Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp812946pxj; Thu, 17 Jun 2021 14:37:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxighFFA8+CEScsvsH8EN/kVRrUu8XiiBLjvgN1n83KYUdrwZdUKN9hNbNiDdj4PNWEF0ge X-Received: by 2002:aa7:d413:: with SMTP id z19mr521831edq.37.1623965871778; Thu, 17 Jun 2021 14:37:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1623965871; cv=none; d=google.com; s=arc-20160816; b=aiVG6VMQGYBWFBmDrGJfHrDlJD/hZ82r91eqE5OeMFIwG1tQRZ3mBQAr4kH9Gf+kW8 mHZrZlkegXSF9nIW/5/w2jgAveECRAm0u1/6Rzv6jC74Q3CFfdoSVF5ftsb3m1y6FSK+ 6em+7HWlvaRQ+GB7L7NJ7DNCPKHo+fNq80nhmlolwMoiJrhtEI8WF3ALEAiSlbVgI9oj HKy29vfaWcwFV8vuX1hM41rvBGKLGfSbN9GSVTnLoQfJdOERKvRsvYnw7jAsNGSykUi+ UQ2KVei74lsm95FGsaRiTSDu/58u+F8sB1cYd/riJvfTHoMbzLzFyK3Os0SsEpxymttw e6YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:references:in-reply-to:subject :cc:to:from:mime-version:content-transfer-encoding:dkim-signature :dkim-signature:dkim-signature:dkim-signature; bh=fwIcYrZL+Wwp1IG1krenOmxhHV/XTkw7oP7R+h+e6R0=; b=lZdAZcflS32kPsRdRmzspou1GmadZ2+mLxwPTnhq9QeF/ztvc4srmjqBNFVu6tuI/O gNPBn1bm1fAww0PLBJIfNYqEhLd0EGKduFzhyLaFsWdTIIOtAwAt60kCg6FTxIHNK30a 4ikRIWPYN8J4AmlarLPuF0G2GgHgAr8uFgVnDoDj+VT3Yp4wdROWQLkwkbE5mGDLhnYN +zFogAuWhnXFLAs7ueuvmnV2cUJnFUGK89XuELg5+pdgcb0QlxJzPXyEJpgr/BFD2nWS ulcM0fqIktg0o3KhrlXnsw4xPj6MF1jQ7Nk5BpEX5vYkV1boqsMW5d1HmzFAkBWdbrX6 Ac7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=f4uD4fqs; dkim=neutral (no key) header.i=@suse.de; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=f4uD4fqs; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gx28si217256ejc.533.2021.06.17.14.37.20; Thu, 17 Jun 2021 14:37:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=f4uD4fqs; dkim=neutral (no key) header.i=@suse.de; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=f4uD4fqs; dkim=neutral (no key) header.i=@suse.de; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231651AbhFQV00 (ORCPT + 99 others); Thu, 17 Jun 2021 17:26:26 -0400 Received: from smtp-out1.suse.de ([195.135.220.28]:55102 "EHLO smtp-out1.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229683AbhFQV00 (ORCPT ); Thu, 17 Jun 2021 17:26:26 -0400 Received: from imap.suse.de (imap-alt.suse-dmz.suse.de [192.168.254.47]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 66A5E21B36; Thu, 17 Jun 2021 21:24:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1623965057; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fwIcYrZL+Wwp1IG1krenOmxhHV/XTkw7oP7R+h+e6R0=; b=f4uD4fqsjsKX9jkQVaSyhimw6T0X9EZT9H1x1b3lhjaMgETC305moMOPX9S/8ZX+4yIFgx 7AHLM23VqTOG3muqTZjhctUG8Q9vkZnypfiZ1K+ZczqYKWAgQTCtagNU+MsLmS/+Qj/aMq BpJL554/kkkN8piRYshBJIJsyNbxrPs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1623965057; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fwIcYrZL+Wwp1IG1krenOmxhHV/XTkw7oP7R+h+e6R0=; b=psWSCaRNZb+aO6kUfdTlFGUwY2FBHNR9a3BjUAZCHJCMPSvJNYC8xaoXvFkbsrDxnNWaca sn8wkcP0Wiqe/hCw== Received: from imap3-int (imap-alt.suse-dmz.suse.de [192.168.254.47]) by imap.suse.de (Postfix) with ESMTP id 62447118DD; Thu, 17 Jun 2021 21:24:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1623965057; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fwIcYrZL+Wwp1IG1krenOmxhHV/XTkw7oP7R+h+e6R0=; b=f4uD4fqsjsKX9jkQVaSyhimw6T0X9EZT9H1x1b3lhjaMgETC305moMOPX9S/8ZX+4yIFgx 7AHLM23VqTOG3muqTZjhctUG8Q9vkZnypfiZ1K+ZczqYKWAgQTCtagNU+MsLmS/+Qj/aMq BpJL554/kkkN8piRYshBJIJsyNbxrPs= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1623965057; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fwIcYrZL+Wwp1IG1krenOmxhHV/XTkw7oP7R+h+e6R0=; b=psWSCaRNZb+aO6kUfdTlFGUwY2FBHNR9a3BjUAZCHJCMPSvJNYC8xaoXvFkbsrDxnNWaca sn8wkcP0Wiqe/hCw== Received: from director2.suse.de ([192.168.254.72]) by imap3-int with ESMTPSA id T8LcBIC9y2DvIAAALh3uQQ (envelope-from ); Thu, 17 Jun 2021 21:24:16 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 From: "NeilBrown" To: "Patrick Goetz" Cc: "linux-nfs@vger.kernel.org" Subject: Re: Use of /etc/netgroup appears to be broken in the NFS server version which ships with Ubuntu 20.04 In-reply-to: <44f13e43-2f29-f442-a68f-2dcbef8145f1@math.utexas.edu> References: <2539b705-b72a-d9de-965e-7836dfd2e362@math.utexas.edu>, <162389949987.29912.5411348355154532470@noble.neil.brown.name>, <44f13e43-2f29-f442-a68f-2dcbef8145f1@math.utexas.edu> Date: Fri, 18 Jun 2021 07:24:13 +1000 Message-id: <162396505317.29912.2567278880935137712@noble.neil.brown.name> Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Fri, 18 Jun 2021, Patrick Goetz wrote: > Hi Neil - > > This is extremely embarrassing, but chalk this one up to user error > (technically, PEBKAC). I'm used to /etc/nsswitch.conf always including > the files option, so didn't think to check this when in fact on Ubuntu > 20.04 they ship the nsswitch.conf with this netgroup entry. > > netgroup: nis > > Who still uses NIS? Beats me; but once I added files to the option list > it starting working as advertised. Very sorry to dump random noise onto > the list. :-) NIS has a certain elegant simplicity. LDAP is probably objective better in every way ... except the elegant simplicity. Glad to know I wasn't missing anything important, and that there was an easy solution. NeilBrown > > > On 6/16/21 10:11 PM, NeilBrown wrote: > > On Wed, 16 Jun 2021, Patrick Goetz wrote: > >> Sadly, it took me a couple of days to track this down. The /etc/netgroup > >> file I'm using works perfectly on another NFS server (Ubuntu 18.04) in > >> production, so this wasn't an immediate suspicion. However, if I use > >> this /etc/exports: > >> > >> /srv/nfs @cryo_em(rw,sync,fsid=0,crossmnt,no_subtree_check) > >> /srv/nfs/cryosparc @cryo_em(rw,sync,fsid=2,crossmnt,no_subtree_check) > >> > >> Client mounts fail: > >> > >> > >> root@javelina:~# mount -vvvt nfs4 cerebro:/cryosparc /cryosparc > >> mount.nfs4: timeout set for Tue Jun 15 11:53:22 2021 > >> mount.nfs4: trying text-based options > >> 'vers=4.2,addr=128.xx.xx.xxx,clientaddr=129.xxx.xxx.xx' > >> mount.nfs4: mount(2): Permission denied > >> mount.nfs4: access denied by server while mounting cerebro:/cryosparc > >> > >> and if I switch to specifying the host explicitly: > >> > >> /srv/nfs javelina.my.domain(rw,sync,fsid=0,crossmnt,no_subtree_check) > >> > >> /srv/nfs/cryosparc > >> javelina.mydomain(rw,sync,fsid=2,crossmnt,no_subtree_check) > >> > >> the mount just works. The tcpdump error message isn't terribly helpful > >> here: > >> > >> 11:14:02.856094 IP cerebro.my.domain.nfs > javelina.my.domain.741: Flags > >> [.], ack 281, win 507, options [nop,nop,TS val 791638255 ecr > >> 2576087678], length 0 > >> 11:14:02.856178 IP cerebro.my.domain.nfs > javelina.my.domain.741: Flags > >> [P.], seq 1:25, ack 281, win 507, options [nop,nop,TS val 791638255 ecr > >> 2576087678], length 24: NFS reply xid 2752089303 reply ERR 20: Auth > >> Bogus Credentials (seal broken) > >> > >> but after figuring out the cause of the problem, I did find a > >> corroborating RHEL error report (which you'll need a RHEL account to > >> access): > >> > >> https://access.redhat.com/solutions/3563601 > >> > >> I couldn't figure out how to determine the exact version of the NFS > >> server that ships with Ubuntu 20.04. Maybe someone could explain how to > >> do this. Running > >> /usr/sbin/rpc.nfsd --version > >> doesn't do it. > >> > >> > > > > The problem is unlikely to be the implementation of netgroups - that > > hasn't changed in a long time. It is more likely to be some subtle > > configuration difference. > > > > Can you provide the verbatim /etc/netgroups file, and the extact host > > name that a DNS lookup of the client IP adress results in? > > > > NeilBrown > > > >