Re: kerberized NFSv4 client reporting operation not permitted when mounting with sec=sys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 22 Jan 2020, at 4:22, Felix Rubio wrote:

Hi everybody,

I have a kerberized NFSv4 server that is exporting a mountpoint:

    /home 10.0.0.0/8(rw,no_subtree_check,sec=krb5:krb5i:krb5p)

if I mount that export with this command on the client, it works as expected:

/sbin/mount.nfs4 NFS.domain:/home /network/home -o _netdev,noatime,hard,sec=krb5

However, if I modify the export to be

    /home 10.0.0.0/8(rw,no_subtree_check,sec=sys:krb5:krb5i:krb5p)

and I mount that export with sec=sys, as

/sbin/mount.nfs4 NFS.domain:/home /network/home -o _netdev,noatime,hard,sec=sys

I get the following error:

    mount.nfs4: timeout set for Fri Jan 17 14:11:32 2020
mount.nfs4: trying text-based options 'hard,sec=sys,vers=4.1,addr=10.2.2.9,clientaddr=10.2.0.12'
    mount.nfs4: mount(2): Operation not permitted
    mount.nfs4: Operation not permitted

What might be the reason for this behavior?

Hi Felix,

I don't know. Can you get more information? Try again after `rpcdebug -m nfs -s mount`. That will turn up debugging for messages labeled for mount, and the output will be in the kernel log. There are other facilities there,
see rpcdebug(8).

Another good option is getting a network capture of the mount attempt and trying to figure out if the server is returning an error, or the client is
generating the error.

There are also a lot of "nfs", "nfs4", and "rpc" tracepoints you can enable
to get more information.

Ben




[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux