ONTAP Hardware

Can not mount c-mode nfsv4 export

XQ10907RS

Hi Netappers, i have a c-mode9.1 and with nfsv4 exports on it,but can not mount the exports from my centos client via command

[qa1@ark-centos-smb4 ~]$ sudo mount -t nfs -o v4.0,sec=krb5 qavs2-qacl6.qa.arkivio.com:/vol2/vol2nfs1 /nfs4-mnt-dir
[sudo] password for qa1:
mount.nfs: access denied by server while mounting qavs2-qacl6.qa.arkivio.com:/vol2/vol2nfs1

the cetos box can mount centos7 server's nfsv4 export so i assume it's working

 

 

c-mode has SPNs gengrated,nfs/* was added manually

C:\Users\administrator.QA>setspn -L -C QAVS2-QACL6
Registered ServicePrincipalNames for CN=QAVS2-QACL6,CN=Computers,DC=qa,DC=arkivio,DC=com:
        nfs/qavs2-qacl6
        HOST/qavs2-qacl6.qa.arkivio.com
        HOST/QAVS2-QACL6

nfs-qavs2-qacl6 account  was created automatically

 

C:\Users\administrator.QA>setspn -L -C NFS-QAVS2-QACL6
Registered ServicePrincipalNames for CN=NFS-QAVS2-QACL6,CN=Computers,DC=qa,DC=arkivio,DC=com:
        nfs/qavs2-qacl6.qa.arkivio.com
        nfs/nfs-qavs2-qacl6.qa.arkivio.com
        nfs/NFS-QAVS2-QACL6
        HOST/nfs-qavs2-qacl6.qa.arkivio.com
        HOST/NFS-QAVS2-QACL6

 

spn on c-mode

qacl6::vserver nfs kerberos interface*> show
               Logical
Vserver        Interface     Address         Kerberos SPN
-------------- ------------- --------------- -------- -----------------------
qavs1          lif1          10.17.16.108    disabled -
qavs2          lif2          10.17.16.109    enabled  nfs/qavs2-qacl6.qa.arkivio.com@QA.ARKIVIO.COM
2 entries were displayed.

 

i followed TR-4073,4067 to setup,checked the log from debug log show,could not find any clue

anything wrong there?
Thanks

2 REPLIES 2

aleex

Do you have a correct export-policy for this volume?

 

XQ10907RS

Hi, It proved that it has nothing to do with c-mode,centos7 client,because centos use a kerberos encrytion type(rc4-hmac) with domain which c-mode doesn't support,the domain function level is 2003 

we need raise to windows2008

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public