PowerScale OneFS:無法使用 FQDN 掛接 NFSv4,並出現錯誤「不允許操作」
Summary: 使用 NFSv4 時,用戶端無法掛接別名匯出,並出現「不允許操作」錯誤。透過 IP 或使用完整匯出路徑掛接成功。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
通過 Kerberos 驗證並擁有有效 GSS 票證的 NFS 用戶端嘗試使用別名掛接匯出,但遇到失敗。
# mount -t nfs4 fullyqualifieddomain:/aliases01 /mnt/test -vvvv mount.nfs4: timeout set for Wed Apr 10 12:14:37 2024 mount.nfs4: trying text-based options 'vers=4.2,addr=x.x.x.x,clientaddr=x.x.x.x' mount.nfs4: mount(2): Operation not permitted mount.nfs4: trying text-based options 'vers=4,minorversion=1,addr=x.x.x.x,clientaddr=x.x.x.x' mount.nfs4: mount(2): Operation not permitted mount.nfs4: trying text-based options 'vers=4,addr=x.x.x.x,clientaddr=x.x.x.x' mount.nfs4: mount(2): Operation not permitted mount.nfs4: Operation not permitted
在封包擷取中,您會看到 OneFS 回覆對 SECINFO 呼叫沒有任何值:
Network File System [Program Version: 4] [V4 Procedure: COMPOUND (1)] GSS Data, Ops(2): PUTFH SECINFO Length: 36 GSS Sequence Number: 3 Status: NFS4_OK (0) Tag: <EMPTY> length: 0 contents: <EMPTY> Operations (count: 2) Opcode: PUTFH (22) Status: NFS4_OK (0) Opcode: SECINFO (33) Status: NFS4_OK (0) Flavors Info no values <<<<<<<<<<<<<<<<<<<<<<<< [Main Opcode: SECINFO (33)]
Cause
通常,SECINFO 會在裝載期間為有效的 FH(檔句柄)訪問提供可選的特定實例值。
The new SECINFO operation allows the client to determine, on a per filehandle basis, what security triple is to be used for server access.
但是,由於代碼缺陷,客戶無法通過ROOTFH獲得其對初步化合物的真正靶標。因此,OneFS 回覆沒有任何風格,工作階段也會遭到銷毀。
Resolution
進行程式碼修正時的因應措施:
- 在裝載時指定 RPC 身份驗證風格,例如:sec=sys
- 使用完整掛接路徑與別名
Additional Information
本 KB:
NFS - 網路檔案系統中使用的縮略字
通用安全服務(GSS) - 在網路環境中提供安全服務的框架。它包括身份驗證、完整性和機密性服務。
遠端過程調用 (RPC) 是分散式計算中使用的通信協定。
Affected Products
PowerScale OneFSArticle Properties
Article Number: 000224680
Article Type: Solution
Last Modified: 02 May 2024
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.