Hi all,
Linux kernel 5.10 removed support for RC4-HMAC [1] from Kerberos. I
suspect the reporter's client is using that encryption type. Samba used
to create keytabs only containing RC4-HMAC, DES-CBC-MD5 and DES-CBC-CRC.
Current versions of rpc.gssd use any of DES3-CBC-SHA1,
AES256-CTS-HMAC-S
Hi, Jürgen,
Thank you for posting this!
I also observe that the bug affects nfs-client on 5.10 kernel
nfs-server is not affected (works with both 5.9 and 5.10 kernels)
I followed your suggestions, but unfortunately with no luck.
I tried adding principles and building the latest nfs-utils.
But dow
Dear Maintainers
my bug report contained the neccessary information to understand the whole
problem, but it is quite complex.
FIXING bullseye NFS4 Kerberos with SAMBA
Probably debian uses an outdated version of rpc.gssd , SAMBA behaves 100%
correctly and someone removed support for weak rpc.gs
I observe the same behavior when upgrading the kernel from 5.9 to 5.10
((server: buster amd64, clients: bullseye amd64). However, probably
interesting to note that even when upgrading the server to bullseye and
subsequently the kernel to 5.10 I'm also not able to mount kerberized
NFS shares. Th
Package: nfs-common
Version: 1:1.3.4-4
Severity: important
Dear Maintainer,
rpc.gssd seems to have problems setting up the machine credentials
cache since kernel 5.10
we see the same problem on amd64 (debian bullseye) and arm64 (raspberry using
debian bullseye). The server as a debian buster amd
5 matches
Mail list logo
