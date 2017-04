/srv/nfs *(rw,fsid=0,sync,subtree_check,root_squash,crossmnt,sec=krb5)

/srv/nfs/export2/proxmox_vmstore2 192.168.X.0/24(rw,fsid=1,sync,subtree_check,no_root_squash,crossmnt,sec=krb5:sys)

/srv/nfs/export3/proxmox_vmstore3 192.168.X.0/24(rw,fsid=2,sync,subtree_check,no_root_squash,crossmnt,sec=krb5:sys)

/srv/nfs/export3/datastore3 192.168.Y.0/24(rw,fsid=2,sync,subtree_check,root_squash,crossmnt,sec=krb5:sys)

mount -vv -t nfs4 192.168.X.X:/export3/datastore3 /var/www/wwwroot -o vers=4,minorversion=2,sec=sys

mount.nfs4: timeout set for Tue Apr 11 11:09:48 2017

mount.nfs4: trying text-based options 'minorversion=2,sec=sys,vers=4,addr=192.168.X.X,clientaddr=192.168.Y.Y'

mount.nfs4: mount(2): Operation not permitted

mount.nfs4: trying text-based options 'minorversion=2,sec=sys,addr=192.168.X.X'

mount.nfs4: prog 100003, trying vers=4, prot=6

mount.nfs4: trying 192.168.X.X prog 100003 vers 4 prot TCP port 2049

mount.nfs4: prog 100005, trying vers=3, prot=17

mount.nfs4: trying 192.168.X.X prog 100005 vers 3 prot UDP port 55804

mount.nfs4: mount(2): Operation not permitted

mount.nfs4: Operation not permitted

Apr 11 11:00:15 stor-01 rpc.mountd[13577]: Received NULL request from 192.168.Y.Y

Apr 11 11:00:15 stor-01 rpc.mountd[13577]: check_default: access by 192.168.Y.Y ALLOWED (cached)

Apr 11 11:00:15 stor-01 rpc.mountd[13577]: nfsd_export: found 0x564dafac98c0 path /srv/nfs

Apr 11 11:00:15 stor-01 rpc.mountd[13577]: nfsd_export: inbuf '*,192.168.Y.0/24 /srv/nfs'

Apr 11 11:00:15 stor-01 rpc.mountd[13577]: auth_unix_ip: client 0x564dafae9290 '*,192.168.Y.0/24'

Apr 11 11:00:15 stor-01 rpc.mountd[13577]: auth_unix_ip: inbuf 'nfsd 192.168.Y.Y'

Ahoj,uz to vubec nechapu. Dokumentace je jasna, ale stejne si to funguje po svem. Takze, jde o nfs4 (o v3 ani neuvazuju do provozu).Konfigurace serveru je tato (krb5 neni vubec zprovoznen/nakonfigurovan):Klient z Y:Log serveru:Klient z Y to nenamountuje. Pokud pouziju:Tak to klient z Y namountuje. Ale to umozni pristup pres sec=sys do celeho nfs4 stromu a to nechci. Nechapu to hlavne z toho duvodu, ze klient z X (proxmox node, taktez nfs4) s tim problem absolutne nema?! Proxmox muzu (un)mountovat sec=sys libovolne a absolutne v tomhle je bezproblemovy. Proc klient Y nedokaze pouzit sys?