On Mon, Apr 27, 2009 at 2:24 PM, Vallish Vaidyeshwara <
Vallish.Vaidyeshwara at sun.com> wrote:

>
>
>>
>>
>> Running pfexec  mount -F nfs -o vers=3,sec=sys butler:/data /mnt/ still
>> gives nfs mount: security mode does not match the server exporting
>> butler:/data and the following snoop
>>
>> 192.168.0.10 -> butler       DNS C butler. Internet Addr ?
>>      butler -> 192.168.0.10 DNS R butler. Internet Addr 192.168.0.1
>> 192.168.0.10 -> butler       PORTMAP C GETPORT prog=100005 (MOUNT) vers=3
>> proto=UDP
>>      butler -> 192.168.0.10 PORTMAP R GETPORT port=44106
>> 192.168.0.10 -> butler       MOUNT3 C Null
>>      butler -> 192.168.0.10 MOUNT3 R Null
>> 192.168.0.10 -> butler       MOUNT3 C Mount /data
>>      butler -> 192.168.0.10 MOUNT3 R Mount OK FH=D734 Auth=
>>
> Hi Andreas,
>

Hi Vallish,


>
> NFS server is supposed to be returning client with a list of auth flavors
> allowed to access the filesystem. From MOUNT protocol RFC,
>
> <snip>
> If mountres3.fhs_status is MNT3_OK, then
> mountres3.mountinfo contains the file handle for the
> directory and a list of acceptable authentication
> flavors.  This file handle may only be used in the NFS
> version 3 protocol.
> <snip>
>
> Unfortunately, Gentoo NFS server is returning only file handle and no auth
> flavors in the list.
>
> butler -> 192.168.0.10 MOUNT3 R Mount OK FH=D734 Auth=
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Solaris NFS clients check for this at:
>
> http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/fs.d/nfs/mount/mount.c#2316
>
> I am not too sure about Gentoo Linux. But I believe Gentoo's mountd is not
> returning the list of acceptable authentication flavors to client. Have you
> modified anything on server? What are the default values on server for
> exportfs (/etc/default/nfs equivalent)?  Gentoo's mountd should have atleast
> returned the default auth flavor, this looks like a bug to me.


The man page says that sec=sys is the default. But man pages is not always
accurate.  I haven't changed any options, and per default most of them are
left blank. But I agree that this might be a bug in either Gentoo or the nfs
implementation on Linux. I filed a bug with Gentoo,
http://bugs.gentoo.org/show_bug.cgi?id=267648 Interesting to see where that
takes this.

>
>
> After you explicitly export filesystem with "sec=sys" on server, mountd
> sends  SYS auth flavor along with the filehandle. This is the reason why
>  client mounts succeed. With this explicit setting on server, you don't have
> to use "-o vers=sys" mount option on client.
>

Thanks, less to type is nice.

>
> What is interesting is, how did you start seeing this behavior from snv_111
> onwards? This piece of code has been there in solaris mount_nfs from a long
> time.
>

I used OSOL up till snv_105 and then I went back to Gentoo GNU/Linux and
FreeBSD for a while. When I came back ( snv_110 ) nfs was broken. I don't
know when it broke, it might have been before I left, but i didn't notice it
then.


>
> Thanks.
> -Vallish
>

Thanks for help so far.

Best regards
Andreas Nilsson

Reply via email to