Mounting NFSv4 share from Debian Linux 6 to Freebsd 9-RC3 "server requires stronger authentication"

linux solaris freebsd nfs nfs4

I've run into a strange problem while trying to mount from FreeBSD 9.0-RC3 to a Debian Linux box.

The command I'm using is:

sudo mount -v gorkon:/dustbin /tmp/test

This returns the following immediate information:

mount: no type was given - I'll assume nfs because of the colon mount.nfs: timeout set for Thu Jan 5 17:37:40 2012 mount.nfs: trying text-based options 'vers=4,addr=[serverip],clientaddr=[cllientaddr]' mount.nfs: mount(2): Permission denied mount.nfs: access denied by server while mounting gorkon:/dustbin

There's no log entry that I can find on the server (gorkon), and the following log entry is in my syslog for the debian box:

[30082.224612] RPC: server gorkon requires stronger authentication.

The NFS server has nfsuserd running, rpcbind running. I've tried to set the share in /etc/exports to use sec=sys (and connect the same way). I don't have Kerberos set up on this network, and I'm not about to start. The Debian NFSv4 servers do connect to a Solaris 10 NFSv4 server, and the FreeBSD box can't mount its own shares over NFS if I force use of nfsv4 (error is mount_nfs: /tmp/test, : Permission denied). A FreeBSD 8.2-RELEASE box won't mount either, same error.

The Solaris 10 box also cannot mount the FreeBSD box's mount. The error for this machine is :

genunix: [ID 664466 kern.notice] NFS compound failed for server gorkon: error 7 genunix: [ID 532867 kern.warning] WARNING: NFS server initial call to gorkon failed: permission denied.

NFSv3 mounts work fine.

Any idea what could be going on?


Solution 1:

I had the same problem, make sure you have a "V4:" root line in /etc/exports, like so:

V4: / -sec=sys
/tank/dedup host1 host2 host3

Solution 2:

Have you specified an authentification type on the FreeBSD Server and on your cmd to mount from it? FreeBSD afaik requires that for NFSv4.

sec=⟨flavor⟩ This option specifies what security flavor should be used for the mount. Currently, they are:

                 krb5 ‐  Use KerberosV authentication
                 krb5i ‐ Use KerberosV authentication and
                         apply integrity checksums to RPCs
                 krb5p ‐ Use KerberosV authentication and
                         encrypt the RPC data
                 sys ‐   The default AUTH_SYS, which uses a
                         uid + gid list authenticator

See mount_nfs(8)

Solution 3:

On the server side in FreeBSD you need the following lines in /etc/rc.conf

nfs_server_enable="YES"
nfsv4_server_enable="YES"
nfsuserd_enable="YES"

and this would be the simplest possible /etc/exports

V4: /
/

On the Debian client end, you want to mount it using NFSv4 like so:

$ sudo mount -t nfs4 test.home:/ /mnt

You want to replace test.home with the IP or hostname of your NFS server, and you can replace /mnt with whatever mount point you want to use.

You can check the protocol used by looking at the output of this command:

$ mount
test.home:/ on /mnt type nfs4 (rw,addr=192.168.1.5,clientaddr=192.168.1.3)

Related

Finding the most recent modification date of all files/subfolders in all top-level directories of a share with PowerShell
Managing consistent mounting of external USB hard drives in Linux (CentOS 5)
MSSQL 2008 R2 server roles: do server roles have implicit privileges over *all databases*?
Question About Null Quantification Equivalences
At least $5$ events with a probability of at least $0.9$
How to prove that $3^{20}+4^{9}+6^{10}$ is composite? [closed]
Nonhomogeneous Poisson distribution
Pure Galois representation
Theorem 6.12(a) Of Baby Rudin. Alternative Proof Of $ \int_a^b \left( f_1 + f_2 \right) d \alpha = \int_a^b f_1 d \alpha + \int_a^b f_2 d \alpha$
Spivak Calculus, Ch. 5 Limits: Finding the smallest $b$ in $|x-3|<b$ such that $|x^2-9|=|x-3||x+3|<\epsilon$?
is the intersection with a Lattice still a Lattice?
Conditions for convergence of fixed-point iterations (not necessarily to a unique fixed-point)