Discussion:
convert mount to fstab
lynn
2013-07-03 11:55:44 UTC
Permalink
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser

I've tried:
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser 0 0
and replacing the server with its IP, but nothing.

The manual mount works fine. The client log shows no reference to cifs and there's no record of a request from it on the server.

Any ideas?
Thanks
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Per Jessen
2013-07-03 12:00:25 UTC
Permalink
Post by lynn
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser
0 0 and replacing the server with its IP, but nothing.
I use this:

//host.example.com/photos /home/per/Photos cifs user=xxx,password=xxxxxxxxx 0 0
--
Per Jessen, Zürich (17.6°C)
http://www.dns24.ch/ - free DNS hosting, made in Switzerland.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-03 12:11:53 UTC
Permalink
Post by Per Jessen
Post by lynn
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser
0 0 and replacing the server with its IP, but nothing.
//host.example.com/photos /home/per/Photos cifs user=xxx,password=xxxxxxxxx 0 0
Unfortunately we can't do that as the share has to be group rw. Does
cifs have a secret log anywhere? I'm looking at /var/log/messages
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Per Jessen
2013-07-03 12:15:01 UTC
Permalink
Post by lynn
Post by Per Jessen
Post by lynn
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs
sec=krb5,multiuser,username=cifsuser 0 0 and replacing the server
with its IP, but nothing.
//host.example.com/photos /home/per/Photos cifs
user=xxx,password=xxxxxxxxx 0 0
Unfortunately we can't do that as the share has to be group rw. Does
cifs have a secret log anywhere? I'm looking at /var/log/messages
Maybe if you try "mount -a" when the system is running - it might give
you the error messages.
--
Per Jessen, Zürich (17.6°C)
http://www.dns24.ch/ - free DNS hosting, made in Switzerland.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-03 12:20:10 UTC
Permalink
Post by Per Jessen
Post by lynn
Post by Per Jessen
Post by lynn
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs
sec=krb5,multiuser,username=cifsuser 0 0 and replacing the server
with its IP, but nothing.
//host.example.com/photos /home/per/Photos cifs
user=xxx,password=xxxxxxxxx 0 0
Unfortunately we can't do that as the share has to be group rw. Does
cifs have a secret log anywhere? I'm looking at /var/log/messages
Maybe if you try "mount -a" when the system is running - it might give
you the error messages.
mount -a works fine. Does root need a keytab entry?
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Felix Miata
2013-07-03 18:17:07 UTC
Permalink
Post by lynn
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser 0 0
and replacing the server with its IP, but nothing.
The manual mount works fine. The client log shows no reference to cifs and there's no record of a request from it on the server.
Any ideas?
One of mine (for a DVB box running Linux):
//AZBME/pub /home/AV/azbme cifs
user,user=azusr,pass=,nounix,uid=###,gid=###,dir_mode=0777,file_mode=0664,noauto
0 0

s/AZBME/<IP>/ works the same.

Looks like you should probably try s/username/user/.
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata *** http://fm.no-ip.com/
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-03 19:19:20 UTC
Permalink
Post by Felix Miata
Post by lynn
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser 0 0
and replacing the server with its IP, but nothing.
The manual mount works fine. The client log shows no reference to cifs and there's no record of a request from it on the server.
Any ideas?
//AZBME/pub /home/AV/azbme cifs
user,user=azusr,pass=,nounix,uid=###,gid=###,dir_mode=0777,file_mode=0664,noauto
0 0
s/AZBME/<IP>/ works the same.
Looks like you should probably try s/username/user/.
Hi. OK, but where would I put:
s/username/user/.
What's the 's'?
Thanks
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Dylan
2013-07-03 19:53:19 UTC
Permalink
Post by Felix Miata
s/username/user/.
What's the 's'?
Thanks
You've never come across sed? SWAP [occurances of] 'username' for 'user'
in your fstab incantation and see what the result is

<by the by>
for someone who had such entrenched ideas about your system should work
you show a conspicuous lack of insight into geeky culture.
</>
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Felix Miata
2013-07-03 20:52:34 UTC
Permalink
Post by Dylan
Post by Felix Miata
s/username/user/.
What's the 's'?
You've never come across sed? SWAP [occurances of] 'username' for 'user'
in your fstab incantation and see what the result is
To swap is more like a switching that preserves both, but changes the
positions. The man page I just looked at calls what it does "replacement",
then describes what happens as substitution, which isn't exactly the same
thing as swapping. Logically then the 's' more likely means substitute (or
synonym 'switch'), which allows for the replaced string to be discarded or
removed rather than moved. So,

substitute for one occurrence of string 'username' the string 'user'
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)

Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!

Felix Miata *** http://fm.no-ip.com/
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-03 22:46:55 UTC
Permalink
Post by Dylan
Post by Felix Miata
s/username/user/.
What's the 's'?
Thanks
You've never come across sed? SWAP [occurances of] 'username' for 'user'
in your fstab incantation and see what the result is
Ah, I see. Never did understand sed. I always found an alternative. Or
asked here!

Still no go s/username/user. The line is totally ignored. The cifs
upcall never happens. We can however mount after boot, smbclient it and
win7 clients mount it fine. I was hoping that this wasn't going to be
anything to do with Kerberos. Anyway, we can work around it in
boot.local but it's not ideal.
Post by Dylan
<by the by>
for someone who had such entrenched ideas about your system should work
you show a conspicuous lack of insight into geeky culture.
Yeah, it's hard. Language is one of our main problems. We do not work
with native English speakers and just about all Linux stuff is written
in a style which is beyond those even with good conversational skills.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Andrey Borzenkov
2013-07-13 06:20:05 UTC
Permalink
В Wed, 03 Jul 2013 13:55:44 +0200
Post by lynn
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser 0 0
and replacing the server with its IP, but nothing.
The manual mount works fine.
Do you mount manually as root or as some other user?
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-13 08:06:07 UTC
Permalink
Post by Andrey Borzenkov
В Wed, 03 Jul 2013 13:55:44 +0200
Post by lynn
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser 0 0
and replacing the server with its IP, but nothing.
The manual mount works fine.
Do you mount manually as root or as some other user?
We use a low privilege user, cifsuser. We can't use root.
Thanks
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Andrey Borzenkov
2013-07-13 10:48:31 UTC
Permalink
В Sat, 13 Jul 2013 10:06:07 +0200
Post by lynn
Post by Andrey Borzenkov
В Wed, 03 Jul 2013 13:55:44 +0200
Post by lynn
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser 0 0
and replacing the server with its IP, but nothing.
The manual mount works fine.
Do you mount manually as root or as some other user?
We use a low privilege user, cifsuser. We can't use root.
Thanks
username=cifsuser gives just user name on *server* to authenticate
mount. What is your *local*, client, user - also "cifsuser", correct?
So you are able to mount manually when logged in locally as "cifsuser"?
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-13 12:27:43 UTC
Permalink
Post by Andrey Borzenkov
В Sat, 13 Jul 2013 10:06:07 +0200
Post by lynn
Post by Andrey Borzenkov
В Wed, 03 Jul 2013 13:55:44 +0200
Post by lynn
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser 0 0
and replacing the server with its IP, but nothing.
The manual mount works fine.
Do you mount manually as root or as some other user?
We use a low privilege user, cifsuser. We can't use root.
Thanks
username=cifsuser gives just user name on *server* to authenticate
mount. What is your *local*, client, user - also "cifsuser", correct?
So you are able to mount manually when logged in locally as "cifsuser"?
Hi
cifsuser can't login. Her only function is to get a ticket for the
fileserver. That bit is working fine, just not where I want it: in
fstab.
Thanks
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Andrey Borzenkov
2013-07-13 14:31:47 UTC
Permalink
В Sat, 13 Jul 2013 14:27:43 +0200
Post by lynn
Post by Andrey Borzenkov
В Sat, 13 Jul 2013 10:06:07 +0200
Post by lynn
Post by Andrey Borzenkov
В Wed, 03 Jul 2013 13:55:44 +0200
Post by lynn
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser 0 0
and replacing the server with its IP, but nothing.
The manual mount works fine.
Do you mount manually as root or as some other user?
We use a low privilege user, cifsuser. We can't use root.
Thanks
username=cifsuser gives just user name on *server* to authenticate
mount. What is your *local*, client, user - also "cifsuser", correct?
So you are able to mount manually when logged in locally as "cifsuser"?
Hi
cifsuser can't login. Her only function is to get a ticket for the
fileserver. That bit is working fine, just not where I want it: in
fstab.
I'm sorry, but as you do not explain how you perform manual mount, it
is not possible to even guess what's going wrong.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-13 16:21:11 UTC
Permalink
Post by Andrey Borzenkov
В Sat, 13 Jul 2013 14:27:43 +0200
Post by lynn
Post by Andrey Borzenkov
В Sat, 13 Jul 2013 10:06:07 +0200
Post by lynn
Post by Andrey Borzenkov
В Wed, 03 Jul 2013 13:55:44 +0200
Post by lynn
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser 0 0
and replacing the server with its IP, but nothing.
The manual mount works fine.
Do you mount manually as root or as some other user?
We use a low privilege user, cifsuser. We can't use root.
Thanks
username=cifsuser gives just user name on *server* to authenticate
mount. What is your *local*, client, user - also "cifsuser", correct?
So you are able to mount manually when logged in locally as "cifsuser"?
Hi
cifsuser can't login. Her only function is to get a ticket for the
fileserver. That bit is working fine, just not where I want it: in
fstab.
I'm sorry, but as you do not explain how you perform manual mount, it
is not possible to even guess what's going wrong.
Hi
My fault entirely. I'm hopeless at asking questions.

As local user root (uid 0, gid 0) on a 12.3 client:
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser

Here is the configuration.
Domain: hh3.site. IP: 192.168.1.x/255.255.255.0

1. A client. hostname: catral
smb.conf
[global]
workgroup = HH3
realm = HH3.SITE
security = ADS
kerberos method = system keytab

sssd.conf
[sssd]
#debug_level = 6
services = nss, pam
config_file_version = 2
domains = default
[nss]
[pam]
[domain/default]
#debug_level=6
dyndns_update=true
dyndns_refresh_interval=16
ad_hostname = catral.hh3.site
ad_server = hh16.hh3.site
ad_domain = hh3.site
ldap_schema = ad
id_provider = ad
access_provider = simple
enumerate = false
cache_credentials = true
#entry_cache_timeout = 60
auth_provider = krb5
chpass_provider = krb5
krb5_realm = HH3.SITE
krb5_server = hh16.hh3.site
krb5_kpasswd = hh16.hh3.site

ldap_id_mapping=false
ldap_referrals = false
ldap_uri = ldap://hh16.hh3.site
ldap_user_object_class = user
ldap_user_name = samAccountName
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = loginShell
ldap_group_object_class = group
ldap_group_search_base = dc=hh3,dc=site
ldap_group_name = cn
ldap_group_member = member

ldap_sasl_mech = gssapi
ldap_sasl_authid = CATRAL$@HH3.SITE
ldap_krb5_keytab = /etc/krb5.keytab
ldap_krb5_init_creds = true

2. The file server hostname: altea
smb.conf
[global]
workgroup = HH3
realm = HH3.SITE
security = ADS
kerberos method = secrets and keytab
log level = 3

[users]
path = /home/users
read only = No

[profiles]
path = /home/profiles
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
browseable = No
guest ok = No
printable = No
profile acls = Yes
csc policy = disable

[shared]
path = /home/shared
read only = No
inherit acls = Yes
--- --- ---
3. The DC hostname: hh16
smb.conf
[global]
workgroup = HH3
realm = HH3.SITE
netbios name = HH16
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbind, ntp_signd, kcc, dnsupdate, dns
dns forwarder = 192.168.1.1
idmap_ldb:use rfc2307 = yes

[netlogon]
path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
read only = No

[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Linda Walsh
2013-07-13 10:59:10 UTC
Permalink
Post by lynn
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser 0 0
and replacing the server with its IP, but nothing.
The manual mount works fine. The client log shows no reference to cifs and there's no record of a request from it on the server.
Any ideas?
Thanks
I normally use /etc/cifstab, but tried putting a mount in /etc/fstab and seem to
have no problem.

1) I specified no 'sec' parameter, 2), I can find no mention of a multiuser
parameter
(perhaps you meant "setuids"). Where is your password? Do you have a domain or
workgroup?


I put user/password/domain in a credentials file in my ~/.ssh dir,
man page says to use format:
username=law
password=law_pw
domain=domain or workgroup name




but my mount line in fstab looks like:

//ATHENAE/C$/ /mnt/ cifs
rw,uid=law,gid=Administrators,nocase,serverino,credentials=/home/law/.ssh/athenae,setuids
0 0

Note -- params that caused it to fail: directio & sfu -- both documented but
both causing
problems:
directio was just an 'unknown' parameter
and sfu gave, in "dmesg",:

CIFS VFS: cifs_mount failed w/return code = -113
init_special_inode: bogus i_mode (755) for inode cifs:0
CIFS VFS: Error connecting to socket. Aborting operation
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-13 12:46:14 UTC
Permalink
Post by Linda Walsh
Post by lynn
Hi
How do I put this in /etc/fstab
mount -t cifs //altea/shared /home/shared
-osec=krb5,multiuser,username=cifsuser
//altea/shared /home/shared cifs sec=krb5,multiuser,username=cifsuser 0 0
and replacing the server with its IP, but nothing.
The manual mount works fine. The client log shows no reference to cifs and there's no record of a request from it on the server.
Any ideas?
Thanks
Hi
Post by Linda Walsh
I normally use /etc/cifstab, but tried putting a mount in /etc/fstab and seem to
have no problem.
1) I specified no 'sec' parameter,
OK, so that's: sec=sys
Post by Linda Walsh
2), I can find no mention of a multiuser
parameter
(perhaps you meant "setuids").
We don't need setuids. For multiuser please see:
man mount.cifs
Post by Linda Walsh
Where is your password?
In the keytab
Post by Linda Walsh
Do you have a domain or
workgroup?
domain
Post by Linda Walsh
I put user/password/domain in a credentials file in my ~/.ssh dir,
username=law
password=law_pw
domain=domain or workgroup name
I don't think credentials work with kerberos (?).
Post by Linda Walsh
//ATHENAE/C$/ /mnt/ cifs
rw,uid=law,gid=Administrators,nocase,serverino,credentials=/home/law/.ssh/athenae,setuids
0 0
Note -- params that caused it to fail: directio & sfu -- both documented but
both causing
directio was just an 'unknown' parameter
CIFS VFS: cifs_mount failed w/return code = -113
init_special_inode: bogus i_mode (755) for inode cifs:0
CIFS VFS: Error connecting to socket. Aborting operation
Not a problem. I think sfu was for older domains. All our Linux stuff is
in the directory.
As I say, the line is fstab is totally ignored during boot. There's an
easy workaround but I'd like to know why.

Thanks for your time,
L x
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Linda Walsh
2013-07-13 20:42:06 UTC
Permalink
Post by lynn
As I say, the line is fstab is totally ignored during boot. There's an
easy workaround but I'd like to know why.
----
Ignored at boot?

I.e. if you put it in fstab (or something equiv to what I have), you can
type mount /mnt, and it takes the parameters from /etc/fstab?

I thought when you said you did the line manually you meant with all
params on the command line.

But is it the case that your entry in fstab works if you use the
mount shorthand with just the directory?

That's a very different problem.

Are you authenticating against an NT domain controller? Windows? Samba?

BTW -- I checked out my params through my man page. The version of
man page I had had 'directio' (which no longer works). 'sfu' -- which
give a fairly consistent message with what I read can happen when trying
to use it -- i.e. the error about 'not a directory' has something to do with
the sfu facilities not working right,
but no mention of the multiuser param on my manpage -- just wondering what it
does... since if you are trying to mount at boot time, just "who" is trying
to authenticate to your kerberos server?

Doesn't the time on your machine have to have synchronized with the kerberos
server's time? I'm wondering if everything is in place for kerberos to do
the authentication at boot time.

A problem I had in getting mine to mount at boot was making sure the network was
active, and bind(named) and samba were both active and ready-to-serve -- since the
windows station I was mounting tries to contact a domain login controller (i.e. the
server that is coming up...). That also means all the "elections" and samba setup
need to be done with so the client can successfully authenticate -- if something
isn't
quite ready when it tries to authenticate on boot, it would more than likely just
stop trying to mount and quit. If it works later from fstab -- but just that you
have to type the mount name, I'd bet something isn't coming up in the right order
for it to work...

Sorry wasn't more help...
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-13 21:30:11 UTC
Permalink
Post by Linda Walsh
Doesn't the time on your machine have to have synchronized with the kerberos
server's time? I'm wondering if everything is in place for kerberos to do
the authentication at boot time.
OMG. Linda, of course. Which is why it works fine on all the other
clients! And I know exactly why: it's a box we brought over from UK
(we're in Spain) and we never ntp'd it. So it'd get its time from the
battery on the motherboard.

Is it ok not to feel so stupid though: Surely you'd expect _something_
in the log on the client? But nada. The time error shows on the KDC
(Samba4). Something like 'clock slew too great'.

Phew, thanks a load.
L x
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Linda Walsh
2013-07-14 03:04:27 UTC
Permalink
Post by lynn
Post by Linda Walsh
Doesn't the time on your machine have to have synchronized with the kerberos
server's time? I'm wondering if everything is in place for kerberos to do
the authentication at boot time.
OMG. Linda, of course. Which is why it works fine on all the other
clients! And I know exactly why: it's a box we brought over from UK
(we're in Spain) and we never ntp'd it. So it'd get its time from the
battery on the motherboard.
Is it ok not to feel so stupid though: Surely you'd expect _something_
in the log on the client? But nada. The time error shows on the KDC
(Samba4). Something like 'clock slew too great'.
Phew, thanks a load.
---
Awesome!

There's a reason why I haven't stated using Kerberos yet...in *my* setup, it'd be
another thing to fail and have fall apart!...I haven't even converted to ldap yet.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Andrey Borzenkov
2013-07-14 06:40:38 UTC
Permalink
В Sat, 13 Jul 2013 23:30:11 +0200
Post by lynn
Post by Linda Walsh
Doesn't the time on your machine have to have synchronized with the kerberos
server's time? I'm wondering if everything is in place for kerberos to do
the authentication at boot time.
OMG. Linda, of course. Which is why it works fine on all the other
clients!
Now I am completely confused. You mean that on this client mounting
from /etc/fstab on boot does not work, but manual mounting after boot
does work - still with wrong time offset?
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-14 07:19:00 UTC
Permalink
Post by Andrey Borzenkov
В Sat, 13 Jul 2013 23:30:11 +0200
Post by lynn
Post by Linda Walsh
Doesn't the time on your machine have to have synchronized with the kerberos
server's time? I'm wondering if everything is in place for kerberos to do
the authentication at boot time.
OMG. Linda, of course. Which is why it works fine on all the other
clients!
Now I am completely confused. You mean that on this client mounting
from /etc/fstab on boot does not work, but manual mounting after boot
does work - still with wrong time offset?
Hi
Yes, I see what you mean. The only explanation I can think of is that
ntp was working but only after the tgs call. Which leaves me with the
awful thought that the other clients mount not because of time sync with
the KDC but only because they have their hardware time set correctly in
the first pl1.00ace. Or could it be that it was in the wrong time zone?
Or that the battery is dead? I think I'm going to turn a blind eye
before someone mentions systemd;)

Thanks everyone for your input.
L x
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Andrey Borzenkov
2013-07-14 08:19:24 UTC
Permalink
В Sun, 14 Jul 2013 09:19:00 +0200
Post by lynn
Post by Andrey Borzenkov
В Sat, 13 Jul 2013 23:30:11 +0200
Post by lynn
Post by Linda Walsh
Doesn't the time on your machine have to have synchronized with the kerberos
server's time? I'm wondering if everything is in place for kerberos to do
the authentication at boot time.
OMG. Linda, of course. Which is why it works fine on all the other
clients!
Now I am completely confused. You mean that on this client mounting
from /etc/fstab on boot does not work, but manual mounting after boot
does work - still with wrong time offset?
Hi
Yes, I see what you mean. The only explanation I can think of is that
ntp was working but only after the tgs call. Which leaves me with the
awful thought that the other clients mount not because of time sync with
the KDC but only because they have their hardware time set correctly in
the first pl1.00ace. Or could it be that it was in the wrong time zone?
Or that the battery is dead? I think I'm going to turn a blind eye
before someone mentions systemd;)
In this case you must have some messages from ntpd (or, better, from
sntp that is used to initially set time) that it was doing large time
jumps on startup. Do you have them? Something like

Sep 09 08:04:35 opensuse.site ntp[3730]: 9 Sep 08:04:35 sntp[3751]: Started sntp
Sep 09 08:04:35 opensuse.site ntp[3730]: 2012-09-09 08:04:35.752537 (-0400) -0.26917 +/- 0.032028 secs
Sep 09 08:04:35 opensuse.site ntp[3730]: 2012-09-09 08:04:35.516363 (-0400) -0.00197 +/- 0.031769 secs
Sep 09 08:04:35 opensuse.site ntp[3730]: 2012-09-09 08:04:35.643132 (-0400) -0.00244 +/- 0.000305 secs
Sep 09 08:04:35 opensuse.site ntp[3730]: 2012-09-09 08:04:35.711645 (-0400) +0.005500 +/- 0.040375 secs
Sep 09 08:04:35 opensuse.site ntp[3730]: Time synchronized with ru.pool.ntp.org

Also you could try to boot into run level 1 and verify time at this
point.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-14 10:26:19 UTC
Permalink
Post by Andrey Borzenkov
В Sun, 14 Jul 2013 09:19:00 +0200
Post by lynn
Post by Andrey Borzenkov
В Sat, 13 Jul 2013 23:30:11 +0200
Post by lynn
Post by Linda Walsh
Doesn't the time on your machine have to have synchronized with the kerberos
server's time? I'm wondering if everything is in place for kerberos to do
the authentication at boot time.
OMG. Linda, of course. Which is why it works fine on all the other
clients!
Now I am completely confused. You mean that on this client mounting
from /etc/fstab on boot does not work, but manual mounting after boot
does work - still with wrong time offset?
Hi
Yes, I see what you mean. The only explanation I can think of is that
ntp was working but only after the tgs call. Which leaves me with the
awful thought that the other clients mount not because of time sync with
the KDC but only because they have their hardware time set correctly in
the first pl1.00ace. Or could it be that it was in the wrong time zone?
Or that the battery is dead? I think I'm going to turn a blind eye
before someone mentions systemd;)
In this case you must have some messages from ntpd (or, better, from
sntp that is used to initially set time) that it was doing large time
jumps on startup. Do you have them? Something like
Sep 09 08:04:35 opensuse.site ntp[3730]: 9 Sep 08:04:35 sntp[3751]: Started sntp
Sep 09 08:04:35 opensuse.site ntp[3730]: 2012-09-09 08:04:35.752537 (-0400) -0.26917 +/- 0.032028 secs
Sep 09 08:04:35 opensuse.site ntp[3730]: 2012-09-09 08:04:35.516363 (-0400) -0.00197 +/- 0.031769 secs
Sep 09 08:04:35 opensuse.site ntp[3730]: 2012-09-09 08:04:35.643132 (-0400) -0.00244 +/- 0.000305 secs
Sep 09 08:04:35 opensuse.site ntp[3730]: 2012-09-09 08:04:35.711645 (-0400) +0.005500 +/- 0.040375 secs
Sep 09 08:04:35 opensuse.site ntp[3730]: Time synchronized with ru.pool.ntp.org
Also you could try to boot into run level 1 and verify time at this
point.
There's something wrong:

2013-07-14T11:08:59.869841+01:00 catral boot.local[1109]: ntp.service
loaded inactive dead LSB: Network time protocol daemon
(ntpd)

I think the only reason it's working is because I set the correct time
in hardware somehow whilst I was messing around with ntp in yast. i.e. it's working because it isn't using ntp.

Here is the log on the KDC:

2013-07-14T11:30:28.158286+02:00 hh16 systemd[1]: Starting LSB: Network
time protocol daemon (ntpd)...
2013-07-14T11:30:28.685173+02:00 hh16 ntpd[1080]: ntpd ***@1.2349-o
Fri Mar 1 11:32:34 UTC 2013 (1)
2013-07-14T11:30:28.692077+02:00 hh16 ntp[1046]: Starting network time
protocol daemon (NTPD)..done
2013-07-14T11:30:28.692420+02:00 hh16 systemd[1]: Started LSB: Network
time protocol daemon (ntpd).
2013-07-14T11:30:28.702504+02:00 hh16 ntpd[1081]: proto: precision =
0.114 usec
2013-07-14T11:30:28.703081+02:00 hh16 ntpd[1081]: ntp_io: estimated max
descriptors: 1024, initial socket boundary: 16
2013-07-14T11:30:28.703682+02:00 hh16 ntpd[1081]: Listen and drop on 0
v4wildcard 0.0.0.0 UDP 123
2013-07-14T11:30:28.704245+02:00 hh16 ntpd[1081]: Listen and drop on 1
v6wildcard :: UDP 123
2013-07-14T11:30:28.704796+02:00 hh16 ntpd[1081]: Listen normally on 2
lo 127.0.0.1 UDP 123
2013-07-14T11:30:28.705367+02:00 hh16 ntpd[1081]: Listen normally on 3
eth0 192.168.1.16 UDP 123
2013-07-14T11:30:28.706749+02:00 hh16 ntpd[1081]: Listen normally on 4
lo ::1 UDP 123
2013-07-14T11:30:28.707965+02:00 hh16 ntpd[1081]: peers refreshed
2013-07-14T11:30:28.708572+02:00 hh16 ntpd[1081]: Listening on routing
socket on fd #21 for interface updates
2013-07-14T11:30:31.322517+02:00 hh16 boot.local[1050]:
var-lib-ntp-proc.mount loaded active
mounted /var/lib/ntp/proc
2013-07-14T11:30:31.330220+02:00 hh16 boot.local[1050]: ntp.service
loaded active running LSB: Network time protocol daemon
(ntpd)

This is working fine. All the Spanish machines work with this time.
e.g., here's the file server:

2013-07-14T11:37:14.609891+02:00 altea ntpd[509]: peers refreshed
2013-07-14T11:37:14.736518+02:00 altea ntpd[509]: Listening on routing
socket on fd #22 for interface updates

On the problem client, I used Yast to 'Now and on Boot' for ntp:

2013-07-14T10:44:06.286439+01:00 catral sntp[1247]: Started sntp
2013-07-14T10:44:06.308130+01:00 catral sntp[1247]: kod_init_kod_db():
Cannot open KoD db file /var/db/ntp-kod
2013-07-14T10:44:06.538097+01:00 catral sntp[1250]: Started sntp
2013-07-14T10:44:06.578755+01:00 catral sntp[1250]: Error looking up
(AAAA) 192.168.1.16: Address family for hostname not supported
2013-07-14T10:44:22.983921+01:00 catral sntp[1256]: Started sntp
2013-07-14T10:44:23.078058+01:00 catral sntp[1256]: Error looking up (A)
ntp.hh3.site: Name or service not known
2013-07-14T10:44:23.253676+01:00 catral sntp[1259]: Started sntp
2013-07-14T10:44:23.274654+01:00 catral sntp[1259]: Error looking up
(AAAA) ntp.hh3.site: Name or service not known
2013-07-14T10:44:32.245859+01:00 catral sntp[1263]: Started sntp
2013-07-14T10:44:32.425933+01:00 catral sntp[1266]: Started sntp
2013-07-14T10:44:32.438542+01:00 catral sntp[1266]: Error looking up
(AAAA) 192.168.1.16: Address family for hostname not supported
2013-07-14T10:47:43.038770+01:00 catral sntp[1297]: Started sntp
2013-07-14T10:47:59.224708+01:00 catral systemd[1]: Starting LSB:
Network time protocol daemon (ntpd)...
2013-07-14T10:47:59.655017+01:00 catral ntpd[1349]: ntpd
***@1.2349-o Fri Mar 1 11:32:25 UTC 2013 (1)
2013-07-14T10:47:59.665276+01:00 catral ntpd[1350]: proto: precision =
2.217 usec
2013-07-14T10:47:59.681385+01:00 catral ntp[1331]: Starting network time
protocol daemon (NTPD)..done
2013-07-14T10:47:59.700763+01:00 catral systemd[1]: Started LSB: Network
time protocol daemon (ntpd).
2013-07-14T10:47:59.725546+01:00 catral ntpd[1350]: ntp_io: estimated
max descriptors: 1024, initial socket boundary: 16
2013-07-14T10:47:59.731827+01:00 catral ntpd[1350]: Listen and drop on 0
v4wildcard 0.0.0.0 UDP 123
2013-07-14T10:47:59.765390+01:00 catral ntpd[1350]: Listen and drop on 1
v6wildcard :: UDP 123
2013-07-14T10:47:59.781972+01:00 catral ntpd[1350]: Listen normally on 2
lo 127.0.0.1 UDP 123
2013-07-14T10:47:59.798260+01:00 catral ntpd[1350]: Listen normally on 3
eth0 192.168.1.101 UDP 123
2013-07-14T10:47:59.839459+01:00 catral ntpd[1350]: Listen normally on 4
lo ::1 UDP 123
2013-07-14T10:47:59.866824+01:00 catral ntpd[1350]: Listen normally on 5
eth0 fe80::a00:27ff:fe7f:8e13 UDP 123
2013-07-14T10:47:59.873397+01:00 catral ntpd[1350]: peers refreshed
2013-07-14T10:47:59.891603+01:00 catral ntpd[1350]: Listening on routing
socket on fd #22 for interface updates

Why is it an hour slow? If I disable ntp, I get the correct time.

I can now boot the cifs from fstab but users can't access it after it's
booted unless I turn off ntp and reboot. They can't authenticate because
of the clock skew or whatever Kerberos calls it.

The time zone is wrong. The time is wrong. It was installed in UK. It's
now in Spain. Why doesn't the ntp server tell it where it is?

The Spanish boxes are fine. I tested one by deliberately setting the
time wrong using date. Not only was the time correct, but the cifs
shares got mounted too which suggests that systemd has indeed got the
boot order correct and ntp is up before it hits the cifs lines in fstab.

I can remember a map of the world screen in Yast installation and
various time options. If I could get back to that, I'd probably be able
to solve this. Is the only way to change the region of a machine by
reinstalling?

Thanks for your patience.
L x
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Carlos E. R.
2013-07-14 13:03:00 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Sunday, 2013-07-14 at 12:26 +0200, lynn wrote:

...
Post by lynn
2013-07-14T10:44:06.286439+01:00 catral sntp[1247]: Started sntp
2013-07-14T10:44:06.308130+01:00 catral sntp[1247]: kod_init_kod_db(): Cannot open KoD db file /var/db/ntp-kod
2013-07-14T10:44:06.538097+01:00 catral sntp[1250]: Started sntp
2013-07-14T10:44:06.578755+01:00 catral sntp[1250]: Error looking up (AAAA) 192.168.1.16: Address family for hostname not supported
Isn't four 'A' used for IPv6?
Post by lynn
2013-07-14T10:44:22.983921+01:00 catral sntp[1256]: Started sntp
2013-07-14T10:44:23.078058+01:00 catral sntp[1256]: Error looking up (A) ntp.hh3.site: Name or service not known
You have a DNS problem there, or you stated the wrong site.
Post by lynn
2013-07-14T10:44:23.253676+01:00 catral sntp[1259]: Started sntp
2013-07-14T10:44:23.274654+01:00 catral sntp[1259]: Error looking up (AAAA) ntp.hh3.site: Name or service not known
2013-07-14T10:44:32.245859+01:00 catral sntp[1263]: Started sntp
2013-07-14T10:44:32.425933+01:00 catral sntp[1266]: Started sntp
2013-07-14T10:44:32.438542+01:00 catral sntp[1266]: Error looking up (AAAA) 192.168.1.16: Address family for hostname not supported
2013-07-14T10:47:43.038770+01:00 catral sntp[1297]: Started sntp
2013-07-14T10:47:59.224708+01:00 catral systemd[1]: Starting LSB: Network time protocol daemon (ntpd)...
2013-07-14T10:47:59.665276+01:00 catral ntpd[1350]: proto: precision = 2.217 usec
2013-07-14T10:47:59.681385+01:00 catral ntp[1331]: Starting network time protocol daemon (NTPD)..done
2013-07-14T10:47:59.700763+01:00 catral systemd[1]: Started LSB: Network time protocol daemon (ntpd).
2013-07-14T10:47:59.725546+01:00 catral ntpd[1350]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
2013-07-14T10:47:59.731827+01:00 catral ntpd[1350]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
2013-07-14T10:47:59.765390+01:00 catral ntpd[1350]: Listen and drop on 1 v6wildcard :: UDP 123
2013-07-14T10:47:59.781972+01:00 catral ntpd[1350]: Listen normally on 2 lo 127.0.0.1 UDP 123
2013-07-14T10:47:59.798260+01:00 catral ntpd[1350]: Listen normally on 3 eth0 192.168.1.101 UDP 123
2013-07-14T10:47:59.839459+01:00 catral ntpd[1350]: Listen normally on 4 lo ::1 UDP 123
2013-07-14T10:47:59.866824+01:00 catral ntpd[1350]: Listen normally on 5 eth0 fe80::a00:27ff:fe7f:8e13 UDP 123
2013-07-14T10:47:59.873397+01:00 catral ntpd[1350]: peers refreshed
2013-07-14T10:47:59.891603+01:00 catral ntpd[1350]: Listening on routing socket on fd #22 for interface updates
Why is it an hour slow? If I disable ntp, I get the correct time.
Where do you see above that it is an hour slow?

Is that log for a machine in Spain? The locale is wrong.
Post by lynn
The time zone is wrong. The time is wrong. It was installed in UK. It's
now in Spain. Why doesn't the ntp server tell it where it is?
The ntp server does not care where it is placed, because it always use UTC
time. It is you who cares where you (not the machine) is, and you have not
told the system that the local time is for Spain, not the UK.
Post by lynn
I can remember a map of the world screen in Yast installation and
various time options. If I could get back to that, I'd probably be able
to solve this. Is the only way to change the region of a machine by
reinstalling?
YaST --> date and time settings. The map is there.

Or simply edit "/etc/sysconfig/clock", the entry:

TIMEZONE="Europe/Madrid"
DEFAULT_TIMEZONE="Europe/Madrid"


But then you have to run something that does what SuSEconfig did, but it
was deprecated and I don't know what replaces it now.

- --
Cheers,
Carlos E. R.
(from 12.3 x86_64 "Dartmouth" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlHioYQACgkQtTMYHG2NR9WIMACfRCTj32NLmmRs6TbBfWcz802R
Y+MAniCRq5+nUi4Tcd2n5z9HSFqq8ZXQ
=2Fyy
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-14 15:34:22 UTC
Permalink
Post by Carlos E. R.
...
Post by lynn
2013-07-14T10:44:06.286439+01:00 catral sntp[1247]: Started sntp
2013-07-14T10:44:06.308130+01:00 catral sntp[1247]: kod_init_kod_db(): Cannot open KoD db file /var/db/ntp-kod
2013-07-14T10:44:06.538097+01:00 catral sntp[1250]: Started sntp
2013-07-14T10:44:06.578755+01:00 catral sntp[1250]: Error looking up (AAAA) 192.168.1.16: Address family for hostname not supported
Isn't four 'A' used for IPv6?
Post by lynn
2013-07-14T10:44:22.983921+01:00 catral sntp[1256]: Started sntp
2013-07-14T10:44:23.078058+01:00 catral sntp[1256]: Error looking up (A) ntp.hh3.site: Name or service not known
You have a DNS problem there, or you stated the wrong site.
Post by lynn
2013-07-14T10:44:23.253676+01:00 catral sntp[1259]: Started sntp
2013-07-14T10:47:59.891603+01:00 catral ntpd[1350]: Listening on routing socket on fd #22 for interface updates
Why is it an hour slow? If I disable ntp, I get the correct time.
Where do you see above that it is an hour slow?
If you look at the KDC log and the file server log, they are both an
hour ahead, give or take the few minutes it takes for me to get at them
to include in the post.
Post by Carlos E. R.
Is that log for a machine in Spain? The locale is wrong.
The machine is in Spain. It was installed and configured in UK.
Post by Carlos E. R.
Post by lynn
The time zone is wrong. The time is wrong. It was installed in UK. It's
now in Spain. Why doesn't the ntp server tell it where it is?
The ntp server does not care where it is placed, because it always use UTC
time. It is you who cares where you (not the machine) is, and you have not
told the system that the local time is for Spain, not the UK.
The time on the client has to be within 300s of the KDC. That's all I'm
asking for. The computer is in Spain. I have set ntp using Yast to the
IP of the KDC. It says that it 'responds correctly' OWTTE. The KDC gets
its time once a day or so from a human being as it can't connect to the
'net.
Post by Carlos E. R.
Post by lynn
I can remember a map of the world screen in Yast installation and
various time options. If I could get back to that, I'd probably be able
to solve this. Is the only way to change the region of a machine by
reinstalling?
YaST --> date and time settings. The map is there.
OK. I found it. I set the time correctly, but now it's 2 hours slow. No
matter what time I put, it's always 1 or 2 hours slow of the time I've
set. Here is the map with my last attempt at nailing this:
Loading Image...
I set the time to 17:10 (the correct time now in Spain). As soon as I
click OK to get back to the map, it now tells me it's 2 hours earlier.
If I set the time 2 hours ahead then it shows the correct time but of
course Kerberos won't have it.

What do I have to do to tell the box that it is now in Spain and not in
London? I think the answer is, you can't do it. It would have been far
less hassle just reinstalling the thing.
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Carlos E. R.
2013-07-14 16:00:30 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by lynn
Post by Carlos E. R.
YaST --> date and time settings. The map is there.
OK. I found it. I set the time correctly, but now it's 2 hours slow. No
matter what time I put, it's always 1 or 2 hours slow of the time I've
https://dl.dropboxusercontent.com/u/45150875/map.png
I set the time to 17:10 (the correct time now in Spain). As soon as I
click OK to get back to the map, it now tells me it's 2 hours earlier.
If I set the time 2 hours ahead then it shows the correct time but of
course Kerberos won't have it.
What do I have to do to tell the box that it is now in Spain and not in
London? I think the answer is, you can't do it. It would have been far
less hassle just reinstalling the thing.
I think you have not your ideas about time in order :-P


Ok, run these and paste it all here.

date --rfc-3339=seconds
date --utc
hwclock --debug

And also tell me your wall clock.

- --
Cheers,
Carlos E. R.
(from 12.3 x86_64 "Dartmouth" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlHiyx4ACgkQtTMYHG2NR9U4QwCbB82rGwHirsPLZrAG9h3oqEff
3ZwAnA6SrftSwl/QnmiVbulR/vsHwSHS
=+pay
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-14 19:28:14 UTC
Permalink
Post by Carlos E. R.
I think you have not your ideas about time in order :-P
Ok, run these and paste it all here.
date --rfc-3339=seconds
date --rfc-3339=seconds
2013-07-14 19:23:47+02:00
Post by Carlos E. R.
date --utc
date --utc
dom jul 14 17:24:36 UTC 2013
Post by Carlos E. R.
hwclock --debug
hwclock --debug
hwclock de util-linux 2.21.2
Utilizando /dev interface to clock.
Último ajuste de desfase realizado 0 segundos después de 1969
Última calibración realizada 0 segundos después de 1969
El reloj de hardware tiene la hora local
Se presupone que el reloj de hardware tiene la hora local.
Esperando señal de reloj...
...recibida señal de reloj
Hora leída del reloj de hardware: 2013/07/14 19:25:32
Hora del reloj de hardware: 2013/07/14 19:25:32 = 1373822732 segundos
desde 1969
dom 14 jul 2013 19:25:32 CEST -0.086636 segundos
Post by Carlos E. R.
And also tell me your wall clock.
Casi las 21:30

Saludos
L x
Post by Carlos E. R.
--
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Carlos E. R.
2013-07-14 20:29:30 UTC
Permalink
Post by Carlos E. R.
Post by Carlos E. R.
Ok, run these and paste it all here.
I prefer seeing the prompts et all in the screen captures. I'ts clearer
for me.
Post by Carlos E. R.
date --rfc-3339=seconds
2013-07-14 19:23:47+02:00
date --utc
dom jul 14 17:24:36 UTC 2013
hwclock --debug
hwclock de util-linux 2.21.2
Utilizando /dev interface to clock.
Último ajuste de desfase realizado 0 segundos después de 1969
Última calibración realizada 0 segundos después de 1969
El reloj de hardware tiene la hora local
Se presupone que el reloj de hardware tiene la hora local.
Esperando señal de reloj...
...recibida señal de reloj
Hora leída del reloj de hardware: 2013/07/14 19:25:32
Hora del reloj de hardware: 2013/07/14 19:25:32 = 1373822732 segundos
desde 1969
dom 14 jul 2013 19:25:32 CEST -0.086636 segundos
Post by Carlos E. R.
And also tell me your wall clock.
Casi las 21:30
Ok, ntp is not working there. Run this:


minas-tirith:~ # export LANG=en_US.UTF-8 # <=== Yes, we want this ;-)
minas-tirith:~ # rcntp ntptimeset
14 Jul 22:14:09 sntp[24250]: Started sntp
2013-07-14 22:14:15.317304 (-0100) +64.844103 +/- 0.078217 secs
2013-07-14 22:15:20.575671 (-0100) +0.166475 +/- 0.021225 secs
2013-07-14 22:15:20.830866 (-0100) -0.170358 +/- 0.096390 secs
Time synchronized with 0.pool.ntp.org
minas-tirith:~ #


That is on 11.4 using systemv, but 12.3 has the same syntax:


Telcontar:~ # export LANG=en_US.UTF-8
Telcontar:~ # rcntp ntptimeset
14 Jul 22:16:39 sntp[19244]: Started sntp
2013-07-14 22:16:40.037081 (-0100) +0.259999 +/- 0.022415 secs
2013-07-14 22:16:40.386063 (-0100) -0.266566 +/- 0.097595 secs
14 Jul 22:16:50 sntp[19244]: Received no useable packet from 46.19.36.161!
Time synchronized with 0.pool.ntp.org
Telcontar:~ #


Then:

minas-tirith:~ # date --rfc-3339=seconds ; date --utc ; echo; hwclock --debug
2013-07-14 22:20:05+02:00
Sun Jul 14 20:20:05 UTC 2013

hwclock from util-linux 2.19
Using /dev interface to clock.
Last drift adjustment done at 1373657971 seconds after 1969
Last calibration done at 1373657971 seconds after 1969
Hardware clock is on UTC time
Assuming hardware clock is kept in UTC time.
Waiting for clock tick...
...got clock tick
Time read from Hardware Clock: 2013/07/14 20:19:03
Hw clock time : 2013/07/14 20:19:03 = 1373833143 seconds since 1969
2013-07-14T22:19:03 CEST -0.079896 seconds
minas-tirith:~ #



Question: why is that computer having the cmos clock in local time? Are
you double booting to Windows? If the answer is "no", then put that
computer cmos clock on UTC ASAP.



- --
Cheers,
Carlos E. R.
(from 12.3 x86_64 "Dartmouth" at Telcontar)
lynn
2013-07-14 22:27:34 UTC
Permalink
Post by Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Carlos E. R.
Post by Carlos E. R.
Ok, run these and paste it all here.
I prefer seeing the prompts et all in the screen captures. I'ts clearer
for me.
Post by Carlos E. R.
date --rfc-3339=seconds
2013-07-14 19:23:47+02:00
date --utc
dom jul 14 17:24:36 UTC 2013
hwclock --debug
hwclock de util-linux 2.21.2
Utilizando /dev interface to clock.
Último ajuste de desfase realizado 0 segundos después de 1969
Última calibración realizada 0 segundos después de 1969
El reloj de hardware tiene la hora local
Se presupone que el reloj de hardware tiene la hora local.
Esperando señal de reloj...
...recibida señal de reloj
Hora leída del reloj de hardware: 2013/07/14 19:25:32
Hora del reloj de hardware: 2013/07/14 19:25:32 = 1373822732 segundos
desde 1969
dom 14 jul 2013 19:25:32 CEST -0.086636 segundos
Post by Carlos E. R.
And also tell me your wall clock.
Casi las 21:30
minas-tirith:~ # export LANG=en_US.UTF-8 # <=== Yes, we want this ;-)
minas-tirith:~ # rcntp ntptimeset
14 Jul 22:14:09 sntp[24250]: Started sntp
2013-07-14 22:14:15.317304 (-0100) +64.844103 +/- 0.078217 secs
2013-07-14 22:15:20.575671 (-0100) +0.166475 +/- 0.021225 secs
2013-07-14 22:15:20.830866 (-0100) -0.170358 +/- 0.096390 secs
Time synchronized with 0.pool.ntp.org
minas-tirith:~ #
Telcontar:~ # export LANG=en_US.UTF-8
Telcontar:~ # rcntp ntptimeset
14 Jul 22:16:39 sntp[19244]: Started sntp
2013-07-14 22:16:40.037081 (-0100) +0.259999 +/- 0.022415 secs
2013-07-14 22:16:40.386063 (-0100) -0.266566 +/- 0.097595 secs
14 Jul 22:16:50 sntp[19244]: Received no useable packet from 46.19.36.161!
Time synchronized with 0.pool.ntp.org
Telcontar:~ #
minas-tirith:~ # date --rfc-3339=seconds ; date --utc ; echo; hwclock --debug
2013-07-14 22:20:05+02:00
Sun Jul 14 20:20:05 UTC 2013
hwclock from util-linux 2.19
Using /dev interface to clock.
Last drift adjustment done at 1373657971 seconds after 1969
Last calibration done at 1373657971 seconds after 1969
Hardware clock is on UTC time
Assuming hardware clock is kept in UTC time.
Waiting for clock tick...
...got clock tick
Time read from Hardware Clock: 2013/07/14 20:19:03
Hw clock time : 2013/07/14 20:19:03 = 1373833143 seconds since 1969
2013-07-14T22:19:03 CEST -0.079896 seconds
minas-tirith:~ #
Question: why is that computer having the cmos clock in local time? Are
you double booting to Windows? If the answer is "no", then put that
computer cmos clock on UTC ASAP.
No. There is no double booting. You either have a 12.3 client or you
have a win7 client. I checked 'Reloj de hardware establecido en UTC'
under the Yast map.

How does this look?

catral:~ # export LANG=en_US.UTF-8 catral:~ # export LANG=en_US.UTF-8

catral:~ # rcntp ntptimeset
14 Jul 23:47:49 sntp[6654]: Started sntp
2013-07-14 23:47:50.007974 (-0100) +0.000083 +/- 0.116409 secs
Time synchronized with 192.168.1.16
Sun 14 Jul 2013 11:48:17 PM CEST -0.084480 seconds

catral:~ # date --rfc-3339=seconds ; date --utc ; echo; hwclock --debug
2013-07-14 23:48:42+02:00
Sun Jul 14 21:48:42 UTC 2013
hwclock from util-linux 2.21.2
Using /dev interface to clock.
Last drift adjustment done at 1373838324 seconds after 1969
Last calibration done at 1373838324 seconds after 1969
Hardware clock is on UTC time
Assuming hardware clock is kept in UTC time.
Waiting for clock tick...
...got clock tick
Time read from Hardware Clock: 2013/07/14 21:48:42
Hw clock time : 2013/07/14 21:48:42 = 1373838522 seconds since 1969
Sun 14 Jul 2013 11:48:42 PM CEST -0.295972 seconds

And WAHEYYY, sure enough:
catral:~ # date
dom jul 14 23:50:23 CEST 2013

It survives a reboot and the TGS call to cifs works perfectly. Even
Kerberos is happy::

2013-07-15T00:24:20.757380+02:00 catral cifs.upcall: key description:
cifs.spnego;0;0;3f000000;ver=0x2;host=altea;ip4=192.168.1.100;sec=krb5;uid=0x0;creduid=0x0;user=cifsuser;pid=0x31b5
2013-07-15T00:24:20.766621+02:00 catral cifs.upcall: ver=2
2013-07-15T00:24:20.774420+02:00 catral cifs.upcall: host=altea
2013-07-15T00:24:20.779372+02:00 catral cifs.upcall: ip=192.168.1.100
2013-07-15T00:24:20.782293+02:00 catral cifs.upcall: sec=1
2013-07-15T00:24:20.785109+02:00 catral cifs.upcall: uid=0
2013-07-15T00:24:20.795248+02:00 catral cifs.upcall: creduid=0
2013-07-15T00:24:20.797131+02:00 catral cifs.upcall: user=cifsuser
2013-07-15T00:24:20.798140+02:00 catral cifs.upcall: pid=12725
2013-07-15T00:24:20.799737+02:00 catral cifs.upcall: find_krb5_cc:
scandir error on directory '/run/user/0': No such file or directory
2013-07-15T00:24:20.802137+02:00 catral cifs.upcall: find_krb5_cc:
considering /tmp/krb5cc_0
2013-07-15T00:24:20.803683+02:00 catral cifs.upcall: find_krb5_cc:
FILE:/tmp/krb5cc_0 is valid ccache
2013-07-15T00:24:20.805601+02:00 catral cifs.upcall: handle_krb5_mech:
getting service ticket for altea
2013-07-15T00:24:20.806871+02:00 catral cifs.upcall: handle_krb5_mech:
obtained service ticket
2013-07-15T00:24:20.808225+02:00 catral cifs.upcall: Exit status 0

Thanks,
L x
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Carlos E. R.
2013-07-14 23:49:09 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by lynn
catral:~ # date
dom jul 14 23:50:23 CEST 2013
And it matches your wall clock, right?
Post by lynn
It survives a reboot and the TGS call to cifs works perfectly. Even Kerberos
Ok, then your ntp daemon was running wrong. You will have to keep an eye
on it.


- --
Cheers,
Carlos E. R.
(from 12.3 x86_64 "Dartmouth" at Telcontar)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlHjOQAACgkQtTMYHG2NR9UX2gCfbdZkH607KtzG2BuOKGmkXgzI
RIoAn12HFnBzBxWMjo14wfSEDVNdrlNJ
=HKYB
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
lynn
2013-07-15 06:35:16 UTC
Permalink
Post by Carlos E. R.
Post by lynn
catral:~ # date
dom jul 14 23:50:23 CEST 2013
And it matches your wall clock, right?
Post by lynn
It survives a reboot and the TGS call to cifs works perfectly. Even Kerberos
Ok, then your ntp daemon was running wrong. You will have to keep an eye
on it.
OK. I left it going all night. I destroyed my ticket, rebooted and
logged in again using my domain account. It's close on 8:30 by my watch:
***@catral:~> date
Mon 15 Jul 08:29:42 CEST 2013

The the cifs.upcall has worked and I got a ticket for the file server no
problem at all.
Thanks,
L x
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Carlos E. R.
2013-07-15 07:49:55 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by lynn
Post by Carlos E. R.
Ok, then your ntp daemon was running wrong. You will have to keep an eye
on it.
OK. I left it going all night. I destroyed my ticket, rebooted and
Mon 15 Jul 08:29:42 CEST 2013
The the cifs.upcall has worked and I got a ticket for the file server no
problem at all.
Keep an eye with "rcntp status" now and then. I'm not sure you can keep a
daemon if only one ntp server is defined.

- --
Cheers,
Carlos E. R.
(from 12.3 x86_64 "Dartmouth" at Telcontar)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlHjqbEACgkQtTMYHG2NR9UuMACeOv11Suauq72zbNnXyLy1s4wy
XmgAnj0445JOJxOMiRzqt2OUXy2sJLwj
=h89L
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Ralf Prengel
2013-07-14 08:35:17 UTC
Permalink
Post by Andrey Borzenkov
В Sat, 13 Jul 2013 23:30:11 +0200
Post by lynn
Post by Linda Walsh
Doesn't the time on your machine have to have synchronized with the kerberos
server's time? I'm wondering if everything is in place for kerberos to do
the authentication at boot time.
OMG. Linda, of course. Which is why it works fine on all the other
clients!
Now I am completely confused. You mean that on this client mounting
from /etc/fstab on boot does not work, but manual mounting after boot
does work - still with wrong time offset?
--
Are there any files in /var/run or /var/lock.
I had simlar problems with an debian nfs-share in /etc/fstab.

Ralf--
To unsubscribe, e-mail: opensuse+***@opensuse.org
To contact the owner, e-mail: opensuse+***@opensuse.org
Continue reading on narkive:
Loading...