Unsolved
This post is more than 5 years old
2 Intern
•
20.4K Posts
5
24170
How to configure NFSv4
Hello guys/gals,
This is my first endeavor into NFSv4 world so i have absolutely no experience where to begin (did some intensive googling prior ). At the moment i am using a virtual appliance, i enabled NFSv4 support, security type left at default (UNIX sys), domain (localdomain). I have created a brand new export to my RHEL 6.5 server and when i try to mount it i get this:
[root@rhel65 ~]# mount -t nfs4 -o proto=tcp isilon.mycompany.com:/ifs/data/nfs/test /mnt
mount.nfs4: access denied by server while mounting isilon.mycompany.com:/ifs/data/nfs/test
the minute i disable NFSv4 support i am able to mount the export. Where do i start folks ?
Thank you
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
June 17th, 2014 13:00
Hi Mark,
nothing in /var/log/nfs.log
markfoster1
22 Posts
0
June 17th, 2014 13:00
Based on your description there is no obvious reason why it should return access denied.
An error should be logged in /var/log/nfs.log on the node you've attempting to mount
Can you share your isi nfs exports list -v
and isi nfs settings global view
akc5247_d7e299
45 Posts
0
June 17th, 2014 14:00
Does the host mounted have a rsize/ wsize restriction? Asking since NFS v4 is very temperamental. And, probably can check if jumbo frames are turned on (off by default)
Can you change rsize and wsize - on the host - will need to unmount the share and remount for this to take effect. I usually try with 32768 for this with NFSv4 and it comes up good some times.
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
June 17th, 2014 18:00
no jumbo frames, tried with rsize 32768 but no dice
[root@ ~]# mount -t nfs4 -o proto=tcp,rsize=32768,wsize=32768 isilon:/ifs/data/w2isilonpoc/nfs/sph /mnt
mount.nfs4: access denied by server while mounting isilon:/ifs/data/w2isilonpoc/nfs/sph
akc5247_d7e299
45 Posts
1
June 17th, 2014 19:00
Ok, at least we can cross that option as tried.
What does /etc/exports show on the host?
Is that mount a hard or a soft mount?
Can you check /etc/fstab for verification?
Can you stop and restart the NFS service?
In the meantime, can you unmount and remount the share on the host?
Also, can you try these couple of other options - all on the host?
/etc/idmap.conf to see if it includes "localdomain" in its end as well
I am sure you already have, but please check for some more settings on the host from here - nfsv4 mounts files as nobody and here christopherBANCK: configuring Isilon for kerberized NFSv4
Also, from the RHEL notes (6.5 Technical Notes), this might be something to check as well -
nfsd.nfs4_disable_idmapping
The default value of this parameter is 0. When set to 1, NFSv4 server returns only numeric user IDs (UIDs) and group IDs (GIDs) to clients using AUTH_SYS mode, and will accept numeric UIDs and GIDs from such clients. This facilitates migration from NFS version 2 to NFS version 3.
Peter_Sero
1.2K Posts
0
June 17th, 2014 19:00
w2isilonpoc-3# isi nfs settings global view
NFSv4 Domain: localdomain
Does this match the NFSv4 domain setting on the client?
Peter_Sero
1.2K Posts
0
June 17th, 2014 20:00
man idmapd.conf
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
June 17th, 2014 20:00
Peter,
where do i configure NFSv4 domain name on the client ? (RHEL 6.5)
Peter_Sero
1.2K Posts
0
June 17th, 2014 21:00
Just plain works with OneFS 6.5 and RHEL4+5.
Tested (again right now), though not used in production (no HA).
Will check with OneFS 7.1 on virtual nodes later.
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
June 17th, 2014 21:00
Thank you Peter
so i set it to localdomain and bounced the server, still not working. There must be additional configuration on the client that i am missing ?
[root@~]# cat /etc/idmapd.conf
[General]
#Verbosity = 0
# The following should be set to the local NFSv4 domain name
# The default is the host's DNS domain name.
#Domain = local.domain.edu
Domain = localdomain
Peter_Sero
1.2K Posts
0
June 18th, 2014 09:00
Works fine with virtual OneFS 7.1.0.1 (essentially same settings as yours) and Mac OSX 10.9.3 client.
Have you tried different types of clients?
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
June 18th, 2014 12:00
did you configure any user mapping on Isilon or any other configuration in idmapd.conf on the client ? I have not tried any other clients.
Peter_Sero
1.2K Posts
0
June 18th, 2014 23:00
Absolutely nothing... These where only some simple tests with NFSv4,
never intended for production.
We are using the same LDAP service for clients and Isilon.
(The 7.1 test was done on a Laptop without networked accounts).
As it works right out of the box for quite different setups,
why not start over from scratch on other gear...
There might be an issue that has been out of sight so far,
like typo in IPs, firewall, export confusion with NAT, VM network config...
Did you notice that you tried to mount /ifs/data/nfs/test /mnt
but the export you showed is for /ifs/data/w2isilonpoc/nfs/sph
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
June 19th, 2014 05:00
no firewalls, no typos ..NFSv4 gets disabled and mount the export without any issues. The path is different because in the first post because i changed in the post before i hit "Post", i was too lazy to change it in the output from isi nfs exports list.
pwjackson
11 Posts
0
June 19th, 2014 08:00
Dynamox,
I've spent a lot of time trying to get NFSv4 working (particularly with Kerberos). What I've found helpful in the past is to run a tcpdump on your client (filtering for the host) to see what exactly is happening (type of authorization mechanism, etc.)
Here's an example (run in a separate connection):
/usr/sbin/tcpdump host isilonIPaddress -s0 -vv -w /home/admin/capture.pcap
Keep in mind that you might not know which IP address that your client will receive from Isilon so you might want to leave the "host isilonIPaddress" part out although that will increase your capture.