On Sat, Nov 14, 2015 at 7:05 PM, Simo Sorce <simo(a)redhat.com> wrote:
On 13/11/15 18:31, James Ralston wrote:
> Hello all,
>
> I cannot get Kerberos security working on an NFSv4 server I'm
> setting up on RHEL7, using sssd with Microsoft Active Directory.
It is possible you are hitting this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1213852
My Bugzilla account isn't authorized to access that bug. Is there a
public summary of it?
We are improving debugging options for future versions.
Good to know.
With debugging output, patience, and (if necessary) a tcpdump capture,
I can usually figure out most issues. But since the tcpdump output
isn't helpful (the server doesn't return an error; it just closes the
TCP connection), debugging output is all I have to go on.
One trick you can use is to start gssproxy with the KRB5_TRACE
environment variable set. The value is a file path (for example
/tmp/gssproxy_trace, to see if there are krb5 errors underneath the
gssapi interface).
Thanks; I wasn't aware of KRB5_TRACE. I'll give that a try on Monday.
James