NFSv3 mounts

[Jeff]

Pardon the Noob here, but I'm having trouble tracking down the right configuration to do what we need here.  Currently we have two Isilon installations running v6.5.4.13, one being an X200 the other an IQ 36NL.  Attempting to connect some legacy client systems that use NFSv3 and even with NFSv4 disabled, we cannot get the file system mounted on the client.  Typical "access denied by server" error message.

The mount command we're trying: mount -o sec=krb5p -t nfs server:/ifs/Tests/xnfs3 /mnt   The client is listed in the settings as is the directory, at a loss to explain.

Any help will be GREATLY appreciated.

[Jerry Uanino]

If you drop sec=krb5p does it work?

Can you include your 

   isi nfs exports ls -v

if it is not sensitive?

[Jeff]

No change if I drop the krb5.

Export Site-default: 

  Comment: Export option defaults

  Options: commit requests performed synchronously (NFSv3+)

           directory read transfer size recommended as 131072 bytes (NFSv3+)

           data encoding is DEFAULT

           map root to user "nobody" groups none

           use incoming UIDs without modification 

           maximum file size reported as 9223372036854775807 (NFSv3+)

           readdir-plus requests are supported (NFSv3+)

           readdir-plus requests prefetch information for up to 10 files (NFSv3+)

           readdir[plus] requests returned file numbers may exceed 32-bits (NFSv3+)

           read transfer maximum size recommended as 524288 bytes (NFSv3+)

           read transfer multiple size recommended as 512 bytes (NFSv3+)

           read transfer preferred size recommended as 131072 bytes (NFSv3+)

           security flavors unix are supported

           set attribute operations must be synchronous

           write operations specifying DATASYNC to be processed as DATASYNC (NFSv3+)

           write operations specifying DATASYNC to be replied to with DATASYNC (NFSv3+)

           write operations specifying FILESYNC to be processed as FILESYNC (NFSv3+)

           write operations specifying FILESYNC to be replied to with FILESYNC (NFSv3+)

           write operations specifying UNSTABLE to be processed as UNSTABLE (NFSv3+)

           write operations specifying UNSTABLE to be replied to with UNSTABLE (NFSv3+)

           write transfer maximum size recommended as 524288 bytes (NFSv3+)

           write transfer multiple size recommended as 512 bytes (NFSv3+)

           write preferred size recommended as 524288 bytes (NFSv3+)

Export 1: 

  Comment: 

  Paths:   /ifs/cifstest

  Clients: (all)

  Root Clients: host dr-solaris1

Export 2: 

  Comment: jgm106

  Paths:   /ifs/nfs4test

  Clients: host server.at.my.work host sandbox4

  Options: all directories below the paths can be mountable

  Options: map root to user "nobody" groups none

           lookup incoming UIDs to local users

           security flavors krb5,krb5i,krb5p are supported

Export 3: 

  Comment: pegdptest

  Paths:   /ifs/pegdptest

  Clients: host 111.222.333.444 host server.at.my.work

  Options: all directories below the paths can be mountable

  Options: map root to user "nobody" groups none

           lookup incoming UIDs to local users

           security flavors krb5,krb5i,krb5p are supported

Export 4: 

  Comment: NFS3 test dir, basic

  Paths:   /ifs/Tests/xnfs3

  Clients: host 111.222.333.444 host server.at.my.work

  Options: all directories below the paths can be mountable

  Options: map root to user "nobody" groups none

           lookup incoming UIDs to local users

           security flavors krb5,krb5i,krb5p are supported

On Thursday, March 15, 2012 12:04:09 PM UTC-4, jerry wrote:

If you drop sec=krb5p does it work?

Can you include your 

   isi nfs exports ls -v

if it is not sensitive?

[Zack Kirsch]

I'm guessing it's not working because of the hosts/clients in export 4, unless your IP is 222.333.444 or server.at.my.work resolves to your IP. Try removing those with isi nfs exports modify -i=4 --delete-client= ...

Zack

Please excuse my typoos, as this was sent from my iphoone.

[Jeff]

Zack,I put dummy info in the IP and Hostnames, what I have, should resolve to the client I'm trying mount on.

Jerry has a point about taking out the krb5 option, but wondering if I should turn off the NFS Kerb Access setting on the server as well.

On Thursday, March 15, 2012 12:19:22 PM UTC-4, Zack Kirsch wrote:

I'm guessing it's not working because of the hosts/clients in export 4, unless your IP is 222.333.444 or server.at.my.work resolves to your IP. Try removing those with isi nfs exports modify -i=4 --delete-client= ...

Zack

Please excuse my typoos, as this was sent from my iphoone.

[Zack Kirsch]

Can you let us know what you mean by "put dummy info in the IP and Hostnames" ? Does it work if you reset export 4 back to allowing all clients?

I believe what Jerry meant was to remove krb5 entirely from Export 4. Try the following, which will reset export 4 back to unix (auth-sys) authentication:
  isi nfs exports modify -i=4 --default-security-flavors

-Zack

[Jeff]

Sorry, dummy info, just in the post here, ie I changed the names and numbers to protect the services here.

On Thursday, March 15, 2012 2:46:28 PM UTC-4, Zack Kirsch wrote:

Can you let us know what you mean by "put dummy info in the IP and Hostnames" ? Does it work if you reset export 4 back to allowing all clients?

I believe what Jerry meant was to remove krb5 entirely from Export 4. Try the following, which will reset export 4 back to unix (auth-sys) authentication:
  isi nfs exports modify -i=4 --default-security-flavors

-Zack

[Jeff]

Okay, I've got a mounted file system

Had to do several things to get it to work;

• on the NFSv3 share (Export 4):
• turn off the Kerb Access settings  ( isi nfs exports modify -i=4 --default-security-flavors )
• took the krb5 out of the mount command (NFSv3 doesn't support it) 
  
• sudo mount -t nfs drstorage.foo:/ifs/Tests/xnfs3 /mnt
• Removed the dptest from the clients list ( isi nfs exports modify -i=4 --delete-client=dptest.foo ) where i=4 is export 4 on foo