On Mon, Apr 27, 2009 at 9:06 AM, Vallish Vaidyeshwara <
Vallish.Vaidyeshwara at sun.com> wrote:
> Andreas Nilsson wrote:
>
>> I have a share exported on GNU/Linux-box (Gentoo) and as described
>> mounting that share on my OSOL snv_111a fails.
>>
>> It fails even if I specify -o vers=3,sec=sys. If i however specify -o
>> vers=2 it works.
>>
>> If i edit the export to include sec=sys on the server it works perfectly.
>>
>>
>>
>
> Hi Andreas,
>
> What you are seeing is the correct behavior. Looks like your earlier share
> on Linux box was exporting filesystem with only ANON mode. Hence OSOL client
> was not able to mount even with explicit "-o vers=3,sec=sys" mount command.
> I am not really sure as to how this worked with "-o vers=2"? Can you please
> send across a snoop output and "nfsstat -m" output on the client for both v3
> and v2 mounts?
>
>
> For my setup i can live with this, but if i bring the OSOL computer to
>> another network where i do not control the nfs server it will be very
>> annoying not being able to mount the shares.
>>
>>
>
> Please see work arounds posted on this thread by FrankB, you don't have to
> have control the server:
>
> <snip>
> 3) on the solaris client side, comment out the 'none' entry from the list
> of supported security flavours in /etc/nfssec.conf
> or
> 4) on the solaris client side, explicitely perform the mount with a
> security flavour
> specified other then sec=none
> <end snip>
>
> OSOL client was earlier broken and was quietly sending SYS authentication
> flavor even for ANON flavors. It is now fixed and what you are seeing is the
> correct behavior. However, there is a discussion to change OSOL client now
> and to make it more intelligent than just picking the first mode from the
> list of security modes returned by Server.
>
> Regards,
> -Vallish
>
> Hello,
I'm no expert with snoop ( never having used it ) but I'll give it a shot.
If something is missing please let me know. I reset the export on the linux
box to what i used to have:
/data 192.168.0.*(rw,sync,no_subtree_check,no_root_squash)
Snoop output is a bit length... As far as i can see it seems that the server
answers with AUTH= whatever i tell the client to use, unless specified in
/etc/exports on the server. When the v3 mount succeeds it seems that it
returns an AUTH=unix
Running pfexec mount -F nfs -o vers=3 butler:/data /mnt/ gives
192.168.0.10 -> butler DNS C butler. Internet Addr ?
butler -> 192.168.0.10 DNS R butler. Internet Addr 192.168.0.1
192.168.0.10 -> butler PORTMAP C GETPORT prog=100005 (MOUNT) vers=3
proto=UDP
butler -> 192.168.0.10 PORTMAP R GETPORT port=44106
192.168.0.10 -> butler MOUNT3 C Null
butler -> 192.168.0.10 MOUNT3 R Null
192.168.0.10 -> butler MOUNT3 C Mount /data
butler -> 192.168.0.10 MOUNT3 R Mount OK FH=D734 Auth=
192.168.0.10 -> butler DNS C 10.0.168.192.in-addr.arpa. Internet PTR ?
butler -> 192.168.0.10 DNS R Error: 3(Name Error)
192.168.0.10 -> butler DNS C 10.0.168.192.in-addr.arpa. Internet PTR ?
butler -> 192.168.0.10 DNS R Error: 3(Name Error)
with no output from nfstat -m
Running pfexec mount -F nfs -o vers=3,sec=sys butler:/data /mnt/ still
gives nfs mount: security mode does not match the server exporting
butler:/data and the following snoop
192.168.0.10 -> butler DNS C butler. Internet Addr ?
butler -> 192.168.0.10 DNS R butler. Internet Addr 192.168.0.1
192.168.0.10 -> butler PORTMAP C GETPORT prog=100005 (MOUNT) vers=3
proto=UDP
butler -> 192.168.0.10 PORTMAP R GETPORT port=44106
192.168.0.10 -> butler MOUNT3 C Null
butler -> 192.168.0.10 MOUNT3 R Null
192.168.0.10 -> butler MOUNT3 C Mount /data
butler -> 192.168.0.10 MOUNT3 R Mount OK FH=D734 Auth=
with no output from nfsstat -m
Running pfexec mount -F nfs -o vers=2 butler:/data /mnt/ succeeds with
mounting and gives the following snoop
192.168.0.10 -> butler DNS C butler. Internet Addr ?
butler -> 192.168.0.10 DNS R butler. Internet Addr 192.168.0.1
192.168.0.10 -> butler PORTMAP C GETPORT prog=100005 (MOUNT) vers=2
proto=UDP
butler -> 192.168.0.10 PORTMAP R GETPORT port=44106
192.168.0.10 -> butler MOUNT2 C Null
butler -> 192.168.0.10 MOUNT2 R Null
192.168.0.10 -> butler MOUNT2 C Mount /data
butler -> 192.168.0.10 MOUNT2 R Mount OK FH=D434
192.168.0.10 -> butler PORTMAP C GETPORT prog=100021 (NLM) vers=1
proto=UDP
butler -> 192.168.0.10 PORTMAP R GETPORT port=46817
192.168.0.10 -> butler NLM C GRANTED1 OH=0000 FH=D434 PID=0 Region=0:0
butler -> 192.168.0.10 NLM R GRANTED1 OH=0000 denied
192.168.0.10 -> butler PORTMAP C GETPORT prog=100003 (NFS) vers=2
proto=TCP
butler -> 192.168.0.10 PORTMAP R GETPORT port=2049
192.168.0.10 -> butler TCP D=2049 S=52417 Syn Seq=1041190478 Len=0
Win=49640 Options=<mss 1460,nop,wscale 0,nop,nop,sackOK>
butler -> 192.168.0.10 TCP D=52417 S=2049 Syn Ack=1041190479
Seq=1009563338 Len=0 Win=5840 Options=<mss 1460,nop,nop,sackOK,nop,wscale 7>
192.168.0.10 -> butler TCP D=2049 S=52417 Ack=1009563339
Seq=1041190479 Len=0 Win=49640
192.168.0.10 -> butler NFS C NULL2
butler -> 192.168.0.10 TCP D=52417 S=2049 Ack=1041190551
Seq=1009563339 Len=0 Win=46
butler -> 192.168.0.10 NFS R NULL2
192.168.0.10 -> butler TCP D=2049 S=52417 Ack=1009563367
Seq=1041190551 Len=0 Win=49640
192.168.0.10 -> butler TCP D=2049 S=52417 Fin Ack=1009563367
Seq=1041190551 Len=0 Win=49640
butler -> 192.168.0.10 TCP D=52417 S=2049 Fin Ack=1041190552
Seq=1009563367 Len=0 Win=46
192.168.0.10 -> butler TCP D=2049 S=52417 Ack=1009563368
Seq=1041190552 Len=0 Win=49640
192.168.0.10 -> butler TCP D=2049 S=1017 Syn Seq=1041392933 Len=0
Win=49640 Options=<mss 1460,nop,wscale 0,nop,nop,sackOK>
butler -> 192.168.0.10 TCP D=1017 S=2049 Syn Ack=1041392934
Seq=1012262520 Len=0 Win=5840 Options=<mss 1460,nop,nop,sackOK,nop,wscale 7>
192.168.0.10 -> butler TCP D=2049 S=1017 Ack=1012262521 Seq=1041392934
Len=0 Win=49640
192.168.0.10 -> butler NFS_ACL C GETATTR2 FH=D434
butler -> 192.168.0.10 TCP D=1017 S=2049 Ack=1041393038 Seq=1012262521
Len=0 Win=46
butler -> 192.168.0.10 NFS_ACL R GETATTR2 OK
192.168.0.10 -> butler TCP D=2049 S=1017 Ack=1012262621 Seq=1041393038
Len=0 Win=49640
192.168.0.10 -> butler NFS C STATFS2 FH=D434
butler -> 192.168.0.10 NFS R STATFS2 OK
192.168.0.10 -> butler TCP D=2049 S=1017 Ack=1012262673 Seq=1041393142
Len=0 Win=49640
192.168.0.10 -> butler NFS C STATFS2 FH=D434
butler -> 192.168.0.10 NFS R STATFS2 OK
192.168.0.10 -> butler TCP D=2049 S=1017 Ack=1012262725 Seq=1041393246
Len=0 Win=49640
192.168.0.10 -> 72.5.123.8 HTTP C port=43101
192.168.0.10 -> butler DNS C 10.0.168.192.in-addr.arpa. Internet PTR ?
butler -> 192.168.0.10 DNS R Error: 3(Name Error)
192.168.0.10 -> butler DNS C 10.0.168.192.in-addr.arpa. Internet PTR ?
butler -> 192.168.0.10 DNS R Error: 3(Name Error)
192.168.0.10 -> butler DNS C 8.123.5.72.in-addr.arpa. Internet PTR ?
butler -> 192.168.0.10 DNS R Error: 3(Name Error)
192.168.0.10 -> butler DNS C 8.123.5.72.in-addr.arpa. Internet PTR ?
butler -> 192.168.0.10 DNS R Error: 3(Name Error)
And this from nfstat -m
/mnt from butler:/data
Flags:
vers=2,proto=tcp,sec=sys,hard,intr,dynamic,acl,rsize=8192,wsize=8192,retrans=5,timeo=600
Attr cache: acregmin=3,acregmax=60,acdirmin=30,acdirmax=60
A snoop from a succesfull v3 mount ( edited the exports on server ) gives
192.168.0.10 -> butler DNS C butler. Internet Addr ?
butler -> 192.168.0.10 DNS R butler. Internet Addr 192.168.0.1
192.168.0.10 -> butler PORTMAP C GETPORT prog=100005 (MOUNT) vers=3
proto=UDP
butler -> 192.168.0.10 PORTMAP R GETPORT port=44106
192.168.0.10 -> butler MOUNT3 C Null
butler -> 192.168.0.10 MOUNT3 R Null
192.168.0.10 -> butler MOUNT3 C Mount /data
butler -> 192.168.0.10 MOUNT3 R Mount OK FH=D734 Auth=unix
192.168.0.10 -> butler PORTMAP C GETPORT prog=100003 (NFS) vers=3
proto=TCP
butler -> 192.168.0.10 PORTMAP R GETPORT port=2049
192.168.0.10 -> butler TCP D=2049 S=42760 Syn Seq=1261078344 Len=0
Win=49640 Options=<mss 1460,nop,wscale 0,nop,nop,sackOK>
butler -> 192.168.0.10 TCP D=42760 S=2049 Syn Ack=1261078345
Seq=2026556873 Len=0 Win=5840 Options=<mss 1460,nop,nop,sackOK,nop,wscale 7>
192.168.0.10 -> butler TCP D=2049 S=42760 Ack=2026556874
Seq=1261078345 Len=0 Win=49640
192.168.0.10 -> butler NFS C NULL3
butler -> 192.168.0.10 TCP D=42760 S=2049 Ack=1261078417
Seq=2026556874 Len=0 Win=46
butler -> 192.168.0.10 NFS R NULL3
192.168.0.10 -> butler TCP D=2049 S=42760 Ack=2026556902
Seq=1261078417 Len=0 Win=49640
192.168.0.10 -> butler TCP D=2049 S=42760 Fin Ack=2026556902
Seq=1261078417 Len=0 Win=49640
butler -> 192.168.0.10 TCP D=42760 S=2049 Fin Ack=1261078418
Seq=2026556902 Len=0 Win=46
192.168.0.10 -> butler TCP D=2049 S=42760 Ack=2026556903
Seq=1261078418 Len=0 Win=49640
192.168.0.10 -> butler TCP D=2049 S=1016 Syn Seq=1261204305 Len=0
Win=49640 Options=<mss 1460,nop,wscale 0,nop,nop,sackOK>
butler -> 192.168.0.10 TCP D=1016 S=2049 Syn Ack=1261204306
Seq=2028277294 Len=0 Win=5840 Options=<mss 1460,nop,nop,sackOK,nop,wscale 7>
192.168.0.10 -> butler TCP D=2049 S=1016 Ack=2028277295 Seq=1261204306
Len=0 Win=49640
192.168.0.10 -> butler NFS C FSINFO3 FH=D734
butler -> 192.168.0.10 TCP D=1016 S=2049 Ack=1261204410 Seq=2028277295
Len=0 Win=46
butler -> 192.168.0.10 NFS R FSINFO3 OK
192.168.0.10 -> butler TCP D=2049 S=1016 Ack=2028277379 Seq=1261204410
Len=0 Win=49640
192.168.0.10 -> butler NFS C GETATTR3 FH=D734
butler -> 192.168.0.10 NFS R GETATTR3 OK
192.168.0.10 -> butler TCP D=2049 S=1016 Ack=2028277495 Seq=1261204514
Len=0 Win=49640
192.168.0.10 -> butler NFS C FSSTAT3 FH=D734
butler -> 192.168.0.10 NFS R FSSTAT3 OK
192.168.0.10 -> butler TCP D=2049 S=1016 Ack=2028277583 Seq=1261204618
Len=0 Win=49640
192.168.0.10 -> butler NFS C GETATTR3 FH=D734
butler -> 192.168.0.10 NFS R GETATTR3 OK
192.168.0.10 -> butler TCP D=2049 S=1016 Ack=2028277699 Seq=1261204722
Len=0 Win=49640
and nfstat -m gives
/mnt from butler:/data
Flags:
vers=3,proto=tcp,sec=sys,hard,intr,link,symlink,acl,rsize=32768,wsize=32768,retrans=5,timeo=600
Attr cache: acregmin=3,acregmax=60,acdirmin=30,acdirmax=60
I tried FrankB's workarounds, but neither worked. Maybe Gentoo has modified
nfs in someway.
Best regards
Andreas Nilsson
