Can not mount c-mode nfsv4 export

XQ10907RS · ‎2018-04-16

Hi Netappers, i have a c-mode9.1 and with nfsv4 exports on it,but can not mount the exports from my centos client via command

[qa1@ark-centos-smb4 ~]$ sudo mount -t nfs -o v4.0,sec=krb5 qavs2-qacl6.qa.arkivio.com:/vol2/vol2nfs1 /nfs4-mnt-dir
[sudo] password for qa1:
mount.nfs: access denied by server while mounting qavs2-qacl6.qa.arkivio.com:/vol2/vol2nfs1

the cetos box can mount centos7 server's nfsv4 export so i assume it's working

c-mode has SPNs gengrated,nfs/* was added manually

C:\Users\administrator.QA>setspn -L -C QAVS2-QACL6
Registered ServicePrincipalNames for CN=QAVS2-QACL6,CN=Computers,DC=qa,DC=arkivio,DC=com:
        nfs/qavs2-qacl6
        HOST/qavs2-qacl6.qa.arkivio.com
        HOST/QAVS2-QACL6

nfs-qavs2-qacl6 account was created automatically

C:\Users\administrator.QA>setspn -L -C NFS-QAVS2-QACL6
Registered ServicePrincipalNames for CN=NFS-QAVS2-QACL6,CN=Computers,DC=qa,DC=arkivio,DC=com:
        nfs/qavs2-qacl6.qa.arkivio.com
        nfs/nfs-qavs2-qacl6.qa.arkivio.com
        nfs/NFS-QAVS2-QACL6
        HOST/nfs-qavs2-qacl6.qa.arkivio.com
        HOST/NFS-QAVS2-QACL6

spn on c-mode

qacl6::vserver nfs kerberos interface*> show
               Logical
Vserver        Interface     Address         Kerberos SPN
-------------- ------------- --------------- -------- -----------------------
qavs1          lif1          10.17.16.108    disabled -
qavs2          lif2          10.17.16.109    enabled  nfs/qavs2-qacl6.qa.arkivio.com@QA.ARKIVIO.COM
2 entries were displayed.

i followed TR-4073,4067 to setup,checked the log from debug log show,could not find any clue

anything wrong there?
Thanks

aleex · ‎2018-04-26

Do you have a correct export-policy for this volume?

XQ10907RS · ‎2018-04-26

Hi, It proved that it has nothing to do with c-mode,centos7 client,because centos use a kerberos encrytion type(rc4-hmac) with domain which c-mode doesn't support,the domain function level is 2003

we need raise to windows2008