Network Storage Protocols Discussions

failure in retrieving quotas: cDOT 8.2 , NFSv4 and Centos 7.1

Luca_Codutti

Hi everyone,

I would like to get some help on a tedious quota issue I am facing while using NFSv4 on cDOT 8.2.1 and linux centos 7 (kernel vsersion: 3.10.0-229.el7.x86_64 ).  Basically I get an "operation not permitted" eveytime I try to get quotas from the filer.

 

Server (clustered ontap 8.2 ) reports that the quotas are working and enabled:

 

mycluster::> volume quota show -vserver myserver -volume vol1
Vserver Name: myvserver
Volume Name: vol1
Quota State: on
Scan Status: -
Logging Messages: on
Logging Interval: 1h
Sub Quota Status: none
Last Quota Error Message: -
Collection of Quota Errors: -

 

The rquotad daemon is enabled:

 

mycluster::> nfs show -vserver myserver -fields rquota
vserver rquota
----------- -------
myserver enabled


The quotas also work

mycluster::> quota report -vserver myvserver -volume vol1
Vserver: myserver
----Disk---- ----Files----- Quota
Volume Tree Type ID Used Limit Used Limit Specifier
------- -------- ------ ------- ----- ----- ------ ------ ---------
vol1 user * 0B 10GB 0 - *
vol1 qtree_home
user * 0B 10GB 0 - *
vol1 user root 0B - 2 -
vol1 user user1
818.3MB 10GB 10337 - *
vol1 user user2
2.22GB 10GB 12577 - *
vol1 user user3
42.14MB 10GB 1523 - *
vol1 user user4
18.41MB 10GB 501 - *
vol1 user user5
36.20MB 10GB 395 - *
vol1 qtree_home
user root 0B - 1 -
9 entries were displayed.


From the client perspective I have the following configuration: nfs4 exported by autofs:

 

/misc /etc/auto.misc
/net -hosts
+dir:/etc/auto.master.d
/- /etc/auto.home --timeout=600 --ghost
+auto.master

and for instance auto.home

/home -fstype=nfs -nfsvers=4 x.x.x.x:/vol1

NFS config file ( /etc/sysconfig/nfs )

 

 

MOUNTD_NFS_V2="no"
MOUNTD_NFS_V3="no"
RPCNFSDARGS="-N 2 -N 3"
RPCNFSDARGS=""
RPCMOUNTDOPTS=""
STATDARG=""
SMNOTIFYARGS=""
RPCIDMAPDARGS=""
RPCGSSDARGS=""
GSS_USE_PROXY="yes"
RPCSVCGSSDARGS=""
BLKMAPDARGS=""
NFSMAPID_DOMAIN="my.cool.domain"

 

The user system authentication is not local and is mediated by openldap. And there is  an error when I do a user triage since I am not using AD I guess but openLDAP.

mycluster::*> diag secd authentication show-creds -vserver myserver -node mycluster-02 -unix-user-name user1
Vserver: myserver (internal ID: 3)
Get user credentials procedure succeeded
[ 7] Determined UNIX id 5000 is UNIX user 'user1'
[ 8] Using a cached connection to ldap.server.ip
Error: command failed: Failed to get user credentials. Reason: "SecD Error: configuration not found".

 

To end with this long post (sorry about that), when i try to get quotas for a user from the client i get this message:

uname -a
Linux client 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
quota
quota: error while getting quota from x.x.x.x:/vol1 for user1 (id 5000): Operation not permitted
quota --version
Quota utilities version 4.01.
Compiled with: USE_LDAP_MAIL_LOOKUP EXT2_DIRECT HOSTS_ACCESS RPC RPC_SETQUOTA BSD_BEHAVIOUR

I also tried quota -m and -v without success.

 

I see using wireshark a conversation between cDot nfsv4 server and centos client which ends in a "not permitted" error:

 

785 10.423592000 client server Portmap 98 V2 GETPORT Call (Reply In 786) RQUOTA(100011) V:2 UDP
786 10.423927000 server client Portmap 70 V2 GETPORT Reply (Call In 785) PROGRAM_NOT_AVAILABLE
787 10.423974000 client server Portmap 98 V2 GETPORT Call (Reply In 788) RQUOTA(100011) V:1 UDP
788 10.424303000 server client Portmap 70 V2 GETPORT Reply (Call In 787) Port:4049
789 10.424333000 client server RQUOTA 126 V1 GETQUOTA Call (Reply In 790)
790 10.424899000 server client RQUOTA 70 V1 GETQUOTA Reply (Call In 789)
status: EPERM (3)

Finally the triage for secd gives me this error:

mycluster::*> diag secd authentication show-creds -vserver myserver -node mycluster-02 -unix-user-name user1

Vserver: myserver (internal ID: 3)

Get user credentials procedure succeeded
  [     7] Determined UNIX id 5000 is UNIX user 'user1'
  [     8] Using a cached connection to ldap.server.ip

Error: command failed: Failed to get user credentials. Reason: "SecD Error: configuration not found".

Secd logs  this error:

 

Time                Node             Severity      Event
------------------- ---------------- ------------- ---------------------------
6/25/2015 11:28:14  mycluster-02    ERROR         secd.nameTrans.noNameMapping: vserver (myserver) could not map name (user1): (No rule exists to map name of user from unix-win).

 

 

 

Thank you in advance for your patience

 

0 REPLIES 0
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public