 Forgotten User fbKqKvv6Lf 2013-12-09 14:19:53 UTC

I can only confirm this for openSUSE 12.3 at the moment but isn't this solved by adding
NFS_START_SERVICES="yes"
to the file
/etc/sysconfig/nfs
and then running 
chkconfig nfs on
as root at least once to enable the service?

Here's what I read in /etc/sysconfig/nfs on my system

## Path:                Network/File systems/NFS server
## Description:         Always start NFS services
## Type:                yesno
## Default:             yes
## ServiceRestart       nfs
#
# Always start NFS services (gssd, idmapd), not only if
# there are nfs mounts in /etc/fstab.  This is likely to be
# needed if you use an automounter for NFS.
# Note that the nfs service is no longer enabled by default
# and the command "chkconfig nfs on" is needed to fully enable
# NFS.
#
NFS_START_SERVICES="yes"

Comment 3 Will Stephenson 2015-09-11 10:18:17 UTC

Mass closing extant bug reports for old openSUSE versions.