Fedora10 nfs-utils update problem

[mik987]

I'm not sure if this belongs in a fedora bug report somewhere or not, but I thought I would start by posting here!

I ran a yum update this morning on my Fedora 10 box (i386), which updated the 'nfs-utils' package from 1.1.4-4.fc10 to 1.1.4-6.fc10. Before the update I was able to connect to the fedora NFS exports just fine from my Macbook Pro running latest version of Leopard on a simple home network. After the update, when I try to connect to the NFS export it waits for a while at leopard's "Connecting to Server" dialog box, and after about a minute I get a message saying "Could not connect to the server because the name or password is not correct" (though my UID's are the same on both systems). My /etc/exports and /etc/sysconfig/nfs files were unchanged by the update. I tried restarting the nfs services as well as shutting down iptables and setting SELinux to permissive, etc. with no success. I get the following in /var/log/messages (192.168.1.102 is the address of my macbook):

Jan 15 12:17:29 localhost mountd[4656]: Warning: Client IP address '192.168.1.102' not found in host lookup
Jan 15 12:17:29 localhost mountd[4696]: connect from 192.168.1.102 to proc (1) in mountd: request from unauthorized host

I was able to download the RPM for the older version of nfs-utils and then do a 'yum localinstall' to revert to the older version. This fixed my issues completely and my setup works as it did before. However I am curious to know why the latest version of nfs-utils breaks my setup, and whether it is a problem with my setup or if I should just wait for the next version to come out and see if the same thing happens.

Thanks for any help!
Mike

Edit - here is my /etc/exports file. I'm an NFS newbie but if I understand this correctly it should allow connections from anyone with an IP address on my local network.

/hail 192.168.1.1/255.255.255.0(rw,insecure,async)
/snow 192.168.1.1/255.255.255.0(rw,insecure,async)
/rain 192.168.1.1/255.255.255.0(rw,insecure,async)

[mik987]

I just found this: https://admin.fedoraproject.org/upda...DORA-2009-0266

Which tells me this has something to do with tcp_wrappers which I know nothing about. Apparently this is configured with /etc/hosts.allow and /etc/hosts.deny ... currently on my machine these files only contain comments.

[sej7278]

my f10 64-bit server / osx10.5.6 mac mini client combo seems to work fine after the update.....

[knnniggett]

Same problem here.
Running 64bit F10 on two recently built and very similar servers each with export files almost identical to the one in the first post.

I noticed the problem after upgrading just the first server. NFS mounts failed with a rather generic "internal error" when attempting to mount to that machine. Oddly enough, I did not receive any related events in var/log/messages.

As soon as I applied the updates to the second server then that server immediately developed the same problem.

I verified my hosts.allow and hosts.deny files were empty.

After following the link in the second post, I updated the information in my hosts files (configuring dns is on my to-do list), especially making sure that the local machine had its own name/ip listed. This seemed to resolve the issue when making nfs mounts between the two fedora servers. However, I still was unable to mount to either server from an Ubuntu desktop machine (which is what I really wanted). While I admit this issue could be due to a DNS misconfiguration, it was at this point that I lost patience/interest and simply downgraded my nfs-utils.

Downgrading got all machines talking again.

[sej7278]

weird, just booted a centos 5.2 virtual machine and i can't seem to mount an nfs share on my f10 box from that now, get "RPC Error: Authentication error" on that

[stevea]

This looks like it's in the rpc.mountd daemon when checking the credentials of the client system.
See the man page.

Jan 15 12:17:29 localhost mountd[4656]: Warning: Client IP address '192.168.1.102' not found in host lookup
Jan 15 12:17:29 localhost mountd[4696]: connect from 192.168.1.102 to proc (1) in mountd: request from unauthorized host

To me this looks like the tcp_wrapper (which is the prog that uses hosts.allow/hosts.deny is trying to lookup the NAM for 192.168.1.102 and is failing. You either need to setup dns (a good idea but some work)or else put "192.168.1.102 othersysname" into /etc/hosts.

The alternative is to put a line ...
"ALL: 192.168.1.1/255.255.255.0" into /etc/hosts.allow
which I think should solve the problem.


I can't verify this solves the problem. I have dns up and it works.

[Nokia]

Code:

rpm -qa --changelog nfs-utils
* Tue Jan 06 2009 Steve Dickson <steved@redhat.com> 1.1.4-6
- Added warnings to tcp wrapper code when mounts are 
  denied due to misconfigured DNS configurations.
- gssd: By default, don't spam syslog when users' credentials expire

Known bug, but perhaps not fully fixed yet.

[sej7278]

bit of a crappy bug if when using ip's its still trying to do a dns lookup!

would explain why my centos52 vm is failing but the mac/rhel boxes not - the mac/rhel boxes have an /etc/hosts entry for the fedora10 box.

tcp_wrappers is a bit naff anyway, as you can still see the service on a portscan, it just blocks you from using it, iptables is a better.

[den23513]

Some problem...
I had to revert to previous version to fix this ;-(

[rippel]

How can I revert to previous version?

[mik987]

How can I revert to previous version?

Not sure if this is the simplest way, but download one of these rpm's depending on your architecture (if any of the mirrors still work):

http://rpm.pbone.net/index.php3?stat...c10.x86_64.rpm
http://rpm.pbone.net/index.php3?stat....fc10.i386.rpm

Then run, for example:

Code:

yum remove nfs-utils
yum localinstall nfs-utils-1.1.4-4.fc10.i386.rpm

Also, be careful if you have made any changes to /etc/sysconfig/nfs, as mine was overwritten by this process.

[rippel]

Thank you!

I reverted nfs-utils from 1.1.4-6 to 1.1.4-4 and now I get the error:

Code:

mount: RPC: Unable to receive; errno = Connection refused

instead of the previous

Code:

mount: RPC: Authentication error; why = Failed (unspecified error)

Something has changed after all but the problem is still there...

I can ping my Fedora 10 NFS server, its /etc/exports is correct and it was perefclty working with Fedora 9

[knnniggett]

If after downgrading you now receive a new error message, make sure your nfs service is still running.

I noticed that I had to re-enable the nfs service.

[rippel]

Yep, thanks! Fixed!!!

[giulix]

More downloads