On 22 Jan 2020, at 4:22, Felix Rubio wrote:
Hi everybody,
I have a kerberized NFSv4 server that is exporting a mountpoint:
/home 10.0.0.0/8(rw,no_subtree_check,sec=krb5:krb5i:krb5p)
if I mount that export with this command on the client, it works as
expected:
/sbin/mount.nfs4 NFS.domain:/home /network/home -o
_netdev,noatime,hard,sec=krb5
However, if I modify the export to be
/home 10.0.0.0/8(rw,no_subtree_check,sec=sys:krb5:krb5i:krb5p)
and I mount that export with sec=sys, as
/sbin/mount.nfs4 NFS.domain:/home /network/home -o
_netdev,noatime,hard,sec=sys
I get the following error:
mount.nfs4: timeout set for Fri Jan 17 14:11:32 2020
mount.nfs4: trying text-based options
'hard,sec=sys,vers=4.1,addr=10.2.2.9,clientaddr=10.2.0.12'
mount.nfs4: mount(2): Operation not permitted
mount.nfs4: Operation not permitted
What might be the reason for this behavior?
Hi Felix,
I don't know. Can you get more information? Try again after `rpcdebug
-m
nfs -s mount`. That will turn up debugging for messages labeled for
mount,
and the output will be in the kernel log. There are other facilities
there,
see rpcdebug(8).
Another good option is getting a network capture of the mount attempt
and
trying to figure out if the server is returning an error, or the client
is
generating the error.
There are also a lot of "nfs", "nfs4", and "rpc" tracepoints you can
enable
to get more information.
Ben