Forum Replies Created
-
AuthorPosts
-
fractal-adminParticipant
Hi Cato,
Finally, I see some light here… 🙂 and hope I am not shooting my guns soon but in my quick tests today, we do see this is working as expected with the export “no_root_squash” and the “node.cfg” as well as “server.cfg” modifications, I will add later to this thread. Also, in this case, the Linux client machines are integrated with SSSD-AD Direct integration!
Thanks again,
fractal-adminParticipantHi Cato,
hmm! yeah you can say that since I am close but not close enough 🙂 since for our proprietary storage, the export with “no_root_squash” seems not so straight-forward but hoping to get it implemented and tested soon. I shall keep this thread updated as to what the behavior will be with “no_root_squash” home-mounts.
Thanks,
fractal-adminParticipantThanks, @Cato for your response. Wouldn’t the “no_root_squash” be an export option?
Although I tried mounting with, “no_root_squash” option from the client side that resulted into this error/log:
Oct 31 16:27:08 fprdsk022 mount[1705]: mount.nfs4: an incorrect mount option was specified
Oct 31 16:27:08 fprdsk022 kernel: nfs4: Unknown parameter ‘no_root_squash’
Oct 31 16:27:08 fprdsk022 systemd[1]: fs-althome-uat.mount: Mount process exited, code=exited status=32
Oct 31 16:27:08 fprdsk022 systemd[1]: fs-althome-uat.mount: Failed with result ‘exit-code’.
Oct 31 16:27:08 fprdsk022 systemd[1]: Failed to mount /fs/althome/uat.Any thoughts?
Thanks,
fractal-adminParticipantThanks again Cato, so what’s happening is, despite these settings “EnableNXKerberosAuthentication 1″ and “NXKerberosUsePAM 1″ the AD-user login to the Linux system keeps failing with the “permission denied” to the respective users’ mounted (NFS v4, sec=krb5) home directory.
And this starts occurring only after a given user connects/login over NX once.
UsersDirectoryPath “/temp/nxdir” is set and below log snippets from
cat /temp/nxdir/bsukhadia/.nx/nxerror.log
18895 18895 17:27:18 427 main: ERROR! Could not renew kerberos ticket.
18863 18863 2022-09-28 17:27:18 428.042 NodeRenewKerberosTicket: ERROR! Unlog failed with status 65280.
18863 18863 2022-09-28 17:27:18 428.141 NodeRenewKerberosTicket: ERROR! Unlog failed with code 255.
unable to open tmp file “/fs/althome/uat/bsukhadia/.Xauthority-n”
unable to write authority file /fs/althome/uat/bsukhadia/.Xauthority-n
unable to open tmp file “/fs/althome/uat/bsukhadia/.Xauthority-n”
unable to write authority file /fs/althome/uat/bsukhadia/.Xauthority-n
unable to open tmp file “/fs/althome/uat/bsukhadia/.Xauthority-n”
unable to write authority file /fs/althome/uat/bsukhadia/.Xauthority-n
18863 18863 2022-09-28 18:18:20 082.401 Io/Io: WARNING! Descriptor FD#30 type socket still open at exit.
29725 29725 09:09:13 574 main: ERROR! Could not renew kerberos ticket.
29705 29705 2022-09-29 09:09:13 575.205 NodeRenewKerberosTicket: ERROR! Unlog failed with status 65280.
29705 29705 2022-09-29 09:09:13 575.311 NodeRenewKerberosTicket: ERROR! Unlog failed with code 255.
unable to open tmp file “/fs/althome/uat/bsukhadia/.Xauthority-n”
unable to write authority file /fs/althome/uat/bsukhadia/.Xauthority-n
unable to open tmp file “/fs/althome/uat/bsukhadia/.Xauthority-n”
unable to write authority file /fs/althome/uat/bsukhadia/.Xauthority-n
unable to open tmp file “/fs/althome/uat/bsukhadia/.Xauthority-n”
unable to write authority file /fs/althome/uat/bsukhadia/.Xauthority-n
29705 29705 2022-09-29 09:09:49 215.827 Io/Io: WARNING! Descriptor FD#30 type socket still open at exit.Surely, these are a little older logs but since this time when I attempt to login over the SSH the access to the mounted home directory (NFSv4, sec=krb5) is giving a “permissions denied” error.
Additionally, the sssd.conf has,
ad_gpo_map_permit = +nx
Please suggest if anything else to be looked into to fix this behavior. And not sure why would the Kerberos ticket renewals are failing only after NX connection!
Thanks,
fractal-adminParticipantThanks Cato,
With that said, would the below settings to “/usr/NX/etc/server.cfg” be sufficient?
EnableNXKerberosAuthentication 1
NXKerberosUsePAM 1Or something more is necessary?
Thanks,
fractal-adminParticipantMore debugging leads to this being prevented for some reason and we are not sure what is causing this! Any thoughts on debugging this further OR how can we fix/workaround it?
6057 6057 2022-09-21 03:39:33 882.951 NXSERVER ERROR! Received error message from node ‘:’, ‘Cannot write to .Xauthority file in /fs/althome/contoso on the local host. Please verify permission attributes for that file.’.
-
AuthorPosts