[CentOS] Nfs4 with kerberos freezing system

Mon Mar 9 13:39:18 UTC 2009
Ross Walker <rswwalker at gmail.com>

On Mar 9, 2009, at 2:32 AM, Olaf Mueller <daily-planet at istari.de> wrote:

> Hello,
> I have a CentOS 5.2 server that exports /home on the local network  
> for 2
> users by secure nfs4 with kerberos krb5p. The clients are a notebook
> and a desktop pc.
> The following error is always reproducible on all clients. If running
> the clients on high load, that means for example 5 firefox windows  
> open
> and connected with www pages from the internet, installing the new qt
> development environmet on the nfs4 share from the 297 mb big
> qt-sdk-linux-x86-opensource-2009.01.bin file and copy a 649 mb iso
> image to the nfs4 share, the client is freenzing and a reboot is
> necessary. If running the clients on low load, than the system is
> stable for hours.
> In my opinion this is an error by an CentOS nfs package, cause this
> problem is reproducible with different kernels, different desktop
> environments and different clients. I don't think the error is caused
> by the server hardware, cause if running the same nfs setting with nfs
> version 3 and disabling nfs secure, the system is stable.
> I have test this with
> - latest CentOS 5.2 kernel and testing redhat kernel 2.6.18-133.el5
> - kde and gnome
> - different clients and hardware
> Is anybody here successfully using nfs4/krb5p with CentOS 5.2?

As with any solution that has many moving parts it only takes one weak  
point to ruin the whole system.

1) How is NFS configured? TCP only for nfsv4. What security domain?  
Does it match your kerberos realm?

2) How is kerberos configured? Do you have the user principles setup  
correctly? Do you have the service principles setup correctly? How did  
you distribute the keytab files? Are users authenticating properly on  
login? Is the krb5.conf file setup optimally?

3) How is DNS setup? Did you setup resource records for the kerberos  
server? Did you setup name resolution properly on the clients? Is  
there firewall or proxy server settings that might interfere with  
either DNS or NFS?

4) How are these NFS shares mounted? Are they soft or hard mounts?  
Laptops should be soft and desktops can be either.

5) How is your network performing? Is it overloaded? Are the clients  
overloaded? Are there any communications problems?

Answer these questions and post their results (edit for brevity) and  
you will give the list the information needed to help you.