Many thanks to Eric Werme (DEC) and Allen D. Winter. The problem we
encountered was that the non-root users I was testing with happened
each to be in more than 16 groups.
Digital UNIX and ULTRIX allow a user to be in up to 32 groups, and the
NetApp filer is only capable of recognizing 16 groups for a user. So
when a client request comes to the filer, with this long list of
groups for the requesting user, the request is not comprehensible.
Authentication fails and a cryptic failure message is returned to the
client.
I do not yet know if Network Appliance will provide a patch for a
larger group limit in the client credentials, but I've requested it.
(The ULTRIX problem appears to be for the same reason.)
Thanks again to the group.
Original post:
----------------------------------------------------------------------
From: Joanna Gaski <jgaski_at_WPI.EDU>
To: tru64-unix-managers_at_ornl.gov
Subject: NetApp filer -- no non-root access for DU clients
Date: Mon, 26 Apr 1999 21:15:05 -0400 (EDT)
We have recently obtained a Network Appliance F740. I have a problem
when I attempt to export a shared area from the filer to any of our
Digital UNIX clients. The problem is that on the alpha client, root
can read and access files as normal, but if a normal user does even
something as simple as a
ls -lt /mnt
an error message is produced:
NFS3 RFS3_ACCESS failed for server toaster : RPC: Server can't decode arguments
/mnt: I/O error
The exports file has the share exported with
-ro,access=hostname,root=hostname
where hostname is a FQDN.
I have an open call with Network Appliance, but they have said that
there must be something strange in Compaq's implementation of the NFS
client. The same error occurs on Digital UNIX 4.0D pl3, 4.0E pl1, and
5.0 beta. It occurs whether the mount is soft or hard, udp or tcp,
nfsv3 or nfsv2.
It seems like such a large, ubiquitous error that I can't believe
noone would have seen it before. I thought that Digital UNIX support
was standard, and I can't imagine how all of our Alpha clients could
be non-standard in such a way.
Any help or pointers are appreciated. Thanks.
(BTW, I haven't yet dealt with the fact that when exporting from the
filer to one of our ULTRIX boxes, a simple "ls -lt /mnt" by a non-root
user results in the mount point changing to these permissions, and the
share essentially disappearing.
---------- 0 root 0 Dec 31 1969 /mnt
I'll get to that one later.)
Oh yeah, and exported to a Solaris 2.6 machine, non-root reads work
just fine.
Thanks.
Received on Wed Apr 28 1999 - 17:49:06 NZST