On Mon, Apr 27, 2009 at 2:24 PM, Vallish Vaidyeshwara < Vallish.Vaidyeshwara at sun.com> wrote:
> > >> >> >> Running pfexec mount -F nfs -o vers=3,sec=sys butler:/data /mnt/ still >> gives nfs mount: security mode does not match the server exporting >> butler:/data and the following snoop >> >> 192.168.0.10 -> butler DNS C butler. Internet Addr ? >> butler -> 192.168.0.10 DNS R butler. Internet Addr 192.168.0.1 >> 192.168.0.10 -> butler PORTMAP C GETPORT prog=100005 (MOUNT) vers=3 >> proto=UDP >> butler -> 192.168.0.10 PORTMAP R GETPORT port=44106 >> 192.168.0.10 -> butler MOUNT3 C Null >> butler -> 192.168.0.10 MOUNT3 R Null >> 192.168.0.10 -> butler MOUNT3 C Mount /data >> butler -> 192.168.0.10 MOUNT3 R Mount OK FH=D734 Auth= >> > Hi Andreas, > Hi Vallish, > > NFS server is supposed to be returning client with a list of auth flavors > allowed to access the filesystem. From MOUNT protocol RFC, > > <snip> > If mountres3.fhs_status is MNT3_OK, then > mountres3.mountinfo contains the file handle for the > directory and a list of acceptable authentication > flavors. This file handle may only be used in the NFS > version 3 protocol. > <snip> > > Unfortunately, Gentoo NFS server is returning only file handle and no auth > flavors in the list. > > butler -> 192.168.0.10 MOUNT3 R Mount OK FH=D734 Auth= > > ^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Solaris NFS clients check for this at: > > http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/fs.d/nfs/mount/mount.c#2316 > > I am not too sure about Gentoo Linux. But I believe Gentoo's mountd is not > returning the list of acceptable authentication flavors to client. Have you > modified anything on server? What are the default values on server for > exportfs (/etc/default/nfs equivalent)? Gentoo's mountd should have atleast > returned the default auth flavor, this looks like a bug to me. The man page says that sec=sys is the default. But man pages is not always accurate. I haven't changed any options, and per default most of them are left blank. But I agree that this might be a bug in either Gentoo or the nfs implementation on Linux. I filed a bug with Gentoo, http://bugs.gentoo.org/show_bug.cgi?id=267648 Interesting to see where that takes this. > > > After you explicitly export filesystem with "sec=sys" on server, mountd > sends SYS auth flavor along with the filehandle. This is the reason why > client mounts succeed. With this explicit setting on server, you don't have > to use "-o vers=sys" mount option on client. > Thanks, less to type is nice. > > What is interesting is, how did you start seeing this behavior from snv_111 > onwards? This piece of code has been there in solaris mount_nfs from a long > time. > I used OSOL up till snv_105 and then I went back to Gentoo GNU/Linux and FreeBSD for a while. When I came back ( snv_110 ) nfs was broken. I don't know when it broke, it might have been before I left, but i didn't notice it then. > > Thanks. > -Vallish > Thanks for help so far. Best regards Andreas Nilsson