I just updated my kernel to the last revision via yast online update. After rebooting, I can no longer mount our krb5 secured nfs shared and I can’t figure out why it is not working, because everything looks ok.
The kernel installed is:
andromeda:~ # uname -a
Linux andromeda 2.6.27.29-0.1-default #1 SMP 2009-08-15 17:53:59 +0200 i686 athlon i386 GNU/Linux
My problem:
andromeda:~ # mount -t nfs4 -o sec=krb5 samurai.so.in.tum.de:/home /homemount.nfs4: an incorrect mount option was specified
I think, all the kernel modules that are needed are present:
The output of rpc.gssd and rpc.idmapd in debug mode is:
andromeda:~ # rpc.gssd -f -vvvvvvvvvvvvvvvv
beginning poll
handling krb5 upcall
Full hostname for 'samurai.so.in.tum.de' is 'samurai.so.in.tum.de'
Full hostname for 'andromeda.so.in.tum.de' is 'andromeda.so.in.tum.de'
Key table entry not found while getting keytab entry for 'root/andromeda.so.in.tum.de@SO.IN.TUM.DE'
Key table entry not found while getting keytab entry for 'nfs/andromeda.so.in.tum.de@SO.IN.TUM.DE'
Success getting keytab entry for 'host/andromeda.so.in.tum.de@SO.IN.TUM.DE'
Successfully obtained machine credentials for principal 'host/andromeda.so.in.tum.de@SO.IN.TUM.DE' stored in ccache 'FILE:/tmp/krb5cc_machine_SO.IN.TUM.DE'
INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SO.IN.TUM.DE' are good until 1251141610
using FILE:/tmp/krb5cc_machine_SO.IN.TUM.DE as credentials cache for machine creds
using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_SO.IN.TUM.DE
creating context using fsuid 0 (save_uid 0)
creating tcp client for server samurai.so.in.tum.de
creating context with server nfs@samurai.so.in.tum.de
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
doing downcall
destroying client clnte
destroying client clntd
destroying client clntc
andromeda:~ # rpc.idmapd -f -vvvvvvvvvvvvvv
rpc.idmapd: libnfsidmap: using domain: so.in.tum.de
rpc.idmapd: libnfsidmap: using translation method: nsswitch
rpc.idmapd: Expiration time is 600 seconds.
rpc.idmapd: nfsdopenone: Opening /proc/net/rpc/nfs4.nametoid/channel failed: errno 2 (No such file or directory)
rpc.idmapd: New client: c
rpc.idmapd: New client: d
rpc.idmapd: Opened /var/lib/nfs/rpc_pipefs/nfs/clntc/idmap
rpc.idmapd: nss_getpwnam: name 'root@so.in.tum.de' domain 'so.in.tum.de': resulting localname 'root'
rpc.idmapd: Client c: (user) name "root@so.in.tum.de" -> id "0"
rpc.idmapd: Client c: (group) name "root@so.in.tum.de" -> id "0"
rpc.idmapd: New client: e
rpc.idmapd: Stale client: e
rpc.idmapd: -> closed /var/lib/nfs/rpc_pipefs/nfs/clnte/idmap
rpc.idmapd: Stale client: c
rpc.idmapd: -> closed /var/lib/nfs/rpc_pipefs/nfs/clntc/idmap
rpc.idmapd: Stale client: d
rpc.idmapd: -> closed /var/lib/nfs/rpc_pipefs/nfs/clntd/idmap
Could anyone please give me a hint on what could possibly be wrong?
I have a similar problem (without Kerberos). Nfsv4 stopped working after kernel upgrade to 2.6.27.29-0.1-default. The config that worked prior to the upgrade has not been changed. After the upgrade it is not possible to mount the nfsv4 share.
Debug output from the client (/proc/sys/sunrpc/nfs_debug):
Aug 25 14:40:05 jodd kernel: NFS: nfs mount opts='clientaddr=x.x.x.x,addr=x.x.x.y'
Aug 25 14:40:05 jodd kernel: NFS: parsing nfs mount option 'clientaddr=x.x.x.x'
Aug 25 14:40:05 jodd kernel: NFS: parsing nfs mount option 'addr=x.x.x.y'
Aug 25 14:40:05 jodd kernel: NFS: parsing IPv4 address x.x.x.y
Aug 25 14:40:05 jodd kernel: NFS: MNTPATH: '/lvm'
Aug 25 14:40:05 jodd kernel: --> nfs4_create_server()
Aug 25 14:40:05 jodd kernel: --> nfs4_init_server()
Aug 25 14:40:05 jodd kernel: --> nfs4_set_client()
Aug 25 14:40:05 jodd kernel: --> nfs_get_client(x.x.y,v4)
Aug 25 14:40:05 jodd kernel: Callback port = 0xc3db
Aug 25 14:40:05 jodd kernel: --> nfs_get_client() = ffff88005fd52400 [new]
Aug 25 14:40:05 jodd kernel: <-- nfs4_set_client() = 0 [new ffff88005fd52400]
Aug 25 14:40:05 jodd kernel: <-- nfs4_init_server() = 0
Aug 25 14:40:05 jodd kernel: --> nfs4_path_walk(,,/)
Aug 25 14:40:05 jodd kernel: encode_compound: tag=
Aug 25 14:40:05 jodd kernel: decode_attr_type: type=02
Aug 25 14:40:05 jodd kernel: decode_attr_change: change attribute=5368486447420538880
Aug 25 14:40:05 jodd kernel: decode_attr_size: file size=4096
Aug 25 14:40:05 jodd kernel: decode_attr_fsid: fsid=(0x0/0x0)
Aug 25 14:40:05 jodd kernel: decode_attr_fileid: fileid=131089
Aug 25 14:40:05 jodd kernel: decode_attr_fs_locations: fs_locations done, error = 0
Aug 25 14:40:05 jodd kernel: decode_attr_mode: file mode=0755
Aug 25 14:40:05 jodd kernel: decode_attr_nlink: nlink=4
Aug 25 14:40:05 jodd kernel: decode_attr_owner: uid=1000
Aug 25 14:40:05 jodd kernel: decode_attr_group: gid=100
Aug 25 14:40:05 jodd kernel: decode_attr_rdev: rdev=(0x0:0x0)
Aug 25 14:40:05 jodd kernel: decode_attr_space_used: space used=4096
Aug 25 14:40:05 jodd kernel: decode_attr_time_access: atime=1250293014
Aug 25 14:40:05 jodd kernel: decode_attr_time_metadata: ctime=1249948155
Aug 25 14:40:05 jodd kernel: decode_attr_time_modify: mtime=1249948155
Aug 25 14:40:05 jodd kernel: decode_attr_mounted_on_fileid: fileid=0
Aug 25 14:40:05 jodd kernel: decode_getfattr: xdr returned 0
Aug 25 14:40:05 jodd kernel: encode_compound: tag=
Aug 25 14:40:06 jodd kernel: decode_attr_supported: bitmask=fcffbfff:00f9be3e
Aug 25 14:40:06 jodd kernel: decode_attr_link_support: link support=true
Aug 25 14:40:06 jodd kernel: decode_attr_symlink_support: symlink support=true
Aug 25 14:40:06 jodd kernel: decode_attr_aclsupport: ACLs supported=3
Aug 25 14:40:06 jodd kernel: decode_server_caps: xdr returned 0!
Aug 25 14:40:06 jodd kernel: encode_compound: tag=
Aug 25 14:40:06 jodd kernel: decode_attr_lease_time: file size=90
Aug 25 14:40:06 jodd kernel: decode_attr_maxfilesize: maxfilesize=18446744073709551615
Aug 25 14:40:06 jodd kernel: decode_attr_maxread: maxread=524288
Aug 25 14:40:06 jodd kernel: decode_attr_maxwrite: maxwrite=524288
Aug 25 14:40:06 jodd kernel: decode_fsinfo: xdr returned 0!
Aug 25 14:40:06 jodd kernel: Next:
Aug 25 14:40:06 jodd kernel: <-- nfs4_path_walk() = 0
Aug 25 14:40:06 jodd kernel: Server FSID: 0:0
Aug 25 14:40:06 jodd kernel: Mount FH: 28
Aug 25 14:40:06 jodd kernel: --> nfs_probe_fsinfo()
Aug 25 14:40:06 jodd kernel: encode_compound: tag=
Aug 25 14:40:06 jodd kernel: decode_attr_supported: bitmask=fcffbfff:00f9be3e
Aug 25 14:40:06 jodd kernel: decode_attr_link_support: link support=true
Hi; I just looked at the problem again and I have the exactly same problem you have; the kerberos part works fine, but the nfs mount fails at exactly the same step.
After your post I also tried to deactivate kerberos entirely and bingo, it also does not work.
The problem seems to root in the nfs_follow_mountpoint.
I tried mounting the nfs4 root of our server and… it succeeded, only the subtree mounts fail:
mount server:/ /mountpoint succeeds
mount server:/home /mountpoint fails with
“mount.nfs4: an incoret mount option was specified”
Bug 534616 seems to be fixed but no patch yet. This is really bad. Why not splitting Kernel rpm in core and driver packages. Probably this would make patches easier to roll out.
What did you do? Roll back to old kernel or applied a patch?
At the moment, I can use another computer (running ubuntu).
If the patch is not rolled out by the start of next week, I will probably have to re-install the computer with a different distribution (we really need to use nfsv4 in our environment and using the previous kernel is not an option due to the local-root-exploit thingie).