Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp59910pxj; Wed, 16 Jun 2021 20:16:39 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwj5c61Hj9ok5HTkt4cmH9LKazFO/jnlB61fokV2ZW9OX67dRWC5IT9Z8PKABi4Fh8xrKJb X-Received: by 2002:a92:c087:: with SMTP id h7mr1762130ile.293.1623899799456; Wed, 16 Jun 2021 20:16:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623899799; cv=none; d=google.com; s=arc-20160816; b=GZspLECbJVGir69bSmTWLAg06Ux8w68ib9DDDIpgjeA2tXIZ/6YEA8ipp4gaLRaQUi UKEP9iZ0r3oyzCUf4RNQNSW52Kea7d+sQvNxK0CBWdbLfL8gzc6hZVVuV+TblGMXsnM+ LIoZmOQBEHDqWkMee5AiL1GoP7GRpHRUpnIw3t/UYLS62d8uT3u71QzDmMc5XMbl5ldQ 4fuZZkztRcNxHVRyaMuJIYv36E+kfooYziFZiquPfXsxrlRfNZER3VCPzbfCO0BtCXs0 tMk13eiOwNgTzwj3NHdhpWxw+dDRo4FKa9j9yWbDKh/veXSHvhH7bzaNJayfUtZ5Oy9w FtdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:references:in-reply-to:subject :cc:to:from:mime-version:content-transfer-encoding:dkim-signature :dkim-signature:dkim-signature:dkim-signature; bh=sEx2HJjlLi8wnVmoVnhpADNTIGlVqTWhYVSGEhcKe1M=; b=tm+pLkkEYQBjEkBpWmP9cPbGSKF7T46cgpGt+UvFDSv5HY5fm6Lz9lEzRS6xstyPh9 yLzuUFBLHBlJKRNb3HM8oz/bMVrBKNotvARYWHgZv9+sjSZ6RPPc5Z6S2YYS9+DvizIG CKtQXPq6jcn5lbF4pGBhypIQMy7eEzHvUuc5bznp2Pjgi+8Kvm/hfsb90S+VGtqSFihA ndCPVlaI7A5VkE3fxDt2yH+zxNrquFbpcGx0Yct051B5wTvkx3nQXH5UBgYYKo7FD0x4 FYNwaL9zO+pfZiiMZAyvRPq6xUN5gE90x31JMkbtqLcLEleX9a5h1R5AWFAXXkF8Oufo 3FxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=bowKo3Wd; dkim=neutral (no key) header.i=@suse.de header.b=Z5oqwOFd; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=bowKo3Wd; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y9si4243737iof.23.2021.06.16.20.16.21; Wed, 16 Jun 2021 20:16:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=bowKo3Wd; dkim=neutral (no key) header.i=@suse.de header.b=Z5oqwOFd; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=bowKo3Wd; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230152AbhFQDNw (ORCPT + 99 others); Wed, 16 Jun 2021 23:13:52 -0400 Received: from smtp-out2.suse.de ([195.135.220.29]:58472 "EHLO smtp-out2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229569AbhFQDNw (ORCPT ); Wed, 16 Jun 2021 23:13:52 -0400 Received: from imap.suse.de (imap-alt.suse-dmz.suse.de [192.168.254.47]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 3D5411FD92; Thu, 17 Jun 2021 03:11:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1623899504; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sEx2HJjlLi8wnVmoVnhpADNTIGlVqTWhYVSGEhcKe1M=; b=bowKo3WdCRqOv/FFjWp9chr2kaARqbRsp4/rPK68zNDiHisLUvUVBHbVouzCGkZCev0o0k DyShrVEOtx/Mq5nB3gdkinCKI2UXiEFn+iGFgBjgcfA2mRyYCNmijiTLlYUbV/J5kGfJXL zMC/OhY5TlGS2PgrRI92j4NN65pDatE= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1623899504; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sEx2HJjlLi8wnVmoVnhpADNTIGlVqTWhYVSGEhcKe1M=; b=Z5oqwOFdwdoG1VMitMcxRILY10BHNCKEYkBd766QrXoLQxMY7KsN2rz9RdQkX9NyqKHk9b DemHYuHikgDyWBBA== Received: from imap3-int (imap-alt.suse-dmz.suse.de [192.168.254.47]) by imap.suse.de (Postfix) with ESMTP id 36B20118DD; Thu, 17 Jun 2021 03:11:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1623899504; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sEx2HJjlLi8wnVmoVnhpADNTIGlVqTWhYVSGEhcKe1M=; b=bowKo3WdCRqOv/FFjWp9chr2kaARqbRsp4/rPK68zNDiHisLUvUVBHbVouzCGkZCev0o0k DyShrVEOtx/Mq5nB3gdkinCKI2UXiEFn+iGFgBjgcfA2mRyYCNmijiTLlYUbV/J5kGfJXL zMC/OhY5TlGS2PgrRI92j4NN65pDatE= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1623899504; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sEx2HJjlLi8wnVmoVnhpADNTIGlVqTWhYVSGEhcKe1M=; b=Z5oqwOFdwdoG1VMitMcxRILY10BHNCKEYkBd766QrXoLQxMY7KsN2rz9RdQkX9NyqKHk9b DemHYuHikgDyWBBA== Received: from director2.suse.de ([192.168.254.72]) by imap3-int with ESMTPSA id 6C/uNW69ymDKIAAALh3uQQ (envelope-from ); Thu, 17 Jun 2021 03:11:42 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 From: "NeilBrown" To: "Patrick Goetz" Cc: "linux-nfs@vger.kernel.org" Subject: Re: Use of /etc/netgroup appears to be broken in the NFS server version which ships with Ubuntu 20.04 In-reply-to: <2539b705-b72a-d9de-965e-7836dfd2e362@math.utexas.edu> References: <2539b705-b72a-d9de-965e-7836dfd2e362@math.utexas.edu> Date: Thu, 17 Jun 2021 13:11:39 +1000 Message-id: <162389949987.29912.5411348355154532470@noble.neil.brown.name> Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Wed, 16 Jun 2021, Patrick Goetz wrote: > Sadly, it took me a couple of days to track this down. The /etc/netgroup > file I'm using works perfectly on another NFS server (Ubuntu 18.04) in > production, so this wasn't an immediate suspicion. However, if I use > this /etc/exports: > > /srv/nfs @cryo_em(rw,sync,fsid=0,crossmnt,no_subtree_check) > /srv/nfs/cryosparc @cryo_em(rw,sync,fsid=2,crossmnt,no_subtree_check) > > Client mounts fail: > > > root@javelina:~# mount -vvvt nfs4 cerebro:/cryosparc /cryosparc > mount.nfs4: timeout set for Tue Jun 15 11:53:22 2021 > mount.nfs4: trying text-based options > 'vers=4.2,addr=128.xx.xx.xxx,clientaddr=129.xxx.xxx.xx' > mount.nfs4: mount(2): Permission denied > mount.nfs4: access denied by server while mounting cerebro:/cryosparc > > and if I switch to specifying the host explicitly: > > /srv/nfs javelina.my.domain(rw,sync,fsid=0,crossmnt,no_subtree_check) > > /srv/nfs/cryosparc > javelina.mydomain(rw,sync,fsid=2,crossmnt,no_subtree_check) > > the mount just works. The tcpdump error message isn't terribly helpful > here: > > 11:14:02.856094 IP cerebro.my.domain.nfs > javelina.my.domain.741: Flags > [.], ack 281, win 507, options [nop,nop,TS val 791638255 ecr > 2576087678], length 0 > 11:14:02.856178 IP cerebro.my.domain.nfs > javelina.my.domain.741: Flags > [P.], seq 1:25, ack 281, win 507, options [nop,nop,TS val 791638255 ecr > 2576087678], length 24: NFS reply xid 2752089303 reply ERR 20: Auth > Bogus Credentials (seal broken) > > but after figuring out the cause of the problem, I did find a > corroborating RHEL error report (which you'll need a RHEL account to > access): > > https://access.redhat.com/solutions/3563601 > > I couldn't figure out how to determine the exact version of the NFS > server that ships with Ubuntu 20.04. Maybe someone could explain how to > do this. Running > /usr/sbin/rpc.nfsd --version > doesn't do it. > > The problem is unlikely to be the implementation of netgroups - that hasn't changed in a long time. It is more likely to be some subtle configuration difference. Can you provide the verbatim /etc/netgroups file, and the extact host name that a DNS lookup of the client IP adress results in? NeilBrown