English
Ask Your Question
0

NFS GSS problems on F19

asked 2013-08-22 19:20:54 +0000

dirjud gravatar image

updated 2013-08-23 02:21:55 +0000

I just upgraded an F17 machine to F19 but am having problems getting the NFS server and client working on it. When I try to mount a local export, it times out after a while with message: "AUTH_GSS upcall timed out". It seems either the server or client is trying to use Kerberos. If I start the nfs-secure service, I get error messages about keytab files not being found. I do not want Kerberos with my nfs. I am guessing this is a nfs server configuration issue. How do I disable Kerberos from the nfs-server?

edit retag flag offensive close merge delete

Comments

Just to eliminate firewall: systemctl stop firewalld.service on the server and client. What exactly "times out"? Starting of nfs-server.service is currently broken on Fedora 19: https://bugzilla.redhat.com/show_bug.cgi?id=970595, but if i do systemctl start nfs-server.service manually I'm also getting (a harmless i guess) "AUTH_GSS upcall timed out" in /var/log/messages, when mounting with -overs=4 on the clients, but not when setting the version 3 explicitly: mount -vvvt nfs nfs-server:/opt /root/opt -overs=3. Anyway mount works for me (tried with a simple /etc/exports: /opt nfs-server(rw)).

marcindulak ( 2013-08-25 21:06:21 +0000 )edit

I stopped firewalld and that does not appear to be help:

[root]# mount localhost:/export/home /mnt mount.nfs: access denied by server while mounting localhost:/export/home

And in /var/log/messages I get: Aug 25 19:08:43 borah kernel: [ 266.219988] RPC: AUTH_GSS upcall timed out. Aug 25 19:08:43 borah kernel: [ 266.219988] Please check user daemon is running

dirjud ( 2013-08-26 01:10:09 +0000 )edit

I made some progress on this. It turns out that others machines can mount from this server just fine. It also turns out this machine cannot mount from nfs servers running on other machines. So it seems like a client-side issue. When I try to mount using -overs=3, I get a "Permission denied. access denied by server while mounting..." This is the same whether I try to mount 'localhost' or '192.168.75.5'. It is also the same if I try to mount exports from other servers that used to mount when this machine was running F17. I still can't figure it out, though.

dirjud ( 2013-08-26 04:41:18 +0000 )edit

Try with explicit IPv4 in /etc/exports and exportfs -arv. From your first post I see "this-machine" acts as both client and server, so try to experiment with a simple local configuration (exporting /opt) in order to find out where the setup breaks. I saw reports of problems due to IPv6 https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1058851, but unable to reproduce that. Mounting of home has some additional issues due to selinux http://linux.die.net/man/8/nfs_selinux - clients need: setsebool -P use_nfs_home_dirs 1

marcindulak ( 2013-08-26 09:29:42 +0000 )edit

I am finally able to get this F19 machine to mount both local exports and external exports, but it takes at least 15 seconds to do so. Other machines on the network running older versions of Fedora can mount exports on this F19 machine instantly. So while I can live with the slowness in mounting, it would be nice to get rid of it. I have selinux disabled. I have firewalld disabled. I have experimented with "Sec=sys" and "Sec=none" setting in /etc/nfsmount.conf and it gives permission denied using "Sec=none" but works with "Sec=sys". There are no messages in /var/log/message now.

dirjud ( 2013-08-26 14:25:05 +0000 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2013-08-28 07:48:43 +0000

marcindulak gravatar image

The problem of 15 sec delay when mounting looks like https://bbs.archlinux.org/viewtopic.php?pid=1312879. Interestingly when client and server are separate machines the 15 sec delay is present only at the first mount attempt. I have opened a bug https://bugzilla.redhat.com/show_bug.cgi?id=1001934 and described workarounds there - for me mounting with -overs=3 works without any delay.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Use your votes!

  • Use the 30 daily voting points that you get!
  • Up-vote well framed questions that provide enough information to enable people provide answers.
  • Thank your helpers by up-voting their comments and answers. If a question you asked has been answered, accept the best answer by clicking on the checkbox on the left side of the answer.
  • Down-voting might cost you karma, but you should consider doing so for incorrect or clearly detrimental questions and answers.

Stats

Asked: 2013-08-22 19:20:54 +0000

Seen: 3,420 times

Last updated: Aug 28 '13