I'm not sure this is quite the right place to post this query, but the problem is provoked by starting the ipa server so hopefully someone on the list might have encountered and resolved the issue already.

This on a fully updated Redhat 7.2 system.

Once I have my ipa server started I'm finding that non-kerberised nfs4 mounts of a filesystem from a host that is not an ipa client are very slow. Typically it takes 4-5 seconds for the mount operation to complete.

The nfs server is exporting the filesystem with the option sec=sys in /etc/exports.

I testing the mount speed with the mount command (so no autofs involved) and specifying the client address by ipv4 number (so no name lookups).

I can reduce the delay to 2-3 seconds by specifying -o sec=sys on the mount line, but this too is very slow.

The following causes mounts to happen at full speed, ie less than 0.1 sec elapsed:

1) Using mount option -o vers=3 (nfs v3)

2) Turning off the nfs-secure service (stops rpc.gssd)

3) Turning off the ipa server (ipactl stop)

On my Redhat 6.7 testing ipa server the nfsv4 mounts also comlplete in under 0.1 sec so this seems to be an RHEL7 change.

In /var/log/messages there are lots of messages like this:
gssproxy: gssproxy[790]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found

but they come out whether the nfs mounts are slow or quick.

Does anyone else see this or have any ideas on how to speed up the nfs v4 mount on Redhat 7 when the ipa server is running?


Roderick Johnstone

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to