Network and Storage Protocols

failure in retrieving quotas: cDOT 8.2 , NFSv4 and Centos 7.1

Luca_Codutti
3,381 Views

Hi everyone,

I would like to get some help on a tedious quota issue I am facing while using NFSv4 on cDOT 8.2.1 and linux centos 7 (kernel vsersion: 3.10.0-229.el7.x86_64 ).  Basically I get an "operation not permitted" eveytime I try to get quotas from the filer.

 

Server (clustered ontap 8.2 ) reports that the quotas are working and enabled:

 

mycluster::> volume quota show -vserver myserver -volume vol1
Vserver Name: myvserver
Volume Name: vol1
Quota State: on
Scan Status: -
Logging Messages: on
Logging Interval: 1h
Sub Quota Status: none
Last Quota Error Message: -
Collection of Quota Errors: -

 

The rquotad daemon is enabled:

 

mycluster::> nfs show -vserver myserver -fields rquota
vserver rquota
----------- -------
myserver enabled


The quotas also work

mycluster::> quota report -vserver myvserver -volume vol1
Vserver: myserver
----Disk---- ----Files----- Quota
Volume Tree Type ID Used Limit Used Limit Specifier
------- -------- ------ ------- ----- ----- ------ ------ ---------
vol1 user * 0B 10GB 0 - *
vol1 qtree_home
user * 0B 10GB 0 - *
vol1 user root 0B - 2 -
vol1 user user1
818.3MB 10GB 10337 - *
vol1 user user2
2.22GB 10GB 12577 - *
vol1 user user3
42.14MB 10GB 1523 - *
vol1 user user4
18.41MB 10GB 501 - *
vol1 user user5
36.20MB 10GB 395 - *
vol1 qtree_home
user root 0B - 1 -
9 entries were displayed.


From the client perspective I have the following configuration: nfs4 exported by autofs:

 

/misc /etc/auto.misc
/net -hosts
+dir:/etc/auto.master.d
/- /etc/auto.home --timeout=600 --ghost
+auto.master

and for instance auto.home

/home -fstype=nfs -nfsvers=4 x.x.x.x:/vol1

NFS config file ( /etc/sysconfig/nfs )

 

 

MOUNTD_NFS_V2="no"
MOUNTD_NFS_V3="no"
RPCNFSDARGS="-N 2 -N 3"
RPCNFSDARGS=""
RPCMOUNTDOPTS=""
STATDARG=""
SMNOTIFYARGS=""
RPCIDMAPDARGS=""
RPCGSSDARGS=""
GSS_USE_PROXY="yes"
RPCSVCGSSDARGS=""
BLKMAPDARGS=""
NFSMAPID_DOMAIN="my.cool.domain"

 

The user system authentication is not local and is mediated by openldap. And there is  an error when I do a user triage since I am not using AD I guess but openLDAP.

mycluster::*> diag secd authentication show-creds -vserver myserver -node mycluster-02 -unix-user-name user1
Vserver: myserver (internal ID: 3)
Get user credentials procedure succeeded
[ 7] Determined UNIX id 5000 is UNIX user 'user1'
[ 8] Using a cached connection to ldap.server.ip
Error: command failed: Failed to get user credentials. Reason: "SecD Error: configuration not found".

 

To end with this long post (sorry about that), when i try to get quotas for a user from the client i get this message:

uname -a
Linux client 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
quota
quota: error while getting quota from x.x.x.x:/vol1 for user1 (id 5000): Operation not permitted
quota --version
Quota utilities version 4.01.
Compiled with: USE_LDAP_MAIL_LOOKUP EXT2_DIRECT HOSTS_ACCESS RPC RPC_SETQUOTA BSD_BEHAVIOUR

I also tried quota -m and -v without success.

 

I see using wireshark a conversation between cDot nfsv4 server and centos client which ends in a "not permitted" error:

 

785 10.423592000 client server Portmap 98 V2 GETPORT Call (Reply In 786) RQUOTA(100011) V:2 UDP
786 10.423927000 server client Portmap 70 V2 GETPORT Reply (Call In 785) PROGRAM_NOT_AVAILABLE
787 10.423974000 client server Portmap 98 V2 GETPORT Call (Reply In 788) RQUOTA(100011) V:1 UDP
788 10.424303000 server client Portmap 70 V2 GETPORT Reply (Call In 787) Port:4049
789 10.424333000 client server RQUOTA 126 V1 GETQUOTA Call (Reply In 790)
790 10.424899000 server client RQUOTA 70 V1 GETQUOTA Reply (Call In 789)
status: EPERM (3)

Finally the triage for secd gives me this error:

mycluster::*> diag secd authentication show-creds -vserver myserver -node mycluster-02 -unix-user-name user1

Vserver: myserver (internal ID: 3)

Get user credentials procedure succeeded
  [     7] Determined UNIX id 5000 is UNIX user 'user1'
  [     8] Using a cached connection to ldap.server.ip

Error: command failed: Failed to get user credentials. Reason: "SecD Error: configuration not found".

Secd logs  this error:

 

Time                Node             Severity      Event
------------------- ---------------- ------------- ---------------------------
6/25/2015 11:28:14  mycluster-02    ERROR         secd.nameTrans.noNameMapping: vserver (myserver) could not map name (user1): (No rule exists to map name of user from unix-win).

 

 

 

Thank you in advance for your patience

 

0 REPLIES 0
Public