From: Simo Sorce <simo@redhat.com>
To: Rohit Mehta <rohitm@engr.uconn.edu>
Cc: linux-nfs@vger.kernel.org
Subject: Re: Trouble with kerberized NFS client after upgrading from nfs-utils 1.2.0 to 1.2.5
Date: Fri, 02 Aug 2013 10:23:13 -0400 [thread overview]
Message-ID: <1375453393.15733.255.camel@willson.li.ssimo.org> (raw)
In-Reply-To: <51FBA2FD.7070704@engr.uconn.edu>
On Fri, 2013-08-02 at 08:15 -0400, Rohit Mehta wrote:
> Thanks Simo, I apologize for the copy and paste error. You are
> correct about it being "ldd /usr/sbin/rpc.gssd" command.
>
> The actual error message we get is from the mount command:
> mount.nfs: access denied by server while mounting
> hnas.engr.uconn.edu:/EngrUser/users/rohitm
>
> I got a little more output with mount -v
> root@c27-00:~# mount -vvv hnas.engr.uconn.edu:/EngrUser/users/rohitm
> /foo -o sec=krb5
> mount: fstab path: "/etc/fstab"
> mount: mtab path: "/etc/mtab"
> mount: lock path: "/etc/mtab~"
> mount: temp path: "/etc/mtab.tmp"
> mount: UID: 0
> mount: eUID: 0
> mount: no type was given - I'll assume nfs because of the colon
> mount: spec: "hnas.engr.uconn.edu:/EngrUser/users/rohitm"
> mount: node: "/foo"
> mount: types: "nfs"
> mount: opts: "sec=krb5"
> mount: external mount: argv[0] = "/sbin/mount.nfs"
> mount: external mount: argv[1] =
> "hnas.engr.uconn.edu:/EngrUser/users/rohitm"
> mount: external mount: argv[2] = "/foo"
> mount: external mount: argv[3] = "-v"
> mount: external mount: argv[4] = "-o"
> mount: external mount: argv[5] = "rw,sec=krb5"
> mount.nfs: timeout set for Fri Aug 2 08:04:08 2013
> mount.nfs: trying text-based options
> 'sec=krb5,vers=4,addr=137.99.203.4,clientaddr=137.99.2.29'
> mount.nfs: mount(2): Permission denied
> mount.nfs: access denied by server while mounting
> hnas.engr.uconn.edu:/EngrUser/users/rohitm
>
> So there is unfortunately no more info available from mount command and
> rpc.gssd output did not have any red flags for me. I'm trying to find
> out if there is a way to get more information from the NFS server
> itself, but as of now I'm not sure how to do that.
It looks like you have to look at the server side here.
Bump up rpc.svcgssd (or whatever is used on your server) debug and maybe
even the kernel log with the rpcdebug command and see why it is refusing
your authentication.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
prev parent reply other threads:[~2013-08-02 14:23 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-01 20:46 Trouble with kerberized NFS client after upgrading from nfs-utils 1.2.0 to 1.2.5 Rohit Kumar Mehta
2013-08-01 21:06 ` Simo Sorce
2013-08-02 1:20 ` Rohit Mehta
2013-08-02 2:33 ` Simo Sorce
2013-08-02 12:15 ` Rohit Mehta
2013-08-02 14:23 ` Simo Sorce [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1375453393.15733.255.camel@willson.li.ssimo.org \
--to=simo@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=rohitm@engr.uconn.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).