From nobody Sun Feb 06 16:42:56 2022
X-Original-To: freebsd-fs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 119B419BAAD8
	for <freebsd-fs@mlmmj.nyi.freebsd.org>; Sun,  6 Feb 2022 16:43:09 +0000 (UTC)
	(envelope-from anothatuber@gmail.com)
Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com [IPv6:2607:f8b0:4864:20::b32])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JsFSr4480z4tn8
	for <freebsd-fs@freebsd.org>; Sun,  6 Feb 2022 16:43:08 +0000 (UTC)
	(envelope-from anothatuber@gmail.com)
Received: by mail-yb1-xb32.google.com with SMTP id z62so21519218ybc.11
        for <freebsd-fs@freebsd.org>; Sun, 06 Feb 2022 08:43:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:from:date:message-id:subject:to;
        bh=zXzi6UKaAQY7ih2/MWBdxom3PJHmvepAel2XXJ+qOWs=;
        b=HYxZlU3qyZ4WtoL44s50jGhnYntMxJyumQ1wtmQjYDjTbV5oBjQwgrGI5hCC4YT7/Z
         zvbLIiC/5PM4Ec3fqgX5WRrCKoSxqcfLrtTC2dHgrpm61tycRC5DW438YDsJ4KJ+GCSh
         TaKgpCAtZdoDjD/7JCdwKTmT07/TTxCej+aYljEA3LWkCJPOGeFJjfcY02E+Xyu8uvW0
         2qvPHdCuu1vSuGAufJDbGoWsasuUyT8Iow/n6RQE9LSn060BF1ngnyTuAOJanGBCPeZ2
         suKlnqkmjeO+EKC2gfM32hst15as7BvNicQQU1U5Lk4i3Fe2PEcISL1xSx7oL14DkpON
         lRzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=zXzi6UKaAQY7ih2/MWBdxom3PJHmvepAel2XXJ+qOWs=;
        b=xa7+E5h15o0XaomHtq8Z69yEpepvD2p1pHMF03HSjkA9FJ2ABDTZoAFrAbuwE/mMRT
         tT7PM1Jtx8SsknA6wkEMwzO0a52yaNilF/P6e5a+50CEOMlcSa8qQEf1mZ4hrYFmx68s
         j7QxAtOk+jDDX9wM3jBdZneeZskPWh4HdNSZ7X3BpUZaimYMqyi4ln8doxnR506YbzVU
         C6qqBIGa4Q+apMV2UpLYZL6doM9qXX41W759gx1D8ND+CDFSH7ioacjQhP/u9nAqM0zZ
         NB207uU72W9JdP0ym0ETqPUD3ICH68rkbHEcKA20xuTkV87RpIC6ehZgVADswxcypVFI
         2D1A==
X-Gm-Message-State: AOAM531zs7xvac9yRjSOe+SDO7kWfMvj3SGRUUOjz87dCNQVxq1wNh+u
	vUiVUz68CTTbUczAKGtNJxZ5N+W8X/ZvqYwff2E5L/kC
X-Google-Smtp-Source: ABdhPJxAUsk24HZd7i1JELdO+s7CdilmwFZIG0RJ1l7Um3yU2YE65JzRPNyVT/USx3xQKnFGP1UHV3TN+nrBU8pr0A0=
X-Received: by 2002:a0d:ff83:: with SMTP id p125mr7307923ywf.472.1644165788163;
 Sun, 06 Feb 2022 08:43:08 -0800 (PST)
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-fs
List-Help: <mailto:freebsd-fs+help@freebsd.org>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Subscribe: <mailto:freebsd-fs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-fs+unsubscribe@freebsd.org>
Sender: owner-freebsd-fs@freebsd.org
MIME-Version: 1.0
From: Arno Thuber <anothatuber@gmail.com>
Date: Sun, 6 Feb 2022 17:42:56 +0100
Message-ID: <CAFNeAzH59yLZut8WuWoi84QtuKQQ-LZZ21M_ck5A2owFUQM+8A@mail.gmail.com>
Subject: Kerberized NFSv4: wrong security flavor
To: freebsd-fs@freebsd.org
Content-Type: multipart/alternative; boundary="000000000000c15fe205d75c2de8"
X-Rspamd-Queue-Id: 4JsFSr4480z4tn8
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=HYxZlU3q;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of anothatuber@gmail.com designates 2607:f8b0:4864:20::b32 as permitted sender) smtp.mailfrom=anothatuber@gmail.com
X-Spamd-Result: default: False [-4.00 / 15.00];
	 ARC_NA(0.00)[];
	 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	 R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112];
	 FROM_HAS_DN(0.00)[];
	 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
	 FREEMAIL_FROM(0.00)[gmail.com];
	 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	 PREVIOUSLY_DELIVERED(0.00)[freebsd-fs@freebsd.org];
	 TO_DN_NONE(0.00)[];
	 RCPT_COUNT_ONE(0.00)[1];
	 NEURAL_HAM_LONG(-1.00)[-1.000];
	 MID_RHS_MATCH_FROMTLD(0.00)[];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 DKIM_TRACE(0.00)[gmail.com:+];
	 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::b32:from];
	 NEURAL_HAM_SHORT(-1.00)[-1.000];
	 MLMMJ_DEST(0.00)[freebsd-fs];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+,1:+,2:~];
	 FREEMAIL_ENVFROM(0.00)[gmail.com];
	 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	 RCVD_COUNT_TWO(0.00)[2];
	 RCVD_TLS_ALL(0.00)[];
	 DWL_DNSWL_NONE(0.00)[gmail.com:dkim]
X-ThisMailContainsUnwantedMimeParts: N

--000000000000c15fe205d75c2de8
Content-Type: text/plain; charset="UTF-8"

Hello there,

for weeks I'm trying to get kerberized NFSv4 working on a FreeBSD server.
Originally I tried using a Linux client which didn't work, so I now
switched to a FreeBSD client which doesn't work either but with another
error. Remark: Linux server and client are working with the same KDC.

It feels I've ready each and every tutorial on kerberized NFS but just
don't see the error.

But now for the error on the FreeBSD client:
root@freebsd-client: # mount -vvv -o nfsv4,sec=krb5
freebsd.fqdn:/srv/nfsshare /mnt/nfs/
mount_nfs: nmount: /mnt/nfs, wrong security flavor

And what Wireshark shows fits the message:
Remote Procedure Call, Type:Call XID:0x69cd8522
    Fragment header: Last fragment, 152 bytes
    XID: 0x69cd8522 (1775076642)
    Message Type: Call (0)
    RPC Version: 2
    Program: NFS (100003)
    Program Version: 4
    Procedure: COMPOUND (1)
    [The reply to this request is in frame 16]
    Credentials
        Flavor: AUTH_UNIX (1)
        Length: 56
        Stamp: 0x61ffd269
        Machine Name: freebsd-client.local.eyserver.de
            length: 32
            contents: freebsd-client.local.eyserver.de
        UID: 0
        GID: 0
        Auxiliary GIDs (1) [5]
    Verifier
        Flavor: AUTH_NULL (0)
        Length: 0

GSSD is running and also seems to be in the loop (shows output on mount
when run as gssd -vhd) but it seems just right away ignores the request for
krb5.
Do you have any ideas on this? Or at least what I can do to debug this?

FreeBSD used is 13.0-RELEASE.

Regards,
Arno

--000000000000c15fe205d75c2de8
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>Hello there,</div><div><br></div><div>for weeks I&#39=
;m trying to get kerberized NFSv4 working on a FreeBSD server. Originally I=
 tried using a Linux client which didn&#39;t work, so I now switched to a F=
reeBSD client which doesn&#39;t work either but with another error. Remark:=
 Linux server and client are working with the same KDC.</div><div><br></div=
><div>It feels I&#39;ve ready each and every tutorial on kerberized NFS but=
 just don&#39;t see the error.<br></div><div><br></div><div>But now for the=
 error on the FreeBSD client:</div><div>root@freebsd-client: # mount -vvv -=
o nfsv4,sec=3Dkrb5 freebsd.fqdn:/srv/nfsshare /mnt/nfs/<br>mount_nfs: nmoun=
t: /mnt/nfs, wrong security flavor<br></div><div><br></div><div>And what Wi=
reshark shows fits the message:</div><div>Remote Procedure Call, Type:Call =
XID:0x69cd8522<br>=C2=A0=C2=A0=C2=A0 Fragment header: Last fragment, 152 by=
tes<br>=C2=A0=C2=A0=C2=A0 XID: 0x69cd8522 (1775076642)<br>=C2=A0=C2=A0=C2=
=A0 Message Type: Call (0)<br>=C2=A0=C2=A0=C2=A0 RPC Version: 2<br>=C2=A0=
=C2=A0=C2=A0 Program: NFS (100003)<br>=C2=A0=C2=A0=C2=A0 Program Version: 4=
<br>=C2=A0=C2=A0=C2=A0 Procedure: COMPOUND (1)<br>=C2=A0=C2=A0=C2=A0 [The r=
eply to this request is in frame 16]<br>=C2=A0=C2=A0=C2=A0 Credentials<br>=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Flavor: AUTH_UNIX (1)<br>=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Length: 56<br>=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0 Stamp: 0x61ffd269<br>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0 Machine Name: <a href=3D"http://freebsd-client.local.eyserver.de"=
>freebsd-client.local.eyserver.de</a><br>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 length: 32<br>=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 contents: <a href=3D"http://freebsd=
-client.local.eyserver.de">freebsd-client.local.eyserver.de</a><br>=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 UID: 0<br>=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0 GID: 0<br>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Auxili=
ary GIDs (1) [5]<br>=C2=A0=C2=A0=C2=A0 Verifier<br>=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0 Flavor: AUTH_NULL (0)<br>=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 Length: 0<br></div><div><br></div><div>GSSD is running and als=
o seems to be in the loop (shows output on mount when run as gssd -vhd) but=
 it seems just right away ignores the request for krb5.</div><div>Do you ha=
ve any ideas on this? Or at least what I can do to debug this?<br></div><di=
v><br></div><div>FreeBSD used is 13.0-RELEASE.<br></div><div><br></div><div=
>Regards,</div><div>Arno<br></div></div>

--000000000000c15fe205d75c2de8--