我们正在尝试使用 kerberos 在 RHEL 8 客户端上挂载 NFSv4 共享。我们在另一个环境中有一个非常相似的设置,并且运行良好。但在这个设置中,我们尝试access denied挂载共享的次数约为 50%:
# failed attempt
bash-4.4$ sudo mount -t nfs -o sec=krb5 server.com:/homes/francis test -vvvv
mount.nfs: timeout set for Sat Apr 2 16:28:32 2022
mount.nfs: trying text-based options 'sec=krb5,vers=4.2,addr=192.168.1.89,clientaddr=192.168.2.29'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'sec=krb5,vers=4,minorversion=1,addr=192.168.1.89,clientaddr=192.168.2.29'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'sec=krb5,vers=4,addr=192.168.1.89,clientaddr=192.168.2.29'
mount.nfs: mount(2): Permission denied
mount.nfs: trying text-based options 'sec=krb5,vers=4,addr=192.168.1.88,clientaddr=192.168.2.29'
mount.nfs: mount(2): Permission denied
mount.nfs: trying text-based options 'sec=krb5,addr=192.168.1.89'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.1.89 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 192.168.1.89 prog 100005 vers 3 prot UDP port 32767
mount.nfs: mount(2): Permission denied
mount.nfs: trying text-based options 'sec=krb5,addr=192.168.1.88'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.1.88 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 192.168.1.88 prog 100005 vers 3 prot UDP port 32767
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting hypatia.uio.no:/uioit-usit-drift-homes/francis
# working attempt two seconds later
bash-4.4$ sudo mount -t nfs -o sec=krb5 server.com:/homes/francis test -vvvv
mount.nfs: timeout set for Sat Apr 2 16:30:09 2022
mount.nfs: trying text-based options 'sec=krb5,vers=4.2,addr=192.168.1.88,clientaddr=192.168.2.29'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'sec=krb5,vers=4,minorversion=1,addr=192.168.1.88,clientaddr=192.168.2.29'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'sec=krb5,vers=4,addr=192.168.1.88,clientaddr=192.168.2.29'
mount.nfs: mount(2): Permission denied
mount.nfs: trying text-based options 'sec=krb5,vers=4,addr=192.168.1.89,clientaddr=192.168.2.29'
我检查了客户端的日志,没有太多信息指出挂载失败的原因。它成功了一次,但两秒钟后就不行了。反之亦然。
我起初以为这可能是跨挂载问题,但我也尝试了共享的上层目录,但还是同样的问题。
有什么提示可以说明可能存在什么问题吗?
答案1
就我的情况而言,问题在于服务器配置了两个 PTR。即使使用也rdns=false无济于事。当删除未解析回与服务器主体匹配的主机名的 PTR 时,情况就好多了。
感谢@Tomek 提供的提示。