Hello,
I have a CentOS 5.2 server that exports /home on the local network for 2 users by secure nfs4 with kerberos krb5p. The clients are a notebook and a desktop pc. The following error is always reproducible on all clients. If running the clients on high load, that means for example 5 firefox windows open and connected with www pages from the internet, installing the new qt development environmet on the nfs4 share from the 297 mb big qt-sdk-linux-x86-opensource-2009.01.bin file and copy a 649 mb iso image to the nfs4 share, the client is freenzing and a reboot is necessary. If running the clients on low load, than the system is stable for hours.
In my opinion this is an error by an CentOS nfs package, cause this problem is reproducible with different kernels, different desktop environments and different clients. I don't think the error is caused by the server hardware, cause if running the same nfs setting with nfs version 3 and disabling nfs secure, the system is stable.
I have test this with - latest CentOS 5.2 kernel and testing redhat kernel 2.6.18-133.el5 - kde and gnome - different clients and hardware
Is anybody here successfully using nfs4/krb5p with CentOS 5.2?
regards Olaf
On Mar 9, 2009, at 2:32 AM, Olaf Mueller daily-planet@istari.de wrote:
Hello,
I have a CentOS 5.2 server that exports /home on the local network for 2 users by secure nfs4 with kerberos krb5p. The clients are a notebook and a desktop pc. The following error is always reproducible on all clients. If running the clients on high load, that means for example 5 firefox windows open and connected with www pages from the internet, installing the new qt development environmet on the nfs4 share from the 297 mb big qt-sdk-linux-x86-opensource-2009.01.bin file and copy a 649 mb iso image to the nfs4 share, the client is freenzing and a reboot is necessary. If running the clients on low load, than the system is stable for hours.
In my opinion this is an error by an CentOS nfs package, cause this problem is reproducible with different kernels, different desktop environments and different clients. I don't think the error is caused by the server hardware, cause if running the same nfs setting with nfs version 3 and disabling nfs secure, the system is stable.
I have test this with
- latest CentOS 5.2 kernel and testing redhat kernel 2.6.18-133.el5
- kde and gnome
- different clients and hardware
Is anybody here successfully using nfs4/krb5p with CentOS 5.2?
As with any solution that has many moving parts it only takes one weak point to ruin the whole system.
1) How is NFS configured? TCP only for nfsv4. What security domain? Does it match your kerberos realm?
2) How is kerberos configured? Do you have the user principles setup correctly? Do you have the service principles setup correctly? How did you distribute the keytab files? Are users authenticating properly on login? Is the krb5.conf file setup optimally?
3) How is DNS setup? Did you setup resource records for the kerberos server? Did you setup name resolution properly on the clients? Is there firewall or proxy server settings that might interfere with either DNS or NFS?
4) How are these NFS shares mounted? Are they soft or hard mounts? Laptops should be soft and desktops can be either.
5) How is your network performing? Is it overloaded? Are the clients overloaded? Are there any communications problems?
Answer these questions and post their results (edit for brevity) and you will give the list the information needed to help you.
-Ross
-
Olaf Mueller -
Ross Walker