[nfs-discuss] NFS boot of linux machine against opensolaris NFS server failing auth

Steve Ruiz Thu, 17 Sep 2009 09:47:02 PDT

We have an opensolaris server with a bunch of disks acting as our office 
storage, and it has been working beautifully - we use it as a back end for Xen, 
vmware, and general NFS and CIFS.  I am trying to get our xen domU instances to 
boot with an NFS share as their root volume, and I am running into strange 
issues when using opensolaris as the nfs server. ?I am to the point where I 
have this working with a linux nfs server as the backend, so I know my kernel 
is capable of booting properly via nfs. ?It looks like the mount of the 
opensolaris share is successfully completing, but any file access is denied 
with the error "Can't authenticate (too weak)". ?The system I am trying to boot 
is a linux system, basically the latest version of red hat enterprise with 
nfsroot built into the kernel.


 I've tried playing with everything I can think of, verifying DNS forward and 
reverse lookups work correctly for the hosts in question, that the dns domain 
is identical, playing with the default and max nfs version under solaris, 
setting different version of nfs on the client side mount, etc.  Is there 
anything I can do in solaris to allow this client no matter what, i.e. anything 
beyond anon=0 in the export?  Of note, I notice in my linux boot log that it is 
picking up mycompany.com as the NIS domain instead of dns domain, and haven't 
been able to fix that.


 Background information:
 opensolaris server: 10.10.3.26
 Linux nfsboot client: 10.10.3.147
 Linux nfs server for testing: 10.10.3.171

 root at solarisstorage:/etc/dfs# sharectl get nfs
 protocol=ALL
 lockd_retransmit_timeout=5
 grace_period=90
 server_versmin=2
 client_versmin=2
 server_versmax=3
 client_versmax=3
 servers=16
 lockd_listen_backlog=32
 lockd_servers=20
 server_delegation=on
 nfsmapid_domain=
 max_connections=-1
 listen_backlog=0


root at solarisstorage:~$  sharemgr show -vp
default nfs=()
?..
zfs/datavol/nfsboottest nfs=(anon="0") 
nfs:sys=(rw="nfstest.mycompany.com:10.10.3.191" root="nfstest.mycompany.com")
          /volumes/datavol/nfsboottest



 Here is the output of my system trying to nfs boot against the opensolaris 
share: (shortened)
 IP-Config: Complete:
 device=eth0, addr=10.10.3.147, mask=255.255.255.0, gw=10.10.3.3,
 host=nfstest, domain=, nis-domain=mycompany.com,
 bootserver=1.2.3.4, rootserver=10.10.3.26, rootpath=
 md: Autodetecting RAID arrays.
 md: autorun ...
 md: ... autorun DONE.
 Looking up port of RPC 100003/3 on 10.10.3.26
 Looking up port of RPC 100005/3 on 10.10.3.26
 call_verify: server 10.10.3.26 requires stronger authentication.
 call_verify: server 10.10.3.26 requires stronger authentication.
 VFS: Mounted root (rootfs filesystem).
 Write protecting the kernel read-only data: 525k
 Kernel panic - not syncing: No init found. ?Try passing init= option to kernel.


 Here is a snoop on the opensolaris server of the above conversation (when the 
client is trying to boot):
 nfstest.mycompany.com -> solarisstorage.mycompany.com PORTMAP C GETPORT 
prog=100003 (NFS) vers=3 proto=UDP
 solarisstorage.mycompany.com -> nfstest.mycompany.com PORTMAP R GETPORT 
port=2049
 nfstest.mycompany.com -> solarisstorage.mycompany.com PORTMAP C GETPORT 
prog=100005 (MOUNT) vers=3 proto=UDP
 solarisstorage.mycompany.com -> nfstest.mycompany.com PORTMAP R GETPORT 
port=63175
 nfstest.mycompany.com -> solarisstorage.mycompany.com MOUNT3 C Null
 solarisstorage.mycompany.com -> nfstest.mycompany.com MOUNT3 R Null
 nfstest.mycompany.com -> solarisstorage.mycompany.com MOUNT3 C Mount 
/volumes/datavol/nfsboottest
 solarisstorage.mycompany.com -> nfstest.mycompany.com MOUNT3 R Mount OK 
FH=92A5 Auth=unix
 nfstest.mycompany.com -> solarisstorage.mycompany.com NFS C NULL3
 solarisstorage.mycompany.com -> nfstest.mycompany.com NFS R NULL3
 nfstest.mycompany.com -> solarisstorage.mycompany.com NFS_ACL C NULL3
 solarisstorage.mycompany.com -> nfstest.mycompany.com NFS_ACL R NULL3
 nfstest.mycompany.com -> solarisstorage.mycompany.com NFS C FSINFO3 FH=92A5
 solarisstorage.mycompany.com -> nfstest.mycompany.com NFS R FSINFO3 OK
 nfstest.mycompany.com -> solarisstorage.mycompany.com NFS C PATHCONF3 FH=92A5
 solarisstorage.mycompany.com -> nfstest.mycompany.com RPC R (#65) 
XID=243372054 Can't authenticate (too weak)
 nfstest.mycompany.com -> solarisstorage.mycompany.com NFS C GETATTR3 FH=92A5
 solarisstorage.mycompany.com -> nfstest.mycompany.com NFS R GETATTR3 OK
 nfstest.mycompany.com -> solarisstorage.mycompany.com NFS C FSINFO3 FH=92A5
 solarisstorage.mycompany.com -> nfstest.mycompany.com NFS R FSINFO3 OK
 nfstest.mycompany.com -> solarisstorage.mycompany.com NFS C ACCESS3 FH=92A5 
(read,lookup,modify,extend,delete)
 solarisstorage.mycompany.com -> nfstest.mycompany.com RPC R (#71) 
XID=293703702 Can't authenticate (too weak)




 This is the NFS export configuration on my linux nfs server, against which 
booting works properly:
 [root at localhost ~]# cat /etc/exports
 /export/nfsboot ? ? ? ? 
10.10.3.147(rw,no_root_squash,async,anonuid=0,anongid=0)
 [root at localhost ~]# exportfs -v
 /export/nfsboot
 
10.10.3.147(rw,async,wdelay,no_root_squash,no_subtree_check,anonuid=0,anongid=0)
-- 
This message posted from opensolaris.org

[nfs-discuss] NFS boot of linux machine against opensolaris NFS server failing auth

Reply via email to