Hide Forgot
Description of problem: When mounting an NFS/RDMA server with a Kerberos security flavor, the mount command fails. gssd emits this warning to /var/log/messages: Oct 19 10:57:44 oracle-102 rpc.gssd[31880]: WARNING: unrecognized protocol, 'rdma', requested for connection to server oracle-ib-101.nfsv4bat.org for user with uid 0 gssd packaged with RHEL 7 is missing upstream commit 959efe8fe0f5. Version-Release number of selected component (if applicable): RHEL 7.2 How reproducible: 100% Steps to Reproduce: Configure client and server with krb5.conf and krb5.keytab, enable secure NFS on both sides. Actual results: [root@oracle-102 ~]# mount -v -o vers=3,rdma,port=20049,sec=krb5 oracle-ib-101:/export/tmp /mnt/oracle-ib-101 mount.nfs: timeout set for Wed Oct 19 10:59:44 2016 mount.nfs: trying text-based options 'vers=3,rdma,port=20049,sec=krb5,addr=10.0.0.101' mount.nfs: mount(2): Permission denied mount.nfs: access denied by server while mounting oracle-ib-101:/export/tmp Expected results: The mount should succeed. Additional info: This commit is required to support NFS/RDMA mounts with all flavors of Kerberos.
Needed commit commit 1ee2184248251ff44ae1ba557f12151cb8cf93ff Author: Chuck Lever <chuck.lever> Date: Mon Nov 2 08:47:41 2015 -0500 gssd: Make TCP the default protocol for GSSD connections. No failure case if gssd doesn't recognize the kernel's requested protocol. Caught with "protocol=rdma" upcall. Signed-off-by: Chuck Lever <chuck.lever> Signed-off-by: Steve Dickson <steved>
Steve, We also need the upstream commit 959efe8fe0f5cf8882b6401efddf02cba033cb32 gssd: Convert 'rdma' to 'tcp' protocol Sachin Prabhu
Moving to VERIFIED according to the test logs Comment #8, thanks Jianhong for the help. Will include this case as regression tests in the future.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2233