From: Steve Dickson <SteveD@redhat.com>
To: Filipe Brandenburger <branden@terra.com.br>
Cc: nfs@lists.sourceforge.net
Subject: Re: NFS in kernel 2.6 and Netapp: privileged ports problem
Date: Mon, 25 Jul 2005 03:03:19 -0400 [thread overview]
Message-ID: <42E48EB7.60400@RedHat.com> (raw)
In-Reply-To: <20050721100913.D93F.BRANDEN@terra.com.br>
Filipe Brandenburger wrote:
> I'm having problems when mounting NFS in a Netapp FAS 740 filer on a
> Linux RHAS4 Kernel 2.6 client. The message I get is:
>
> [root@talara ~]# mount -a
> mount: RPC: Authentication error; why = Client credential too weak
Your running out of privileged ports....
The problem is the glibc pmap_getport() routine uses
privileged ports to get ports from portmapper (when TCP
is specified) which is wrong. So these ports end up in
TIME_WAIT, which makes them (temporary) unusable for mounts.
(Do a netstat -an | grep TIME_WAIT and notice all the ports are < 1024).
Now, when a privileged port is not available, a normal port (i.e. >
1023) will be used which will cause the above message.
Note: the glibc is fixed in FC4 and in upcoming RHEL3 and RHEL4
releases.
> Sometimes it works, most times it fails with the message above. If I use
> the same setup above but with RH7.3 Kernel 2.4, it works without a
> problem.
This is because UDP is the default protocol for mounts where as with
later releases TCP is the default.
>
> So I ask:
>
> - Anyone experienced this too?
Yes... see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154678
> - Is there a way on kernel 2.6 to force it to use privileged ports to do
> the mount?
I don't think so...
> - This one is not related to Linux, but anyone knows if it's possible to
> disable the privileged port restriction on the Netapp filer? This would
> be acceptable to me to solve this problem.
You could try adding 'insecure' to your exports options... and
you could also try using UDP mounts by specifying the '-o udp'
mount option.
steved.
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
prev parent reply other threads:[~2005-07-25 7:03 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-07-21 13:19 NFS in kernel 2.6 and Netapp: privileged ports problem Filipe Brandenburger
2005-07-25 7:03 ` Steve Dickson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42E48EB7.60400@RedHat.com \
--to=steved@redhat.com \
--cc=branden@terra.com.br \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox