Isilon, Kerberos and NFS - file privileges not working

Question

Hi We are having problems with file privileges when using NFS and Kerberos. Our configuration is: Isilon ver 7.1.0.3 Kerberos server MIT Linux client We have configured Kerberos and the authentication seems to work - the user can mount the share and read the files (permission allow all to read the files) but the users privileges are not working, no write privileges. There is an issue 93663 in 7.1 and 7.2: '93663 NFS Users who mount through NFSv4 and connect to a non-Active Directory Kerberos server are not recognized in the form of @ . Users are authenticated as nobody. ' And maybe we are hit by this error? Anybody having the above configuration working or who know how to solve the problem? Thanks Henrik

mattashton1 · Answer

Hi Henrik,

We would recommend opening an SR; NFS and Kerberos can be difficult to troubleshoot. It is entirely possible that you are hitting this bug, but best to contact support. Anything in log files that shows the write denial?

Cheers,
Matt

Henrik_Ravn · Answer

Hi Matt Ok - made a SR to EMC this morning. And nothing found in the log files (/var/log/nfs.log). Regards Henrik

Henrik_Ravn · Answer

Not getting somewhere with the SR. In 'messages' we found this:2015-04-10T10:19:42+02:00 <0.5> Easyone-1(id1) /boot/kernel.amd64/kernel: [svc_rpcsec_gss.c:842](pid 1274='nfsd')(tid=100174) Failed lookup for oleh@NFIT.AU.DK, error 2, returning unknown credentials. oleh is the user and NFIT.AU.DK the Kerberos realm, which is correct - also the case.

saschafrey · Answer

We're experiencing the same or a similar issue.

OneFS 7.2.1.1 with OpenLDAP server and MIT KDC:

mounting with sec=krb5 works, ls -l shows correct owner and group, but I can't access files and directories with no access for other. Files created are owned by nobody.

Is this issue is still unresolved in OpenFS 7.2.1.1?

saschafrey · Answer

Thank you Julien, This command did the trick. It's now working fine.

Isilon

Was this post helpful?