Description of problem: Yesterday, I updated my main NFS server to these package revisions: nfs-utils-1.0.8-2.fc5 nfs-utils-lib-1.0.8-4.FC5 libgssapi-0.9-1.FC5 Afterward, I was unable to mount any filesystems via NFS4. All mount attempts failed with an EPERM. The server showed a similar warning to this with each mount attempt: Jul 3 08:01:25 salusa rpc.svcgssd[14831]: WARNING: get_ids: unable to map name 'nfs/client.domain.net' to a uid ...downrevving to these packages: nfs-utils-1.0.8.rc2-5.FC5.i386.rpm libgssapi-0.7-2.1.i386.rpm nfs-utils-lib-1.0.8-3.1.i386.rpm ...made the problem go away. I'm opening this as an nfs-utils bug, but it may actually be a problem with one of the other library packages.
Sorry, I need to clarify. AUTH_UNIX seems to work fine, but with these updated packages on the server, mounting with AUTH_GSSAPI consistently fails: If I export with this on the server: /export/testfs *(rw,fsid=0,insecure,no_subtree_check,sync) ...and then mount like this on the client: mount -t nfs4 -o rsize=32768,wsize=32768,noatime xenguest:/ /mnt/test ...it mounts correctly. But if I mount using sec=krb5: mount -t nfs4 -o sec=krb5,rsize=32768,wsize=32768,noatime xenguest:/ /mnt/test then I get: mount: block device xenguest:/ is write-protected, mounting read-only mount: cannot mount block device xenguest:/ read-only strace shows: mount("xenguest:/", "/mnt/test", "nfs4", MS_MGC_VAL|MS_NOATIME, "\1") = -1 EACCES (Permission denied) mount("xenguest:/", "/mnt/test", "nfs4", MS_MGC_VAL|MS_RDONLY|MS_NOATIME, "\1") = -1 EACCES (Permission denied) I'll see if I can get some wire captures as well...
Actually need to clarify again, I'm exporting this way: /export/testfs gss/krb5(rw,fsid=0,insecure,no_subtree_check,sync) *(rw,fsid=0,insecure,no_subtree_check,sync)
Created attachment 132033 [details] temporary patch to fix problem This patch was posted to the nfs4 mailing list 3 days ago. It seems to correct the problem. It was posted as a temporary fix, but I think the permanent fix may be similar (though perhaps with different uid/gid hardcoded values).
Created attachment 132035 [details] corrected patch A patch was posted to the nfs4 list today to correct the values in the first patch: http://linux-nfs.org/pipermail/nfsv4/2006-July/004660.html though there seems to have been an intermediate patch between the first one I posted and that one that I've been unable to locate. In any case, I'm fairly sure that this patch should reflect the current state of this part of get_ids. It fixes the problem on my test rig as well.
changing to devel since problem exists in that package as well
Looks like this patch is incorporated in 1.0.9, so rebasing on that might be a better way to go.
In my home FC5 machines the problem wemt away by building a 1.0.9 rpm.
fixed in nfs-utils-1.0.9-3