From: "J. Bruce Fields" <bfields@fieldses.org>
To: George Mamalakis <mamalos@eng.auth.gr>
Cc: linux-nfs@vger.kernel.org
Subject: Re: nfsv3 gssapi client?
Date: Fri, 17 Sep 2010 13:43:28 -0400 [thread overview]
Message-ID: <20100917174328.GC25515@fieldses.org> (raw)
In-Reply-To: <4C938F3B.4030604@eng.auth.gr>
On Fri, Sep 17, 2010 at 06:54:35PM +0300, George Mamalakis wrote:
> Hi all,
>
> I have a FreeBSD nfsv3 server that exports a filesystem with
> sec=krb5. Mounting the share with sec=krb5 under a fbsd client works
> fine. I now try to mount it under linux (archlinux, upgraded today)
> using nfs-utils. Heimdal is configured on the linux-box, kinit -k
> linuxclient works fine. I am also able to kinit to my user
> principals from it. When I try to mount the nvsv3 sec=krb5 share, I
> get the following error:
>
> # mount -t nfs -o sec=krb5 fbsdserver:/exports /mnt
>
Was there supposed to be some error output there? Or did the mount just
hang?
> # tail /var/log/messages
> Sep 17 16:05:31 linuxclient rpc.statd[27683]: Version 1.2.2 starting
> Sep 17 16:05:31 linuxclient sm-notify[27684]: Version 1.2.2 starting
> Sep 17 16:05:31 linuxclient sm-notify[27684]: Already notifying
> clients; Exiting!
> Sep 17 16:05:31 linuxclient rpc.statd[27683]: Running as root.
> chown /var/lib/nfs to choose different user
> Sep 17 16:05:31 linuxclient sm-notify[27687]: Version 1.2.2 starting
> Sep 17 16:05:31 linuxclient sm-notify[27687]: Already notifying
> clients; Exiting!
> Sep 17 16:05:53 linuxclient kernel: svc: failed to register lockdv1
> RPC service (errno 111).
> Sep 17 16:05:53 linuxclient kernel: lockd_up: makesock failed, error=-111
> Sep 17 16:05:54 linuxclient kernel: svc: failed to register lockdv1
> RPC service (errno 111).
> Sep 17 16:05:57 linuxclient kernel: svc: failed to register lockdv1
> RPC service (errno 111).
> Sep 17 16:06:01 linuxclient kernel: svc: failed to register lockdv1
> RPC service (errno 111).
111 is ECONNREFUSED. I'm not sure why that's failing. (Should failure
to register lockd fail the whole mount? I thought it would at worst
result in ENOLCK on lock requests?) Do you get better results if you
mount with nolock?
> and it keeps on like this.
>
> My nfs-common.conf reads:
>
> [root@linuxclient ~]# cat /etc/conf.d/nfs-common.conf
> # Parameters to be passed to nfs-common (nfs clients & server) init script.
> #
>
> # If you do not set values for the NEED_ options, they will be attempted
> # autodetected; this should be sufficient for most people. Valid
> alternatives
> # for the NEED_ options are "yes" and "no".
>
> # Do you want to start the statd daemon? It is not needed for NFSv4.
> NEED_STATD=""
>
> # Options to pass to rpc.statd.
> # See rpc.statd(8) for more details.
> # N.B. statd normally runs on both client and server, and run-time
> # options should be specified accordingly.
> # STATD_OPTS="-p 32765 -o 32766"
> STATD_OPTS=""
>
> # Options to pass to sm-notify
> # e.g. SMNOTIFY_OPTS="-p 32764"
> SMNOTIFY_OPTS=""
>
> # Do you want to start the idmapd daemon? It is only needed for NFSv4.
> NEED_IDMAPD=""
>
> # Options to pass to rpc.idmapd.
> # See rpc.idmapd(8) for more details.
> IDMAPD_OPTS="-vvv"
>
> # Do you want to start the gssd daemon? It is required for Kerberos mounts.
> NEED_GSSD="yes"
>
> # Options to pass to rpc.gssd.
> # See rpc.gssd(8) for more details.
> GSSD_OPTS="-vvv"
> #RPCGSSDOPTS="-vvv"
> # Where to mount rpc_pipefs filesystem; the default is
> "/var/lib/nfs/rpc_pipefs".
> PIPEFS_MOUNTPOINT=""
>
> # Options used to mount rpc_pipefs filesystem; the default is "defaults".
> PIPEFS_MOUNTOPTS=""
>
> my rpc processes are:
> [root@linuxclient ~]# ps axuww | grep -i rpc
> root 1228 0.0 0.0 0 0 ? S 14:47 0:00 [rpciod/0]
> root 27670 0.0 0.0 6232 908 ? Ss 16:05 0:00
> /usr/bin/rpcbind
> root 27683 0.0 0.1 6332 1236 ? Ss 16:05 0:00
> /usr/sbin/rpc.statd
> root 27699 0.0 0.1 6264 1180 ? Ss 16:05 0:00
> /usr/sbin/rpc.gssd -vvv
> root 27720 0.0 0.0 3776 476 pts/0 S+ 17:01 0:00
> grep -i rpc
>
> And rpcinfo shows:
> root@linuxclient ~]# rpcinfo
> program version netid address service owner
> 100000 4 tcp6 ::.0.111 portmapper superuser
> 100000 3 tcp6 ::.0.111 portmapper superuser
> 100000 4 udp6 ::.0.111 portmapper superuser
> 100000 3 udp6 ::.0.111 portmapper superuser
> 100000 4 udp 0.0.0.0.0.111 portmapper superuser
> 100000 3 udp 0.0.0.0.0.111 portmapper superuser
> 100000 2 udp 0.0.0.0.0.111 portmapper superuser
> 100000 4 local /var/run/rpcbind.sock portmapper superuser
> 100000 3 local /var/run/rpcbind.sock portmapper superuser
> 100024 1 udp 0.0.0.0.228.144 status superuser
> 100024 1 tcp 0.0.0.0.198.8 status superuser
> [root@linuxclient ~]# rpcinfo -s
> program version(s) netid(s) service owner
> 100000 2,3,4 local,udp,udp6,tcp6 portmapper
> superuser
> 100024 1 tcp,udp status
> superuser
>
> whereas on the fbsd box I have:
> [root@fbsdserver ~]# rpcinfo -s
> program version(s) netid(s) service owner
> 100000 2,3,4 local,udp6,tcp6,udp,tcp rpcbind
> superuser
> 100024 1 tcp,udp,tcp6,udp6 status
> superuser
> 100021 4,3,1,0 tcp,udp,tcp6,udp6 nlockmgr
> superuser
> 100003 3,2 tcp6,tcp,udp6,udp nfs
> superuser
> 100005 3,1 tcp,udp,tcp6,udp6 mountd
> superuser
>
>
> The versions I use are:
> rpcbind-0.2.0-2
> nfs-utils-1.2.2-3
>
> And uname -a shows:
>
> [root@linuxclient ~]# uname -a
> Linux linuxclient 2.6.35-ARCH #1 SMP PREEMPT Fri Aug 27 16:22:18 UTC
> 2010 i686 Intel(R) Xeon(R) CPU E5310 @ 1.60GHz GenuineIntel
> GNU/Linux
>
> Does linux support RPCSEC_GSS security flavors over nvsv3?
Yes, and this is something I test regularly.
> And if
> so, could somebody direct me on how to establish mounting the remote
> share?
Looks like the server advertises ipv6. I wonder if anyone's tested gss
in that case?
--b.
>
> Thank you all for your time and attention in advance,
>
> regards,
>
> mamalos
>
> --
> George Mamalakis
>
> IT Officer
> Electrical and Computer Engineer (Aristotle Un. of Thessaloniki),
> MSc (Imperial College of London)
>
> Department of Electrical and Computer Engineering
> Faculty of Engineering
> Aristotle University of Thessaloniki
>
> phone number : +30 (2310) 994379
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-09-17 17:44 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-17 15:54 nfsv3 gssapi client? George Mamalakis
2010-09-17 17:43 ` J. Bruce Fields [this message]
2010-09-17 18:35 ` Jeff Layton
2010-09-20 9:54 ` George Mamalakis
2010-09-17 18:39 ` Chuck Lever
2010-09-20 9:47 ` George Mamalakis
2010-09-20 14:56 ` J. Bruce Fields
2010-09-20 15:38 ` George Mamalakis
2010-09-20 16:06 ` Kevin Coffman
2010-09-20 16:07 ` J. Bruce Fields
2010-09-21 8:36 ` George Mamalakis
2010-09-21 13:51 ` J. Bruce Fields
2010-09-21 14:40 ` George Mamalakis
-- strict thread matches above, loose matches on Subject: below --
2010-09-21 14:19 George Mamalakis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100917174328.GC25515@fieldses.org \
--to=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
--cc=mamalos@eng.auth.gr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.