Re: new desktop box
Thanks all for reply! > The real question is which video card do you want to use? Since I'm not gamer nor do 3d, some silent card will suffice. There are nvidia gp520 and radeon 6450, both with no fan. Also, I always enable powerd and dynamically lower freq to the least I could. More I read, less I know, regarding that future cpu. What about amd fx8120 ? Nex gen will come at Q3, maybe. Next decision might be ssd, instead of hdd. Best reviews are for samsung 830 (of wich 64gb are fine in my case). I plan to install from usb stick and avoid dvd-cd. Also, cannot make into what mobo should fit, but stay out of expensive field. Probably intel ethernet if possible, but it is not available in most data I read. Once more, thank you all for fast respond. Zoran ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Need help with nfsv4 and krb5 access denied
On 06/28/2012 02:07 AM, Rick Macklem wrote: > The NFS server will authenticate nfs/tmp2.ist.intra against the Kerberos > KDC, using the information in the keytab entry. The whole idea behind a > host based principal like "nfs/tmp2.ist.intra" is that it can only be > used by the host "tmp2.ist.intra". As such, when the Kerberos KDC receives > an auathentication request for nfs/tmp2.ist.intra, it will DNS resolve > tmp2.ist.intra (to 192.168.1.164 it seems) and will compare that to the > IP address the authentication request is received from. I think this > means the KDC will fail the request if it is sent to the KDC from 192.168.6.2. Yes, of course. There is and will be no traffic on 192.168.6.2. What I've tried to say (and probably failed), is that we have a network card in the machine, where the result is always access denied (with the correct server IP address set for that NIC). > Your KDC should be logging something when this fails and the traffic you'd > need to look at is the traffic between the NFS server and the KDC. (I'd use > wireshark, since it probably knows a fair bit about Kerberos.) Thank you, I will give it a try. Kind regards, Herbert ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Need help with nfsv4 and krb5 access denied
Herbert Poeckl wrote: > On 06/28/2012 02:07 AM, Rick Macklem wrote: > > The NFS server will authenticate nfs/tmp2.ist.intra against the > > Kerberos > > KDC, using the information in the keytab entry. The whole idea > > behind a > > host based principal like "nfs/tmp2.ist.intra" is that it can only > > be > > used by the host "tmp2.ist.intra". As such, when the Kerberos KDC > > receives > > an auathentication request for nfs/tmp2.ist.intra, it will DNS > > resolve > > tmp2.ist.intra (to 192.168.1.164 it seems) and will compare that to > > the > > IP address the authentication request is received from. I think this > > means the KDC will fail the request if it is sent to the KDC from > > 192.168.6.2. > > Yes, of course. There is and will be no traffic on 192.168.6.2. > > What I've tried to say (and probably failed), is that we have a > network > card in the machine, where the result is always access denied (with > the > correct server IP address set for that NIC). > Hmm, have you tried krb5 or krb5i. krb5p (which was the only one you had exported) means that the NFS RPCs are DES encrypted on the wire. This makes looking at them pretty useless in wireshark. (This comment doesn't apply to the traffic between the NFS server and the KDC, but wireshark will do a good job of decoding krb5, krb5i NFS traffic.) The only other thought I had (I have no idea if this is even possible?) is that some sort of hardware offload in the network card is screwing things up. (I don't know the em hardware, but you might try disabling TSO etc, in case the packets are somehow getting corrupted?) Good luck with it. It would be nice to know why this is happening. Since the NIC is way below the NFS layer, I can't think of any reason why NFS would care which NIC is used. rick > > > Your KDC should be logging something when this fails and the traffic > > you'd > > need to look at is the traffic between the NFS server and the KDC. > > (I'd use > > wireshark, since it probably knows a fair bit about Kerberos.) > > Thank you, I will give it a try. > > Kind regards, > Herbert > ___ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to > "freebsd-stable-unsubscr...@freebsd.org" ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Need help with nfsv4 and krb5 access denied
On 06/28/2012 05:34 PM, Rick Macklem wrote: > The only other thought I had (I have no idea if this is even possible?) > is that some sort of hardware offload in the network card is screwing > things up. (I don't know the em hardware, but you might try disabling > TSO etc, in case the packets are somehow getting corrupted?) > > Good luck with it. It would be nice to know why this is happening. > Since the NIC is way below the NFS layer, I can't think of any reason > why NFS would care which NIC is used. I did some more testing. What is the difference between the two cards is, that on of them (the working one) says: em0: Using an MSI interrupt The card where I get the access denied doesn't say anything like this. So I tried to disable msi with hw.pci.enable_msi=0 .. in /boot/loader.conf and now I get access denied on both NICs. The card now says: em0: No MSI/MSIX using a Legacy IRQ Hmm. Is there an idea of what to do next? Herbert ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Need help with nfsv4 and krb5 access denied
On 06/28/2012 08:37 PM, Herbert Poeckl wrote: > On 06/28/2012 05:34 PM, Rick Macklem wrote: >> The only other thought I had (I have no idea if this is even possible?) >> is that some sort of hardware offload in the network card is screwing >> things up. (I don't know the em hardware, but you might try disabling >> TSO etc, in case the packets are somehow getting corrupted?) >> >> Good luck with it. It would be nice to know why this is happening. >> Since the NIC is way below the NFS layer, I can't think of any reason >> why NFS would care which NIC is used. > > I did some more testing. > > What is the difference between the two cards is, that on of them (the > working one) says: > em0: Using an MSI interrupt > > The card where I get the access denied doesn't say anything like this. > > So I tried to disable msi with > hw.pci.enable_msi=0 > > .. in /boot/loader.conf and now I get access denied on both NICs. > > The card now says: > em0: No MSI/MSIX using a Legacy IRQ > > Hmm. Is there an idea of what to do next? Oh sorry! Please forget this posting. I did a crosscheck and it still is working (even with MSI disabled). Very sorry, Herbert (still searching to find a solution) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: Need help with nfsv4 and krb5 access denied
On Thu, 2012-06-28 at 16:25 +0200, Herbert Poeckl wrote: > On 06/28/2012 02:07 AM, Rick Macklem wrote: > > The NFS server will authenticate nfs/tmp2.ist.intra against the Kerberos > > KDC, using the information in the keytab entry. The whole idea behind a > > host based principal like "nfs/tmp2.ist.intra" is that it can only be > > used by the host "tmp2.ist.intra". As such, when the Kerberos KDC receives > > an auathentication request for nfs/tmp2.ist.intra, it will DNS resolve > > tmp2.ist.intra (to 192.168.1.164 it seems) and will compare that to the > > IP address the authentication request is received from. I think this > > means the KDC will fail the request if it is sent to the KDC from > > 192.168.6.2. > > Yes, of course. There is and will be no traffic on 192.168.6.2. > > What I've tried to say (and probably failed), is that we have a network > card in the machine, where the result is always access denied (with the > correct server IP address set for that NIC). > > > > Your KDC should be logging something when this fails and the traffic you'd > > need to look at is the traffic between the NFS server and the KDC. (I'd use > > wireshark, since it probably knows a fair bit about Kerberos.) > > Thank you, I will give it a try. > > Kind regards, > Herbert When something in software works fine with one NIC but not another (nearly-) identical one, the first thing that comes to my mind is that the MAC address on the card is being used by the software as a sort of UUID. I had that happen with a commercial software once; when I changed NICs in the machine the software stopped working and said it wasn't registered on that machine. (I would have been annoyed except this sophisticed "security system" was circumvented by deleting a file that wasn't even hard to find, and it automatically re-authorized itself on the next run using the new MAC address.) -- Ian ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: new desktop box
On Thu, 28 Jun 2012, Zoran Kolic wrote: Thanks all for reply! The real question is which video card do you want to use? Since I'm not gamer nor do 3d, some silent card will suffice. There are nvidia gp520 and radeon 6450, both with no fan. Do not get a Radeon newer than the 4000-series, the drivers are not available in FreeBSD at present. The 4650 has worked well for me. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: new desktop box
On 2012/06/28 22:00, Zoran Kolic wrote: Thanks all for reply! The real question is which video card do you want to use? Since I'm not gamer nor do 3d, some silent card will suffice. There are nvidia gp520 and radeon 6450, both with no fan. Also, I always enable powerd and dynamically lower freq to the least I could. More I read, less I know, regarding that future cpu. What about amd fx8120 ? Nex gen will come at Q3, maybe. Next decision might be ssd, instead of hdd. Best reviews are for samsung 830 (of wich 64gb are fine in my case). I plan to install from usb stick and avoid dvd-cd. Also, cannot make into what mobo should fit, but stay out of expensive field. Probably intel ethernet if possible, but it is not available in most data I read. Once more, thank you all for fast respond. Zoran I have a GT430 installed on my machine, but I think GT520 will use less power, from specification: http://www.geforce.com/hardware/desktop-gpus/geforce-gt-520/specifications It only needs 29W while GT430 needs 49W. NVIDIA also provides their native driver for FreeBSD. Regards, David Xu ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
