Ubuntu
nfs-utils package

rpc.svcgssd ERROR: prepare_krb5_rfc_cfx_buffer: not implemented

Bug #938581 reported by Brian J. Murrell
50
This bug affects 9 people
Affects Status Importance Assigned to Milestone
nfs-utils (Ubuntu)
Triaged
Low
Unassigned

Bug Description

Since upgrading one of the machines in my network to oneiric this lucid machine as been complaining:

03:43:43 rpc.svcgssd ERROR: prepare_krb5_rfc_cfx_buffer: not implemented
03:43:43 rpc.svcgssd ERROR: failed serializing krb5 context for kernel
03:43:43 rpc.svcgssd WARNING: handle_nullreq: serialize_context_for_kernel failed
03:43:43 rpc.svcgssd ERROR: prepare_krb5_rfc_cfx_buffer: not implemented
03:43:43 rpc.svcgssd ERROR: failed serializing krb5 context for kernel
03:43:43 rpc.svcgssd WARNING: handle_nullreq: serialize_context_for_kernel failed
03:45:58 rpc.svcgssd ERROR: prepare_krb5_rfc_cfx_buffer: not implemented
03:45:58 rpc.svcgssd ERROR: failed serializing krb5 context for kernel
03:45:58 rpc.svcgssd WARNING: handle_nullreq: serialize_context_for_kernel failed
03:45:58 rpc.svcgssd ERROR: prepare_krb5_rfc_cfx_buffer: not implemented
03:45:58 rpc.svcgssd ERROR: failed serializing krb5 context for kernel
03:45:58 rpc.svcgssd WARNING: handle_nullreq: serialize_context_for_kernel failed
03:47:59 rpc.svcgssd ERROR: prepare_krb5_rfc_cfx_buffer: not implemented
03:47:59 rpc.svcgssd ERROR: failed serializing krb5 context for kernel
03:47:59 rpc.svcgssd WARNING: handle_nullreq: serialize_context_for_kernel failed
03:47:59 rpc.svcgssd ERROR: prepare_krb5_rfc_cfx_buffer: not implemented
03:47:59 rpc.svcgssd ERROR: failed serializing krb5 context for kernel
03:47:59 rpc.svcgssd WARNING: handle_nullreq: serialize_context_for_kernel failed

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: nfs-kernel-server 1:1.2.0-4ubuntu4.2
ProcVersionSignature: Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic i686
Architecture: i386
Date: Wed Feb 22 06:41:12 2012
ProcEnviron:
 LANG=en_CA.UTF-8
 SHELL=/bin/bash
SourcePackage: nfs-utils

Revision history for this message
Brian J. Murrell (brian-interlinx) wrote :
Revision history for this message
Brian J. Murrell (brian-interlinx) wrote :

This is a bug in the current LTS! Will it at least be triaged?

Revision history for this message
Krzysztof Klimonda (kklimonda) wrote :

Lucid kernel doesn't support all the encryption types that the later kernels (like the one from 11.10 or 12.04) support. Because of that, and some bugs/missing code in lucid krb5/nfs-utils packages, NFSv4 server, KDC server, and the client can't agree on the correct encryption type to use when exchanging Kerberos tickets.

Now, it's not really a new issue - even when trying to connect 10.04 client to 10.04 server you had to set allow_weak_crypto, default_tgs_enctypes and default_tkt_enctypes so you could mount "kerberized" NFSv4 shares, but now it appears that it's not enough.

In my case, the workaround was to force des-cbc-crc encryption type on the server by setting "permitted_enctypes = des-cbc-crc" in /etc/krb5.conf, under [libdefaults] section.

I may try backporting fixes mentioned in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622146 to lucid to see if it helps a bit.

I'm gong to leave the bug as affectign nfs-utils for now, and change its importance and status based on what I've found out so far. If I can confirm that patches from the debian bug work (and so that both bugs are actually the same) I'll link the debian bug, add krb5 package, and try talking with developers on preparing an SRU if possible.

Changed in nfs-utils (Ubuntu):
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Thomas Spitzlei (t-spitzlei) wrote :

Same problem here.
10.04 LTS Server
12.04 LTS Client

NFS4 Kerberized. Mount not possible, workaround (des-cbc-crc in krb5.conf) doesn't work!

Server syslog:
May 16 09:38:47 rpc.svcgssd[1513]: ERROR: prepare_krb5_rfc_cfx_buffer: not implemented
May 16 09:38:47 rpc.svcgssd[1513]: ERROR: failed serializing krb5 context for kernel
May 16 09:38:47 rpc.svcgssd[1513]: WARNING: handle_nullreq: serialize_context_for_kernel failed

Revision history for this message
Fede (beffa) wrote :

Same problem here!

10.04 LTS Server
12.04 LTS Client

Revision history for this message
Fede (beffa) wrote :

I've solved my problem by:

1) generating des-cbc-crc only keys in /etc/krb5.keytab on server and client with
     sudo kadmin -p XXX/admin -q "ktadd -e des-cbc-crc:normal nfs/servername.fqn"

2) allowing weak enc. (server and client) and changing the algorithm order in /etc/krb5.conf (server):

allow_weak_crypto = true
default_etypes = arcfour-hmac-md5 des3-cbc-sha1
default_etypes_des = des-cbc-md5,des-cbc-crc
default_tgs_enctypes = des-cbc-md5,des-cbc-crc
default_tkt_enctypes = des-cbc-md5,des-cbc-crc
permitted_enctypes = des-cbc-md5,des-cbc-crc,des3-cbc-sha1,arcfour-hmac-md5,des-cbc-md4,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96

Revision history for this message
Taylan (taylan--) wrote :

We have upgraded some of our clients to 12.04 and the kerberized mounts from centos-Machines won't work anymore with the same log messages:

Jul 17 14:08:41 xxxx rpc.svcgssd[3364]: ERROR: prepare_krb5_rfc_cfx_buffer: not implemented
Jul 17 14:08:41 xxxx rpc.svcgssd[3364]: ERROR: failed serializing krb5 context for kernel
Jul 17 14:08:41 xxxx rpc.svcgssd[3364]: WARNING: handle_nullreq: serialize_context_for_kernel failed
Jul 17 14:08:41 xxxx rpc.svcgssd[3364]: ERROR: prepare_krb5_rfc_cfx_buffer: not implemented
Jul 17 14:08:41 xxxx rpc.svcgssd[3364]: ERROR: failed serializing krb5 context for kernel
Jul 17 14:08:41 xxxx rpc.svcgssd[3364]: WARNING: handle_nullreq: serialize_context_for_kernel failed

The kerberized mounts from Solaris-Cluster are working.

The problem is, I can't set the encryption type to DES, bcs our Domain-Controllers won't support them (by default) and even if they to, I should create a new keytab for them and distribute it...

Revision history for this message
raffis (raffis0) wrote :

Yep, I have the same probleme here:
Jul 23 11:52:35 xxx rpc.svcgssd[15144]: ERROR: prepare_krb5_rfc_cfx_buffer: not implemented
Jul 23 11:52:35 xxx rpc.svcgssd[15144]: ERROR: failed serializing krb5 context for kernel
Jul 23 11:52:35 xxx rpc.svcgssd[15144]: WARNING: handle_nullreq: serialize_context_for_kernel failed
Jul 23 11:52:35 xxx rpc.svcgssd[15144]: ERROR: prepare_krb5_rfc_cfx_buffer: not implemented
Jul 23 11:52:35 xxx rpc.svcgssd[15144]: ERROR: failed serializing krb5 context for kernel
Jul 23 11:52:35 xxx rpc.svcgssd[15144]: WARNING: handle_nullreq: serialize_context_for_kernel failed

It's working with 10.04, but I get these errors with 12.04 and can't update all keytabs on each server.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.