From: "Benjamin Coddington" <bcodding@redhat.com>
To: "Felix Rubio" <felix@kngnt.org>
Cc: linux-nfs@vger.kernel.org
Subject: Re: kerberized NFSv4 client reporting operation not permitted when mounting with sec=sys
Date: Wed, 22 Jan 2020 13:30:24 -0500 [thread overview]
Message-ID: <724CB91C-76AC-425B-BAE3-04887ED5DE73@redhat.com> (raw)
In-Reply-To: <0593b4af8ca3fafbec59655bbb39d2b4@kngnt.org>
On 22 Jan 2020, at 4:22, Felix Rubio wrote:
> Hi everybody,
>
> I have a kerberized NFSv4 server that is exporting a mountpoint:
>
> /home 10.0.0.0/8(rw,no_subtree_check,sec=krb5:krb5i:krb5p)
>
> if I mount that export with this command on the client, it works as
> expected:
>
> /sbin/mount.nfs4 NFS.domain:/home /network/home -o
> _netdev,noatime,hard,sec=krb5
>
> However, if I modify the export to be
>
> /home 10.0.0.0/8(rw,no_subtree_check,sec=sys:krb5:krb5i:krb5p)
>
> and I mount that export with sec=sys, as
>
> /sbin/mount.nfs4 NFS.domain:/home /network/home -o
> _netdev,noatime,hard,sec=sys
>
> I get the following error:
>
> mount.nfs4: timeout set for Fri Jan 17 14:11:32 2020
> mount.nfs4: trying text-based options
> 'hard,sec=sys,vers=4.1,addr=10.2.2.9,clientaddr=10.2.0.12'
> mount.nfs4: mount(2): Operation not permitted
> mount.nfs4: Operation not permitted
>
> What might be the reason for this behavior?
Hi Felix,
I don't know. Can you get more information? Try again after `rpcdebug
-m
nfs -s mount`. That will turn up debugging for messages labeled for
mount,
and the output will be in the kernel log. There are other facilities
there,
see rpcdebug(8).
Another good option is getting a network capture of the mount attempt
and
trying to figure out if the server is returning an error, or the client
is
generating the error.
There are also a lot of "nfs", "nfs4", and "rpc" tracepoints you can
enable
to get more information.
Ben
next prev parent reply other threads:[~2020-01-22 18:30 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-22 9:22 kerberized NFSv4 client reporting operation not permitted when mounting with sec=sys Felix Rubio
2020-01-22 18:30 ` Benjamin Coddington [this message]
2020-01-23 9:03 ` Felix Rubio
2020-01-24 14:45 ` Benjamin Coddington
2020-01-24 16:49 ` Felix Rubio
2020-02-04 19:14 ` Benjamin Coddington
2020-02-05 11:09 ` Felix Rubio
[not found] ` <b0bcd3e608d6fbc05c0751380f6a0e7b@kngnt.org>
[not found] ` <7B337925-F225-4DD7-A8CF-ECBBE1AC7082@redhat.com>
2020-07-02 13:41 ` Felix Rubio
2020-07-02 16:52 ` Dai Ngo
2020-07-02 17:52 ` Felix Rubio
2020-07-06 17:18 ` J. Bruce Fields
2020-07-06 19:57 ` Patrick Goetz
2020-07-06 20:27 ` J. Bruce Fields
2020-07-07 15:10 ` Patrick Goetz
2020-07-07 15:51 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=724CB91C-76AC-425B-BAE3-04887ED5DE73@redhat.com \
--to=bcodding@redhat.com \
--cc=felix@kngnt.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).