PowerScale OneFS:无法使用 FQDN 装载 NFSv4,并显示错误“不允许操作”
Summary: 使用 NFSv4 时,客户端无法装载别名导出,并显示错误“操作不允许”。通过 IP 或使用完整导出路径时装载成功。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
使用 Kerberos 进行身份验证并拥有有效 GSS 票证的 NFS 客户端尝试使用别名装载导出,但遇到故障。
# mount -t nfs4 fullyqualifieddomain:/aliases01 /mnt/test -vvvv mount.nfs4: timeout set for Wed Apr 10 12:14:37 2024 mount.nfs4: trying text-based options 'vers=4.2,addr=x.x.x.x,clientaddr=x.x.x.x' mount.nfs4: mount(2): Operation not permitted mount.nfs4: trying text-based options 'vers=4,minorversion=1,addr=x.x.x.x,clientaddr=x.x.x.x' mount.nfs4: mount(2): Operation not permitted mount.nfs4: trying text-based options 'vers=4,addr=x.x.x.x,clientaddr=x.x.x.x' mount.nfs4: mount(2): Operation not permitted mount.nfs4: Operation not permitted
在数据包捕获中,您会看到 OneFS 回复对 SECINFO 调用没有值:
Network File System [Program Version: 4] [V4 Procedure: COMPOUND (1)] GSS Data, Ops(2): PUTFH SECINFO Length: 36 GSS Sequence Number: 3 Status: NFS4_OK (0) Tag: <EMPTY> length: 0 contents: <EMPTY> Operations (count: 2) Opcode: PUTFH (22) Status: NFS4_OK (0) Opcode: SECINFO (33) Status: NFS4_OK (0) Flavors Info no values <<<<<<<<<<<<<<<<<<<<<<<< [Main Opcode: SECINFO (33)]
Cause
通常,SECINFO 在装载过程中为有效的 FH(文件句柄)访问提供可选的风格值。
The new SECINFO operation allows the client to determine, on a per filehandle basis, what security triple is to be used for server access.
但是,由于代码缺陷,客户端无法通过与 ROOTFH 的初步化合物获得其真实目标。因此,OneFS 回复时不会显示任何风格,并且会话会被销毁。
Resolution
执行代码修复时的解决方法:
- 在装载时指定 RPC 身份验证方式,例如:sec=sys
- 使用完整装载路径与别名
Additional Information
本知识库文章中使用的缩略词:
NFS - 网络文件系统
通用安全服务 (GSS) -- 用于在网络环境中提供安全服务的框架。它包括身份验证、完整性和机密性服务。
远程过程调用 (RPC) 是分布式计算中使用的一种通信协议。
Affected Products
PowerScale OneFSArticle Properties
Article Number: 000224680
Article Type: Solution
Last Modified: 02 May 2024
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.