fractal-admin

Forum Replies Created

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • in reply to: NX Linux-SSSD-AD Issues with NFS4-Kerberos Home Dir #41790
    fractal-admin
    Participant

    Hi Cato,

    Finally, I see some light here… 🙂 and hope I am not shooting my guns soon but in my quick tests today, we do see this is working as expected with the export “no_root_squash” and the “node.cfg” as well as “server.cfg” modifications, I will add later to this thread. Also, in this case, the Linux client machines are integrated with SSSD-AD Direct integration!

    Thanks again,

    in reply to: NX Linux-SSSD-AD Issues with NFS4-Kerberos Home Dir #41532
    fractal-admin
    Participant

    Hi Cato,

    hmm! yeah you can say that since I am close but not close enough 🙂 since for our proprietary storage, the export with “no_root_squash” seems not so straight-forward but hoping to get it implemented and tested soon. I shall keep this thread updated as to what the behavior will be with “no_root_squash” home-mounts.

    Thanks,

     

    in reply to: NX Linux-SSSD-AD Issues with NFS4-Kerberos Home Dir #41116
    fractal-admin
    Participant

    Thanks, @Cato for your response. Wouldn’t the “no_root_squash” be an export option?

    Although I tried mounting with, “no_root_squash” option from the client side that resulted into this error/log:

     

    Oct 31 16:27:08 fprdsk022 mount[1705]: mount.nfs4: an incorrect mount option was specified
    Oct 31 16:27:08 fprdsk022 kernel: nfs4: Unknown parameter ‘no_root_squash’
    Oct 31 16:27:08 fprdsk022 systemd[1]: fs-althome-uat.mount: Mount process exited, code=exited status=32
    Oct 31 16:27:08 fprdsk022 systemd[1]: fs-althome-uat.mount: Failed with result ‘exit-code’.
    Oct 31 16:27:08 fprdsk022 systemd[1]: Failed to mount /fs/althome/uat.

     

    Any thoughts?

     

    Thanks,

     

    in reply to: NX Linux-SSSD-AD Issues with NFS4-Kerberos Home Dir #40562
    fractal-admin
    Participant

    Thanks again Cato, so what’s happening is, despite these settings “EnableNXKerberosAuthentication 1″ and “NXKerberosUsePAM 1″ the AD-user login to the Linux system keeps failing with the “permission denied” to the respective users’ mounted (NFS v4, sec=krb5) home directory.

    And this starts occurring only after a given user connects/login over NX once.

    UsersDirectoryPath “/temp/nxdir” is set and below log snippets from

    cat /temp/nxdir/bsukhadia/.nx/nxerror.log

    18895 18895 17:27:18 427 main: ERROR! Could not renew kerberos ticket.
    18863 18863 2022-09-28 17:27:18 428.042 NodeRenewKerberosTicket: ERROR! Unlog failed with status 65280.
    18863 18863 2022-09-28 17:27:18 428.141 NodeRenewKerberosTicket: ERROR! Unlog failed with code 255.
    unable to open tmp file “/fs/althome/uat/bsukhadia/.Xauthority-n”
    unable to write authority file /fs/althome/uat/bsukhadia/.Xauthority-n
    unable to open tmp file “/fs/althome/uat/bsukhadia/.Xauthority-n”
    unable to write authority file /fs/althome/uat/bsukhadia/.Xauthority-n
    unable to open tmp file “/fs/althome/uat/bsukhadia/.Xauthority-n”
    unable to write authority file /fs/althome/uat/bsukhadia/.Xauthority-n
    18863 18863 2022-09-28 18:18:20 082.401 Io/Io: WARNING! Descriptor FD#30 type socket still open at exit.
    29725 29725 09:09:13 574 main: ERROR! Could not renew kerberos ticket.
    29705 29705 2022-09-29 09:09:13 575.205 NodeRenewKerberosTicket: ERROR! Unlog failed with status 65280.
    29705 29705 2022-09-29 09:09:13 575.311 NodeRenewKerberosTicket: ERROR! Unlog failed with code 255.
    unable to open tmp file “/fs/althome/uat/bsukhadia/.Xauthority-n”
    unable to write authority file /fs/althome/uat/bsukhadia/.Xauthority-n
    unable to open tmp file “/fs/althome/uat/bsukhadia/.Xauthority-n”
    unable to write authority file /fs/althome/uat/bsukhadia/.Xauthority-n
    unable to open tmp file “/fs/althome/uat/bsukhadia/.Xauthority-n”
    unable to write authority file /fs/althome/uat/bsukhadia/.Xauthority-n
    29705 29705 2022-09-29 09:09:49 215.827 Io/Io: WARNING! Descriptor FD#30 type socket still open at exit.

    Surely, these are a little older logs but since this time when I attempt to login over the SSH the access to the mounted home directory (NFSv4, sec=krb5) is giving a “permissions denied” error.

    Additionally, the sssd.conf has,

    ad_gpo_map_permit = +nx

    Please suggest if anything else to be looked into to fix this behavior. And not sure why would the Kerberos ticket renewals are failing only after NX connection!

    Thanks,

    in reply to: NX Linux-SSSD-AD Issues with NFS4-Kerberos Home Dir #40516
    fractal-admin
    Participant

    Thanks Cato,

    With that said, would the below settings to “/usr/NX/etc/server.cfg” be sufficient?

    EnableNXKerberosAuthentication 1
    NXKerberosUsePAM 1

    Or something more is necessary?

     

    Thanks,

     

     

    in reply to: NX Linux-SSSD-AD Issues with NFS4-Kerberos Home Dir #40232
    fractal-admin
    Participant

    More debugging leads to this being prevented for some reason and we are not sure what is causing this! Any thoughts on debugging this further OR how can we fix/workaround it?

    6057 6057 2022-09-21 03:39:33 882.951 NXSERVER ERROR! Received error message from node ‘:’, ‘Cannot write to .Xauthority file in /fs/althome/contoso on the local host. Please verify permission attributes for that file.’.

     

Viewing 6 posts - 1 through 6 (of 6 total)