Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Description of problem:
When mounting an NFS/RDMA server with a Kerberos security flavor, the mount command fails. gssd emits this warning to /var/log/messages:

Oct 19 10:57:44 oracle-102 rpc.gssd[31880]: WARNING: unrecognized protocol, 'rdma', requested for connection to server oracle-ib-101.nfsv4bat.org for user with uid 0

gssd packaged with RHEL 7 is missing upstream commit 959efe8fe0f5.

Version-Release number of selected component (if applicable):
RHEL 7.2

How reproducible:
100%

Steps to Reproduce:

Configure client and server with krb5.conf and krb5.keytab, enable secure NFS on both sides.

Actual results:

[root@oracle-102 ~]# mount -v -o vers=3,rdma,port=20049,sec=krb5 oracle-ib-101:/export/tmp /mnt/oracle-ib-101
mount.nfs: timeout set for Wed Oct 19 10:59:44 2016
mount.nfs: trying text-based options 'vers=3,rdma,port=20049,sec=krb5,addr=10.0.0.101'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting oracle-ib-101:/export/tmp

Expected results:
The mount should succeed.

Additional info:

This commit is required to support NFS/RDMA mounts with all flavors of Kerberos.

Needed commit

commit 1ee2184248251ff44ae1ba557f12151cb8cf93ff
Author: Chuck Lever <chuck.lever>
Date:   Mon Nov 2 08:47:41 2015 -0500

    gssd: Make TCP the default protocol for GSSD connections.
    
    No failure case if gssd doesn't recognize the kernel's requested
    protocol. Caught with "protocol=rdma" upcall.
    
    Signed-off-by: Chuck Lever <chuck.lever>
    Signed-off-by: Steve Dickson <steved>

Steve, 

We also need the upstream commit 959efe8fe0f5cf8882b6401efddf02cba033cb32

gssd: Convert 'rdma' to 'tcp' protocol

Sachin Prabhu

Moving to VERIFIED according to the test logs Comment #8, thanks Jianhong for the help.

Will include this case as regression tests in the future.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2233