So I am having to solve and re-visit this problem... I've tried various OSes (Solaris10/Opensolaris/MacOSX/Debian) and ngroup_max settings, some work for local filesystems but not over NFSv4.
On each server and client I've run newkey -h server/client and I've even done this on the NIS master and pumped the keys out using the publickey file. Nothing seems to be working... why? Am I missing out a step here? Help or hints will be appreciated!
One thought is to make absolutely sure you are mounting using NFS Version 4 by specifiying that in the mount line, .e.g:
mount -o vers=4 nfs_server:/export_path /mount_point
Or amend /etc/default/nfs to prevent the system dropping back to NFS V3 or V2 (a bit drastic though).
The other suggestion is confirm that the kernel change has been picked up by running:
getconf -a | grep ngroups
in order to check what the kernel reports the maximum number of groups to be. Saying that on boot you get a warning message about having more than 16 groups will break with NFS V3 which should be obvious enough.
The increasing of the number of groups is only a case of putting the line into /etc/system, e.g.:
set ngroups_max=32
and rebooting, it is not a hack but a long recognised but little used configuration change due to the NFS problem.
Many thanks for the reply and ideas. I have checked all that's suggested and they are all correct, but this still does not work, and still hangs.
I think the current problem is to do with the authentication keys... please help! Here are some log messages:
client# mount -F nfs -o vers=4,sec=dh server:/var/tmp/test /mnt
nfs mount: mount: /mnt: Invalid argument
client# tail messages
Feb 15 12:42:21 client rpcsec: [ID 270986 kern.notice] NOTICE: authdes_create: unable to get client's netname: RPC: Timed out (error 5)
Feb 15 12:49:19 client last message repeated 3 times
Feb 15 12:49:19 client nfs: [ID 120876 kern.warning] WARNING: NFS server initial call to server failed: Invalid argument
What RPC service should be running? NIS (ypbind) certainly is...
---------- Post updated at 03:53 PM ---------- Previous update was at 01:24 PM ----------
More error messages:
Feb 15 13:13:20 client rpcsec: [ID 270986 kern.notice] NOTICE: authdes_create: unable to get client's netname: RPC: Timed out (error 5)
Feb 15 13:16:51 client last message repeated 1 time
Feb 15 13:20:19 client rpcsec: [ID 270986 kern.notice] NOTICE: authdes_create: unable to get client's netname: RPC: Timed out (error 5)
Feb 15 13:20:19 client nfs: [ID 120876 kern.warning] WARNING: NFS server initial call to server failed: Invalid argument
Feb 15 13:35:07 client rpcsec: [ID 270986 kern.notice] NOTICE: authdes_create: unable to get client's netname: RPC: Timed out (error 5)
Feb 15 13:42:06 client last message repeated 3 times
Feb 15 13:42:06 client nfs: [ID 120876 kern.warning] WARNING: NFS server initial call to server failed: Invalid argument
What other services do I need to run? (ypbind is certainly running)...
Make an alternative mount point to /mnt, e.g. /mount and try it.
Can the NFS server ping the client by name and can the NFS client ping the server by name? If not then either put their names and IP addresses in the each ends hosts files or else put them into the NIS hosts table.
Done this and it does not work (so mount point /mnt is not the problem).
Yes, and yes. In fact a normal NFS share (without the sec=dh) shares and mounts (on /mnt) no problems. So I assume it is all to do with keys and AUTH_DH authentication and the mounting method. Anyone got any suggestions on how to do this..?