#StackBounty: #nfs #kerberos #nfs4 CentOS won't mount CentOS NFS share, but Arch will

Bounty: 50

I’m trying to get kerberized NFSv4 running on our network. Server is CentOS 7. I’m able to mount the share on my Arch Linux workstation, but not our Oracle Linux 7 database servers.

I’m trying to mount from testdb with the command:

mount -v -t nfs4 -o rw,proto=tcp,port=2049,sec=krb5 gs-storage:/dba_work /dba_work

Which returns:

mount.nfs4: timeout set for Fri Aug 31 18:03:00 2018
mount.nfs4: trying text-based options 'proto=tcp,port=2049,sec=krb5,vers=4.1,addr=192.168.5.30,clientaddr=192.168.5.32'
mount.nfs4: mount(2): Permission denied
mount.nfs4: trying text-based options 'proto=tcp,port=2049,sec=krb5,vers=4.0,addr=192.168.5.30,clientaddr=192.168.5.32'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting gs-storage:/dba_work

I’ve used net ads keytab add nfs to create the necessary keytab on both sides. What am I doing wrong? More debugging info follows:

/data          192.168.0.0/16(rw,no_subtree_check,sync,no_root_squash,insecure,sec=krb5:krb5i:krb5p,fsid=0)
/data/dba_work 192.168.0.0/16(rw,no_subtree_check,sync,no_root_squash,insecure,sec=krb5:krb5i:krb5p,fsid=1)

Environment overview:

      Server          Client
      ============================
Name: gs-storage      testdb
IP:   192.168.5.30    192.168.5.32
OS:   Oracle Linux 7  CentOS 7

Here is the /var/log/messages output when mounting, activated using rpcdebug -m nfsd all:

Aug 31 18:00:31 gs-storage kernel: nfsd_dispatch: vers 4 proc 0
Aug 31 18:00:31 gs-storage kernel: nfsd_dispatch: vers 4 proc 1
Aug 31 18:00:31 gs-storage kernel: nfsv4 compound op #1/1: 42 (OP_EXCHANGE_ID)
Aug 31 18:00:31 gs-storage kernel: nfsd4_exchange_id rqstp=ffff9484f90ec000 exid=ffff94886989e0a0 clname.len=20 clname.data=ffff94886636c060 ip_addr=192.168.5.32 flags 103, spa_how 0
Aug 31 18:00:31 gs-storage kernel: renewing client (clientid 5b7b4fbb/058b701b)
Aug 31 18:00:31 gs-storage kernel: nfsd4_exchange_id seqid 0 flags 20001
Aug 31 18:00:31 gs-storage kernel: nfsv4 compound op ffff94886989e080 opcnt 1 #1: 42: status 0
Aug 31 18:00:31 gs-storage kernel: nfsv4 compound returned 0
Aug 31 18:00:31 gs-storage kernel: nfsd_dispatch: vers 4 proc 1
Aug 31 18:00:31 gs-storage kernel: nfsv4 compound op #1/1: 42 (OP_EXCHANGE_ID)
Aug 31 18:00:31 gs-storage kernel: nfsd4_exchange_id rqstp=ffff9484f90ec000 exid=ffff94886989e0a0 clname.len=20 clname.data=ffff94886636c060 ip_addr=192.168.5.32 flags 103, spa_how 0
Aug 31 18:00:31 gs-storage kernel: renewing client (clientid 5b7b4fbb/058b701c)
Aug 31 18:00:31 gs-storage kernel: nfsd4_exchange_id seqid 0 flags 20001
Aug 31 18:00:31 gs-storage kernel: nfsv4 compound op ffff94886989e080 opcnt 1 #1: 42: status 0
Aug 31 18:00:31 gs-storage kernel: nfsv4 compound returned 0
Aug 31 18:00:31 gs-storage kernel: nfsd_dispatch: vers 4 proc 1
Aug 31 18:00:31 gs-storage kernel: nfsv4 compound op #1/1: 43 (OP_CREATE_SESSION)
Aug 31 18:00:31 gs-storage kernel: renewing client (clientid 5b7b4fbb/058b701c)
Aug 31 18:00:31 gs-storage kernel: check_slot_seqid enter. seqid 1 slot_seqid 0
Aug 31 18:00:31 gs-storage kernel: NFSD: move_to_confirm nfs4_client ffff9485b9da1800
Aug 31 18:00:31 gs-storage kernel: renewing client (clientid 5b7b4fbb/058b701c)
Aug 31 18:00:31 gs-storage kernel: renewing client (clientid 5b7b4fbb/058b701c)
Aug 31 18:00:31 gs-storage kernel: nfsv4 compound op ffff94886989e080 opcnt 1 #1: 43: status 0
Aug 31 18:00:31 gs-storage kernel: nfsv4 compound returned 0
Aug 31 18:00:32 gs-storage kernel: nfsd_dispatch: vers 4 proc 1
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound op #1/2: 53 (OP_SEQUENCE)
Aug 31 18:00:32 gs-storage kernel: __find_in_sessionid_hashtbl: 1534807995:93024284:36:0
Aug 31 18:00:32 gs-storage kernel: nfsd4_sequence: slotid 0
Aug 31 18:00:32 gs-storage kernel: check_slot_seqid enter. seqid 1 slot_seqid 0
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound op ffff94886989e080 opcnt 2 #1: 53: status 0
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound op #2/2: 58 (OP_RECLAIM_COMPLETE)
Aug 31 18:00:32 gs-storage kernel: nfsd4_umh_cltrack_upcall: cmd: create
Aug 31 18:00:32 gs-storage kernel: nfsd4_umh_cltrack_upcall: arg: 4c696e7578204e465376342e3120746573746462
Aug 31 18:00:32 gs-storage kernel: nfsd4_umh_cltrack_upcall: env0: NFSDCLTRACK_CLIENT_HAS_SESSION=Y
Aug 31 18:00:32 gs-storage kernel: nfsd4_umh_cltrack_upcall: env1: NFSDCLTRACK_GRACE_START=1534807995
Aug 31 18:00:32 gs-storage kernel: nfsd4_umh_cltrack_upcall: /sbin/nfsdcltrack return value: 0
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound op ffff94886989e080 opcnt 2 #2: 58: status 0
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound returned 0
Aug 31 18:00:32 gs-storage kernel: --> nfsd4_store_cache_entry slot ffff9488417e6000
Aug 31 18:00:32 gs-storage kernel: renewing client (clientid 5b7b4fbb/058b701c)
Aug 31 18:00:32 gs-storage kernel: nfsd_dispatch: vers 4 proc 1
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound op #1/1: 44 (OP_DESTROY_SESSION)
Aug 31 18:00:32 gs-storage kernel: nfsd4_destroy_session: 1534807995:93024284:36:0
Aug 31 18:00:32 gs-storage kernel: __find_in_sessionid_hashtbl: 1534807995:93024284:36:0
Aug 31 18:00:32 gs-storage kernel: NFSD: warning: no callback path to client Linux NFSv4.1 testdb: error -22
Aug 31 18:00:32 gs-storage kernel: renewing client (clientid 5b7b4fbb/058b701c)
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound op ffff94886989e080 opcnt 1 #1: 44: status 0
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound returned 0
Aug 31 18:00:32 gs-storage kernel: nfsd_dispatch: vers 4 proc 1
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound op #1/1: 57 (OP_DESTROY_CLIENTID)
Aug 31 18:00:32 gs-storage kernel: renewing client (clientid 5b7b4fbb/058b701c)
Aug 31 18:00:32 gs-storage kernel: nfsd4_umh_cltrack_upcall: cmd: remove
Aug 31 18:00:32 gs-storage kernel: nfsd4_umh_cltrack_upcall: arg: 4c696e7578204e465376342e3120746573746462
Aug 31 18:00:32 gs-storage kernel: nfsd4_umh_cltrack_upcall: env0: (null)
Aug 31 18:00:32 gs-storage kernel: nfsd4_umh_cltrack_upcall: env1: (null)
Aug 31 18:00:32 gs-storage kernel: nfsd4_umh_cltrack_upcall: /sbin/nfsdcltrack return value: 0
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound op ffff94886989e080 opcnt 1 #1: 57: status 0
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound returned 0
Aug 31 18:00:32 gs-storage kernel: nfsd_dispatch: vers 4 proc 0
Aug 31 18:00:32 gs-storage kernel: nfsd_dispatch: vers 4 proc 1
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound op #1/1: 35 (OP_SETCLIENTID)
Aug 31 18:00:32 gs-storage kernel: renewing client (clientid 5b7b4fbb/058b701d)
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound op ffff94886989e080 opcnt 1 #1: 35: status 0
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound returned 0
Aug 31 18:00:32 gs-storage kernel: nfsd_dispatch: vers 4 proc 1
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound op #1/1: 36 (OP_SETCLIENTID_CONFIRM)
Aug 31 18:00:32 gs-storage kernel: renewing client (clientid 5b7b4fbb/058b701d)
Aug 31 18:00:32 gs-storage kernel: NFSD: move_to_confirm nfs4_client ffff9484f886f000
Aug 31 18:00:32 gs-storage kernel: renewing client (clientid 5b7b4fbb/058b701d)
Aug 31 18:00:32 gs-storage kernel: renewing client (clientid 5b7b4fbb/058b701d)
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound op ffff94886989e080 opcnt 1 #1: 36: status 0
Aug 31 18:00:32 gs-storage kernel: nfsv4 compound returned 0
Aug 31 18:00:32 gs-storage kernel: NFSD: warning: no callback path to client Linux NFSv4.0 192.168.5.32/192.168.5.30 tcp: error -113

Edit: The question marked as a duplicate of this does not fit this circumstance. krb5 is an enabled auth/transport mechanism. In addition, the error in the other question is completely different from in this one.


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.