Univention Bugzilla – Bug 46587
Failed rpc-svcgssd.service
Last modified: 2018-05-09 14:21:13 CEST
The package "nfs-kernel-server" is installed by default on all systems. Since Debian-Stretch it uses systemd to start all services. "rpc-svcgssd.service" is listed as "loaded failed" because "/etc/krb5.keytab" does not contain the "nfs/$FQDN@$REALM" principal. "/lib/systemd/system/rpc-svcgssd.service" only checks for the existence of "/etc/krb5.keytab" to decide is the service should be started: # systemctl cat rpc-svcgssd.service # /lib/systemd/system/rpc-svcgssd.service [Unit] ConditionPathExists=/etc/krb5.keytab # systemctl status rpc-svcgssd.service ● rpc-svcgssd.service - RPC security service for NFS server Loaded: loaded (/lib/systemd/system/rpc-svcgssd.service; static; vendor preset: enabled) Active: failed (Result: exit-code) since Mon 2018-03-12 08:35:59 CET; 25min ago Process: 572 ExecStart=/usr/sbin/rpc.svcgssd $SVCGSSDARGS (code=exited, status=1/FAILURE) CPU: 3ms Mär 12 08:35:59 ucs43 systemd[1]: Starting RPC security service for NFS server... Mär 12 08:35:59 ucs43 rpc.svcgssd[576]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No key table entry found matching nfs/@ There is this old forum thread <https://help.univention.com/t/nfs4-export/3127> where a user asked how to setup NFS with Kerberos. * I was able to successfully setup an environment with Debian-MIT-Kerberos * I was able to successfully setup an environment with UCS-Heimdal-Kerberos * UCS-Samab4 I did *not* get working. Please be aware of Debian-Bug <https://bugs.debian.org/892654> in parsing /etc/default/nfs-kernel-server. Please be aware of the missing UCR template update <https://git.knut.univention.de/univention/ucs/commit/84337bc43449b804ab914cce13ad4d2e501bc16f>
Already notices in <https://help.univention.com/t/failed-rpc-security-service-for-nfs-server-after-4-3-upgrade/8196/3>.
*** Bug 46690 has been marked as a duplicate of this bug. ***
[4.3-0] 085e86b058 Bug #46587 NFS: Forcefully disable rpc-svcgssd.service for now Package: univention-nfs Version: 10.0.0-2A~4.3.0.201803231239 Branch: ucs_4.3-0 Scope: errata4.3-0 [4.3-0] ce637a20fc Bug #46587 NFS: Forcefully disable rpc-svcgssd.service for now YAML doc/errata/staging/univention-nfs.yaml | 10 ++++++++++
--- mirror/ftp/4.3/unmaintained/4.3-0/source/univention-nfs_10.0.0-1A~4.3.0.201712120028.dsc +++ apt/ucs_4.3-0-errata4.3-0/source/univention-nfs_10.0.0-2A~4.3.0.201803231239.dsc @@ -1,6 +1,10 @@ -10.0.0-1A~4.3.0.201712120028 [Tue, 12 Dec 2017 00:28:54 +0100] Univention builddaemon <buildd@univention.de>: +10.0.0-2A~4.3.0.201803231239 [Fri, 23 Mar 2018 12:39:50 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. No patches were applied to the original source package + +10.0.0-2 [Thu, 22 Mar 2018 07:41:45 +0100] Philipp Hahn <hahn@univention.de>: + + * Bug #46587: Forcefully disable rpc-svcgssd.service for now 10.0.0-1 [Mon, 11 Dec 2017 14:40:37 +0100] Jürn Brodersen <brodersen@univention.de>:
[4.3-0] f2353c5bc0 Bug #46587 NFS: Forcefully disable rpc-svcgssd.service for now services/univention-nfs/debian/changelog | 6 ++++++ services/univention-nfs/debian/univention-nfs-server.postinst | 5 +---- [4.3-0] 8fa257d2d8 Bug #46587 NFS: Forcefully disable rpc-svcgssd.service for now YAML doc/errata/staging/univention-nfs.yaml | 2 +-
OK Works with and without samba. [4.3-0 ce050e3b2c] Bug #46587: YAML fix typo -> Verified
<http://errata.software-univention.de/ucs/4.3/31.html>