>=nfs-utils-1.1.6-r1 blocks portmap. Why is that? This breaks kerberized NFSv3 as it needs portmap. Without portmap, the mount syscall just blocks indefinitely. Mounting without krb5 works fine, though. Downgrading to nfs-utils-1.1.5 fixes this. Reproducible: Always Steps to Reproduce: setup krb5 auth for NFSv3 emerge >=nfs-utils-1.1.6-r1 try to mount with -o sec=krb5, but without portmap. Actual Results: mount hangs Expected Results: mount mounts
fedora replaced portmap with rpcbind quite a while ago, and I haven't seen complaints about kerberos breakage. Maybe it is a problem with a particular version of rpcbind -- what version of rpcbind do you have installed? Also, please post your 'emerge --info' output.
I have net-nds/rpcbind-0.2.0 (latest ~amd64). Was I supposed to do anything to that one? Configuration or something? Portage 2.1.6.13 (default/linux/amd64/2008.0/desktop, gcc-4.3.3, glibc-2.8_p20080602-r1, 2.6.30-gentoo-r1_wald x86_64) ================================================================= System uname: Linux-2.6.30-gentoo-r1_wald-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T9500_@_2.60GHz-with-gentoo-2.0.1 Timestamp of tree: Sat, 27 Jun 2009 08:15:01 +0000 distcc 3.1 x86_64-pc-linux-gnu [disabled] app-shells/bash: 4.0_p24 dev-java/java-config: 2.1.8-r1 dev-lang/python: 2.6.2-r1 dev-util/cmake: 2.6.4 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.4.3-r3 sys-apps/sandbox: 2.0 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.4_p6, 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2, 1.11 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.29 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=core2 -msse4.1 -mssse3 -msse3 -msse2 -msse -mmmx" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -march=core2 -msse4.1 -mssse3 -msse3 -msse2 -msse -mmmx" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror" LANG="en_US.UTF8" LDFLAGS="-Wl,-O1" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/sunrise /usr/local/portage" SYNC="rsync://rsync.phuk.ath.cx/gentoo-portage" USE="X a52 aac aalib acl acpi aiglx akonadi alsa amd64 ao audiofile avahi bash-completion berkdb bluetooth bonjour branding bzip2 cairo caps cdaudio cddb cdparanoia cdr cli consolekit cracklib crypt css cups curl dbus dga dri dv dvd dvdr dvdread encode evo exif extensions fam ffmpeg fftw firefox flac fortran fuse gcj gd gdbm geoip gif git gnokii gnome gnome-keyring gnutls gpm gstreamer gtk hal hdaps http ical iconv id3 id3tag ipv6 jack jack-tmpfs java java5 java6 jingle jpeg jpeg2k kde kde4 kdeenablefinal kerberos kipi ladspa lame laptop lash ldap libnotify libsamplerate logrotate mad matroska midi mikmod mjpeg mmap mmx mng mp3 mp4 mpeg mplayer msn mudflap multilib musicbrainz mysql ncurses networkmanager nodrm nptl nptlonly nsplugin nvidia obex offensive ogg opengl openmp oscar otr pam pcre pdf perl phonon plotutils png policykit ppds pppd pulseaudio python qt3 qt3support qt4 quicktime raw rdesktop readline reflection replaygain resolvconf rtsp samba sasl sdl session sms sndfile sox speex spell spl sse sse2 ssl ssse3 startup-notification subversion svg sysfs tcpd tetex theora threads tiff truetype unicode usb vamp vcd vim vim-syntax vnc vorbis wifi wmf wxwindows x264 xcomposite xine xinerama xml xorg xosd xulrunner xv xvid xvmc zeroconf zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="mouse keyboard evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="nvidia nv" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS I'll do some more testing when I find the time. Didn't know rpcbind was supposed to replace portmap...
Yup, rpcbind is the replacement with ipv6 support. Was rpcbind running when you tried the NFS mount?
(In reply to comment #3) > Yup, rpcbind is the replacement with ipv6 support. Was rpcbind running when you > tried the NFS mount? > Yes, rpcbind is running. Now this is what the server says on the first mount attempt: Jun 28 01:33:22 horst mountd[4783]: MNT3(/srv/ftp) called Jun 28 01:33:22 horst mountd[4783]: authenticated mount request from 192.168.4.26:769 for /srv/ftp (/srv/ftp) Jun 28 01:33:25 horst mountd[4783]: nfsd_fh: inbuf '192.168.4.0/24 7 \x7f56080000000000c3866b83b6864867980139f56843447f' Jun 28 01:33:25 horst mountd[4783]: nfsd_fh: found 0xd3e8bc38be0 path /srv/ftp subsequent mount attempts only give: Jun 28 01:35:35 horst mountd[4783]: MNT3(/srv/ftp) called Jun 28 01:35:35 horst mountd[4783]: authenticated mount request from 192.168.4.26:738 for /srv/ftp (/srv/ftp) and this is the strace of rpcbind when doing "mount -t nfs -o sec=krb5i horst:/srv/ftp /mnt/tmp": Process 16704 attached - interrupt to quit 01:38:59 restart_syscall(<... resuming interrupted call ...>) = 1 01:39:03 recvfrom(6, "JF\301\240\0\0\0\0\0\0\0\2\0\1\206\240\0\0\0\2\0\0\0\3\0\0\0\0\0\0\0\0\0"..., 9000, 0, {sa_family=AF_INET, sin_port=htons(34687), sin_addr=inet_addr("127.0.0.1")}, [16]) = 56 01:39:03 sendto(6, "JF\301\240\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\336\273"..., 28, 0, {sa_family=AF_INET, sin_port=htons(34687), sin_addr=inet_addr("127.0.0.1")}, 16) = 28 01:39:03 poll([{fd=5, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}, {fd=6, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}, {fd=7, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}, {fd=8, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 4, 30000) = 0 (Timeout) 01:39:33 poll([{fd=5, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}, {fd=6, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}, {fd=7, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}, {fd=8, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 4, 30000) = 0 (Timeout) 01:40:03 poll([{fd=5, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}, {fd=6, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}, {fd=7, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}, {fd=8, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 4, 30000^C <unfinished ...> Process 16704 detached # lsof -p 16704 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ... rpcbind 16704 root 6u IPv4 2645911 0t0 UDP *:sunrpc rpcbind 16704 root 7u IPv4 2645915 0t0 UDP *:763 rpcbind 16704 root 8u IPv4 2645916 0t0 TCP *:sunrpc (LISTEN) ... alright. POLL(2): poll, ppoll - wait for some event on a file descriptor So looks like there's some communication problem with the server. Could it be that the the server and client versions need to be in sync somehow? The server is hardened amd64, while the client is desktop ~amd64. Thus, the server runs 2.6.28-hardened-r9 with nfs-utils-1.1.4-r1, while the client runs 2.6.30-gentoo-r1 with nfs-utils-1.2.0....
ah, well fd 5 is this: rpcbind 16704 root 5u unix 0xffff88003510c840 0t0 2645909 /var/run/rpcbind.sock so... erm... ??
It could be an incompatibility across versions all right (which would be a bug, they are supposed to be interoperable). Does it work if you: * set up an nfs share on your client machine and export it to localhost * mount it locally (i.e. does it work when using exactly same version for client and server) Meanwhile I'm going to assign this bug to the maintainers, since you have provided the basic system info already
Ok, I set up a local nfs share and tried to mount it. The behaviour is exactly the same. The mount call blocks, rpcbind polls for something that never happens, rpc.mountd does nothing, and rpc.svcgssd is idle, too. I'm not sure why I'm still using NFSv3 with kerberos, but I guess it should work... To me this looks like a bug in rpcbind. Unfortunately I'm not familiar enough with the workings of rpc and nfs, so I can't really talk to upstream...
Just going over my old bugs. I think this is kinda resolved since I don't have this particular issue anymore, maybe because I switched to NFSv4. Closing since probably fixed or irrelevant...