What options are you using for mount ?

Can it be something like the problems reported in 
bug 295598 and bug 295552 ?

Quite possibly!  I had seen bug 295552, though not 295598.  I had already tried using option "vers=3", which didn't help, but I wasn't aware of "nfsvers"-- I will try that also.

The relevant line from fstab:

netapp.example.com:/vol/users/    /ad/eng/users    nfs   sec=krb5,hard,nolock,intr,tcp,rsize=8192,wsize=8192   0 0

That's copied over directly from CentOS, though; the only option that I believe is truly essential is "sec=krb5".  Again, I tried appending vers=3 to the options, which had no effect.  It might help to mention that I do have support for NFS version 4 in my kernel, though I'm not attempting to use it.

I understand that nfs-utils may default to v4 on this kernel (2.6.32), but I don't see why specifying v3 explicitly doesn't seem to work.  Is it possible to get it to report what version it's attempting to use when it mounts, to double-check?

Oh, and for the sake of completeness:  it behaves the same whether I use "vers" or "nfsvers" (which, consulting the nfs man page again, isn't surprising). 

(In reply to comment #2)
> Quite possibly!  I had seen bug 295552, though not bug 295598.  I had already tried
> using option "vers=3", which didn't help, but I wasn't aware of "nfsvers"-- I
> will try that also.
> 
> The relevant line from fstab:
> 
> netapp.example.com:/vol/users/    /ad/eng/users    nfs  
> sec=krb5,hard,nolock,intr,tcp,rsize=8192,wsize=8192   0 0
> 
> That's copied over directly from CentOS, though; the only option that I believe
> is truly essential is "sec=krb5".  Again, I tried appending vers=3 to the
> options, which had no effect.  It might help to mention that I do have support
> for NFS version 4 in my kernel, though I'm not attempting to use it.
> 
> I understand that nfs-utils may default to v4 on this kernel (2.6.32), but I
> don't see why specifying v3 explicitly doesn't seem to work.  Is it possible to
> get it to report what version it's attempting to use when it mounts, to
> double-check?
> 

Comment 4 Michael Weber (RETIRED) 2010-06-07 11:27:21 UTC

You can always trace the network communication (tcpdump/wireshark), the packets should tell the NFS version to be used. You can disable NFSv4 on the server.

This might be a take some time to debug, since not many users have NFSv4 _and_ Kerberos. I'm planning to do so, but not now.

Michael

Comment 5 Michael Weber (RETIRED) 2010-06-07 11:30:42 UTC

Have you met ... http://bugs.gentoo.org/show_bug.cgi?id=293593 (same buzz words).

Thanks, I'll take a look at the network traffic, and then I should know what version I'm actually using.  For the record, my goal is to use version 3, and not do anything with v4 at all-- from what I understand, what I'm trying actually *should* fail on version 4.  (If the traffic shows that it's using v4, my next question would be to ask why it's ignoring the "vers" option, but I guess I'll cross that bridge if I get to it.)  bug 293593 looks like they're specifically trying to use v4, so it most likely isn't the same issue (but again, we'll see what my traffic shows).  Thanks for the suggestions.

(In reply to comment #4)
> You can always trace the network communication (tcpdump/wireshark), the packets
> should tell the NFS version to be used. You can disable NFSv4 on the server.
> 
> This might be a take some time to debug, since not many users have NFSv4 _and_
> Kerberos. I'm planning to do so, but not now.
> 
> Michael
> 

I've tried tcpdump on both systems, and the traffic looks similar.  (Is there anything in particular I should expect to see if I'm on one version of NFS versus the other?)  I also tried removing version 4 support in the kernel, just for good measure, with no effect.  (Oh, and just to clarify, I can't disable it server-side, because, well, it's not my server :)

This has me thinking that it's using version 3 as it should be, but refusing to continue without the keytab.  I'm pretty much out of ideas of what to try, though.  Should I be talking with the NFS people at this point?

(In reply to comment #6)
> Thanks, I'll take a look at the network traffic, and then I should know what
> version I'm actually using.  For the record, my goal is to use version 3, and
> not do anything with v4 at all-- from what I understand, what I'm trying
> actually *should* fail on version 4.  (If the traffic shows that it's using v4,
> my next question would be to ask why it's ignoring the "vers" option, but I
> guess I'll cross that bridge if I get to it.)  bug 293593 looks like they're
> specifically trying to use v4, so it most likely isn't the same issue (but
> again, we'll see what my traffic shows).  Thanks for the suggestions.
> 
> (In reply to comment #4)
> > You can always trace the network communication (tcpdump/wireshark), the packets
> > should tell the NFS version to be used. You can disable NFSv4 on the server.
> > 
> > This might be a take some time to debug, since not many users have NFSv4 _and_
> > Kerberos. I'm planning to do so, but not now.
> > 
> > Michael
> > 
> 

Did a bit more digging, and this definitely isn't a gentoo issue.  What I'm trying works on CentOS 5.5 and Fedora Core 6 (similar systems package-wise), and fails on Fedora 13 and gentoo.  I tried compiling nfs-utils-1.0.10 from source on gentoo and retracing my steps, and it finally works.  The rpc.gssd output is also identical to that in "verbose rpc.gssd output On CentOS" originally posted.

So, it seems to be an issue with the behavior of recent versions of nfs-utils.  I'll try to find out exactly *why* this is, and then post what I find.

(In reply to comment #7)
> I've tried tcpdump on both systems, and the traffic looks similar.  (Is there
> anything in particular I should expect to see if I'm on one version of NFS
> versus the other?)  I also tried removing version 4 support in the kernel, just
> for good measure, with no effect.  (Oh, and just to clarify, I can't disable it
> server-side, because, well, it's not my server :)
> 
> This has me thinking that it's using version 3 as it should be, but refusing to
> continue without the keytab.  I'm pretty much out of ideas of what to try,
> though.  Should I be talking with the NFS people at this point?
> 
> (In reply to comment #6)
> > Thanks, I'll take a look at the network traffic, and then I should know what
> > version I'm actually using.  For the record, my goal is to use version 3, and
> > not do anything with v4 at all-- from what I understand, what I'm trying
> > actually *should* fail on version 4.  (If the traffic shows that it's using v4,
> > my next question would be to ask why it's ignoring the "vers" option, but I
> > guess I'll cross that bridge if I get to it.)  bug 293593 looks like they're
> > specifically trying to use v4, so it most likely isn't the same issue (but
> > again, we'll see what my traffic shows).  Thanks for the suggestions.
> > 
> > (In reply to comment #4)
> > > You can always trace the network communication (tcpdump/wireshark), the packets
> > > should tell the NFS version to be used. You can disable NFSv4 on the server.
> > > 
> > > This might be a take some time to debug, since not many users have NFSv4 _and_
> > > Kerberos. I'm planning to do so, but not now.
> > > 
> > > Michael
> > > 
> > 
>