Description of problem: When an NFS-client (for example MS Windows NFS) tries to access the NFS-server with AUTH_KERB, the RPC response contains MSG_ACCEPTED/GARBAGE_ARGS. It would be much nicer to have a response like MSG_DENIED/AUTH_ERROR/AUTH_FAILED. See http://tools.ietf.org/html/rfc5531#section-9 for more details. Unfortunately the actual 'the auth flavor you used is not supported' does not seem to be a possible error. Version-Release number of selected component (if applicable): current mainline, reported against 3.5 How reproducible: Enable all security flavors on the client (MS Windows <version?>) Steps to Reproduce: 1. start capturing a tcpdump 2. mount a volume over NFS 3. wait until it fails 4. stop the tcpdump Actual results: While mounting, the 1st NFS calls use AUTH_UNIX, but afterwards AUTH_KERB (RPCSEC_GSS) is used. When using AUTH_KERB the RPC layer responds with MSG_ACCEPTED/GARBAGE_ARGS eventhough the contents of the AUTH-header is supposedly correct (but the auth flavor unsupported). Expected results: The NFS-client should not think AUTH_KERB/RPCSEC_GSS is supported and keep on using AUTH_UNIX. Additional info: Chatlog between warci/ndevos: - https://botbot.me/freenode/gluster/2015-01-06/?msg=28863542&page=3
this issue was recorded on windows 7 and on windows 2008 R2 the settings on the client are managed through: http://nnc3.com/LM10/Magazine/Archive/2010/111/020-024_win7admin/images/FIGURE6.png By default krb5 is enabled. nfs.log: [2015-01-06 13:24:28.913359] W [rpcsvc.c:261:rpcsvc_program_actor] 0-rpc-service: RPC program version not available (req 100003 2) [2015-01-06 13:24:28.913517] E [rpcsvc.c:547:rpcsvc_check_and_reply_error] 0-rpcsvc: rpc actor failed to complete successfully [2015-01-06 13:24:28.913837] W [rpcsvc.c:261:rpcsvc_program_actor] 0-rpc-service: RPC program version not available (req 100003 2) [2015-01-06 13:24:28.913887] E [rpcsvc.c:547:rpcsvc_check_and_reply_error] 0-rpcsvc: rpc actor failed to complete successfully [2015-01-06 13:24:29.897359] E [nfs3.c:4752:nfs3svc_fsinfo] 0-nfs-nfsv3: Error decoding arguments [2015-01-06 13:24:29.897451] E [rpcsvc.c:547:rpcsvc_check_and_reply_error] 0-rpcsvc: rpc actor failed to complete successfully [2015-01-06 13:24:29.897820] E [nfs3.c:4607:nfs3svc_fsstat] 0-nfs-nfsv3: Error decoding args [2015-01-06 13:24:29.897886] E [rpcsvc.c:547:rpcsvc_check_and_reply_error] 0-rpcsvc: rpc actor failed to complete successfully [2015-01-06 13:24:33.193546] E [nfs3.c:1490:nfs3svc_lookup] 0-nfs-nfsv3: Error decoding args [2015-01-06 13:24:33.193663] E [rpcsvc.c:547:rpcsvc_check_and_reply_error] 0-rpcsvc: rpc actor failed to complete successfully [2015-01-06 13:24:33.194213] E [nfs3.c:4420:nfs3svc_readdirp] 0-nfs-nfsv3: Error decoding args [2015-01-06 13:24:33.194274] E [rpcsvc.c:547:rpcsvc_check_and_reply_error] 0-rpcsvc: rpc actor failed to complete successfully [2015-01-06 13:24:33.194674] E [nfs3.c:4420:nfs3svc_readdirp] 0-nfs-nfsv3: Error decoding args [2015-01-06 13:24:33.194738] E [rpcsvc.c:547:rpcsvc_check_and_reply_error] 0-rpcsvc: rpc actor failed to complete successfully [2015-01-06 13:24:35.203923] W [rpcsvc.c:261:rpcsvc_program_actor] 0-rpc-service: RPC program version not available (req 100003 2) [2015-01-06 13:24:35.203982] E [rpcsvc.c:547:rpcsvc_check_and_reply_error] 0-rpcsvc: rpc actor failed to complete successfully [2015-01-06 13:24:35.204283] W [rpcsvc.c:261:rpcsvc_program_actor] 0-rpc-service: RPC program version not available (req 100003 2) [2015-01-06 13:24:35.204311] E [rpcsvc.c:547:rpcsvc_check_and_reply_error] 0-rpcsvc: rpc actor failed to complete successfully
With the focus of the project not containing gNFS related improvements, marking it as DEFERRED for now. We will look into this after couple of releases to take stock of things. Please send an email to mailing list if you find this critical.