From: Steve Dickson <SteveD@redhat.com>
To: Filipe Brandenburger <branden@terra.com.br>
Cc: nfs@lists.sourceforge.net
Subject: Re: NFS in kernel 2.6 and Netapp: privileged ports problem
Date: Mon, 25 Jul 2005 03:03:19 -0400 [thread overview]
Message-ID: <42E48EB7.60400@RedHat.com> (raw)
In-Reply-To: <20050721100913.D93F.BRANDEN@terra.com.br>
Filipe Brandenburger wrote:
> I'm having problems when mounting NFS in a Netapp FAS 740 filer on a
> Linux RHAS4 Kernel 2.6 client. The message I get is:
>
> [root@talara ~]# mount -a
> mount: RPC: Authentication error; why = Client credential too weak
Your running out of privileged ports....
The problem is the glibc pmap_getport() routine uses
privileged ports to get ports from portmapper (when TCP
is specified) which is wrong. So these ports end up in
TIME_WAIT, which makes them (temporary) unusable for mounts.
(Do a netstat -an | grep TIME_WAIT and notice all the ports are < 1024).
Now, when a privileged port is not available, a normal port (i.e. >
1023) will be used which will cause the above message.
Note: the glibc is fixed in FC4 and in upcoming RHEL3 and RHEL4
releases.
> Sometimes it works, most times it fails with the message above. If I use
> the same setup above but with RH7.3 Kernel 2.4, it works without a
> problem.
This is because UDP is the default protocol for mounts where as with
later releases TCP is the default.
>
> So I ask:
>
> - Anyone experienced this too?
Yes... see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154678
> - Is there a way on kernel 2.6 to force it to use privileged ports to do
> the mount?
I don't think so...
> - This one is not related to Linux, but anyone knows if it's possible to
> disable the privileged port restriction on the Netapp filer? This would
> be acceptable to me to solve this problem.
You could try adding 'insecure' to your exports options... and
you could also try using UDP mounts by specifying the '-o udp'
mount option.
steved.
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
prev parent reply other threads:[~2005-07-25 7:03 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-21 13:19 NFS in kernel 2.6 and Netapp: privileged ports problem Filipe Brandenburger
2005-07-25 7:03 ` Steve Dickson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42E48EB7.60400@RedHat.com \
--to=steved@redhat.com \
--cc=branden@terra.com.br \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.