Error while trying to mount NFS share: "Invalid argument"

TheEvilHammer · 11-10-2009, 04:37 PM

Hi all,

I am trying to mount an NFS (version 3) share exported by a NetApp filer on a Linux client running CentOS 5. The only thing "odd" I'm trying to do is use Kerberos as authentication for the connection.

Here's what happens when I try the mount:

Code:

[root@gen-cs41 ~]# mount -o sec=krb5 -t nfs 10.11.25.52:/vol/vol21_data share/
mount.nfs: Invalid argument
[root@gen-cs41 ~]#

With no real insight from the error message, I tried some standard debugging approaches. A network trace doesn't reveal much at all, there is nothing in /var/log/messages, strace doesn't reveal anything, and the verbose option for mount is quite unhelpful here:

Code:

[root@gen-cs41 ~]# mount -v -o sec=krb5 -t nfs 10.11.25.52:/vol/vol21_data share/
mount: trying 10.11.25.52 prog 100003 vers 3 prot tcp port 2049
mount: trying 10.11.25.52 prog 100005 vers 3 prot udp port 4046
mount.nfs: Invalid argument
[root@gen-cs41 ~]#

I tried updating nfs-utils, nfs-utils-lib, and krb5-libs to the latest versions and that didn't help either. Does anyone have any tips on what could be wrong or how to debug this further?

bartonski · 11-12-2009, 01:20 AM

Quote:

Originally Posted by TheEvilHammer

Code:

[root@gen-cs41 ~]# mount -o sec=krb5 -t nfs 10.11.25.52:/vol/vol21_data share/
mount.nfs: Invalid argument
[root@gen-cs41 ~]#

With no real insight from the error message, I tried some standard debugging approaches. A network trace doesn't reveal much at all, there is nothing in /var/log/messages, strace doesn't reveal anything, and the verbose option for mount is quite unhelpful here:

Code:

[root@gen-cs41 ~]# mount -v -o sec=krb5 -t nfs 10.11.25.52:/vol/vol21_data share/
mount: trying 10.11.25.52 prog 100003 vers 3 prot tcp port 2049
mount: trying 10.11.25.52 prog 100005 vers 3 prot udp port 4046
mount.nfs: Invalid argument
[root@gen-cs41 ~]#

I tried updating nfs-utils, nfs-utils-lib, and krb5-libs to the latest versions and that didn't help either. Does anyone have any tips on what could be wrong or how to debug this further?

My initial reaction was to have you check the version of nfs, but you just updated this. Do check version of mount.nfs.

I would try leaving off arguments on the command line, and see what changes. Also, just on the assumption that the diagnostic might be bogus, check firewall, directory permissions and make sure that the directory is correctly exported on 10.11.25.52.

What happens when you try mount -s (sloppy mount)?

TheEvilHammer · 11-12-2009, 01:35 AM

I ended up giving up on this because it was a waste of my time, but I'll respond to your questions anyway.

Quote:

Originally Posted by bartonski

My initial reaction was to have you check the version of nfs, but you just updated this. Do check version of mount.nfs.

CentOS 5 (the distro I was using on the client) has a very old version of nfs-utils (1.0.9, compared to the current version, 1.2.1), so I thought I might have been hitting this (or something similar to it):

http://cve.mitre.org/cgi-bin/cvename...=CVE-2008-4552

I ended up trying Fedora Core 11 on the client and I got a bit further (no more "Invalid argument" message), but I was still unable to mount the NFS export.

Quote:

Originally Posted by bartonski

I would try leaving off arguments on the command line, and see what changes.

I couldn't do this as Kerberos was the only security flavor supported by the server.

Quote:

Originally Posted by bartonski

Also, just on the assumption that the diagnostic might be bogus, check firewall, directory permissions and make sure that the directory is correctly exported on 10.11.25.52.

It's not a networking/routing issue; it's a Kerberos issue. If I changed the options of the NFS export to use standard Unix authentication, I could mount the share without any problems.

In the end, I just took the advice from the fine folks at the Linux NFS FAQ (http://nfs.sourceforge.net/):

"Because of bugs and missing features, for now support for Linux NFS with Kerberos is appropriate only for early adopters, and not for production use."