Fab Sidoli
Contributor
- Joined
- May 15, 2019
- Messages
- 114
Hi All,
I'm in need of some fairly urgent help to debug an issue.
After upgrading to TrueNAS-12.0-U8.1 kerberised NFS has stopped working for my linux clients (around 80).
My exports are set up in /etc/zfs/exports (for various reasons) and take the following format.
/mnt/store/home/username -sec=krb5:krb5i:krb5p
The NFS service is running and has been restarted a couple of times for good measure and an rpcinfo from a linux client seems to suggest the "necessary" services and ports are open
[root@linux-client ~]# rpcinfo -p fileserver.fqdn
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100000 4 7 111 portmapper
100000 3 7 111 portmapper
100000 2 7 111 portmapper
100005 1 udp 867 mountd
100005 3 udp 867 mountd
100005 1 tcp 867 mountd
100005 3 tcp 867 mountd
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100024 1 udp 602 status
100024 1 tcp 602 status
100021 0 udp 604 nlockmgr
100021 0 tcp 956 nlockmgr
100021 1 udp 604 nlockmgr
100021 1 tcp 956 nlockmgr
100021 3 udp 604 nlockmgr
100021 3 tcp 956 nlockmgr
100021 4 udp 604 nlockmgr
100021 4 tcp 956 nlockmgr
I include the following, in case it helps, but I really don't know how to debug this. I'm trying to open a support ticket but I'm currently having issues with my account that is preventing me from being able to do this. Any help would be very much appreciated. I suspect this is a kerberos ticket issue of some sort.
root@filestore[~]# net ads info
LDAP server: 111.22.33.44
LDAP server name: ad-server.fqdn
realm: F.Q.D.N
Bind Path: dc=F,dc=Q,dc=D,dc=N
LDAP port: 389
Server time: Tue, 16 Aug 2022 09:38:36 BST
KDC server: 111.22.33.44
Server time offset: 0
Last machine account password change: Fri, 24 Jul 2020 17:02:01 BST
root@filestore[~]# ktutil -k /etc/krb5.keytab list | grep nfs
1 des-cbc-crc nfs/filestore.fqdn@F.Q.D.N
1 des-cbc-crc nfs/FILESTORE@F.Q.D.N
1 des-cbc-md5 nfs/filestore.fqdn@F.Q.D.N
1 des-cbc-md5 nfs/FILESTORE@F.Q.D.N
1 aes128-cts-hmac-sha1-96 nfs/filestore.fqdn@F.Q.D.N
1 aes128-cts-hmac-sha1-96 nfs/FILESTORE@F.Q.D.N
1 aes256-cts-hmac-sha1-96 nfs/filestore.fqdn@F.Q.D.N
1 aes256-cts-hmac-sha1-96 nfs/FILESTORE@F.Q.D.N
1 arcfour-hmac-md5 nfs/filestore.fqdn@F.Q.D.N
1 arcfour-hmac-md5 nfs/FILESTORE@F.Q.D.N
I'm in need of some fairly urgent help to debug an issue.
After upgrading to TrueNAS-12.0-U8.1 kerberised NFS has stopped working for my linux clients (around 80).
My exports are set up in /etc/zfs/exports (for various reasons) and take the following format.
/mnt/store/home/username -sec=krb5:krb5i:krb5p
The NFS service is running and has been restarted a couple of times for good measure and an rpcinfo from a linux client seems to suggest the "necessary" services and ports are open
[root@linux-client ~]# rpcinfo -p fileserver.fqdn
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100000 4 7 111 portmapper
100000 3 7 111 portmapper
100000 2 7 111 portmapper
100005 1 udp 867 mountd
100005 3 udp 867 mountd
100005 1 tcp 867 mountd
100005 3 tcp 867 mountd
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100024 1 udp 602 status
100024 1 tcp 602 status
100021 0 udp 604 nlockmgr
100021 0 tcp 956 nlockmgr
100021 1 udp 604 nlockmgr
100021 1 tcp 956 nlockmgr
100021 3 udp 604 nlockmgr
100021 3 tcp 956 nlockmgr
100021 4 udp 604 nlockmgr
100021 4 tcp 956 nlockmgr
I include the following, in case it helps, but I really don't know how to debug this. I'm trying to open a support ticket but I'm currently having issues with my account that is preventing me from being able to do this. Any help would be very much appreciated. I suspect this is a kerberos ticket issue of some sort.
root@filestore[~]# net ads info
LDAP server: 111.22.33.44
LDAP server name: ad-server.fqdn
realm: F.Q.D.N
Bind Path: dc=F,dc=Q,dc=D,dc=N
LDAP port: 389
Server time: Tue, 16 Aug 2022 09:38:36 BST
KDC server: 111.22.33.44
Server time offset: 0
Last machine account password change: Fri, 24 Jul 2020 17:02:01 BST
root@filestore[~]# ktutil -k /etc/krb5.keytab list | grep nfs
1 des-cbc-crc nfs/filestore.fqdn@F.Q.D.N
1 des-cbc-crc nfs/FILESTORE@F.Q.D.N
1 des-cbc-md5 nfs/filestore.fqdn@F.Q.D.N
1 des-cbc-md5 nfs/FILESTORE@F.Q.D.N
1 aes128-cts-hmac-sha1-96 nfs/filestore.fqdn@F.Q.D.N
1 aes128-cts-hmac-sha1-96 nfs/FILESTORE@F.Q.D.N
1 aes256-cts-hmac-sha1-96 nfs/filestore.fqdn@F.Q.D.N
1 aes256-cts-hmac-sha1-96 nfs/FILESTORE@F.Q.D.N
1 arcfour-hmac-md5 nfs/filestore.fqdn@F.Q.D.N
1 arcfour-hmac-md5 nfs/FILESTORE@F.Q.D.N