Thanks hunter86_bg for your response.
No, stopping firewalld on both client and server machines do not work.
Client side -
Code: Select all
[root@CentOS-Client1 ~]# date; systemctl status -l nfs-client.target
Mon May 14 10:42:24 IST 2018
● nfs-client.target - NFS client services
Loaded: loaded (/usr/lib/systemd/system/nfs-client.target; enabled; vendor preset: disabled)
Active: active since Mon 2018-05-14 10:38:47 IST; 3min 36s ago
May 14 10:38:47 CentOS-Client1.example.exam systemd[1]: Reached target NFS client services.
[root@CentOS-Client1 ~]# mount -t nfs -o sec=krb5p 10.10.100.1:/nfs_k_share /mnt/nfs_secure/ -v
mount.nfs: timeout set for Mon May 14 10:45:30 2018
mount.nfs: trying text-based options 'sec=krb5p,vers=4.1,addr=10.10.100.1,clientaddr=10.10.100.2'
mount.nfs: mount(2): Permission denied
mount.nfs: trying text-based options 'sec=krb5p,vers=4.0,addr=10.10.100.1,clientaddr=10.10.100.2'
mount.nfs: mount(2): Permission denied
mount.nfs: trying text-based options 'sec=krb5p,addr=10.10.100.1'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 10.10.100.1 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 10.10.100.1 prog 100005 vers 3 prot UDP port 20048
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting 10.10.100.1:/nfs_k_share
[root@CentOS-Client1 ~]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Mon 2018-05-14 10:42:08 IST; 3min 16s ago
Docs: man:firewalld(1)
Process: 745 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 745 (code=exited, status=0/SUCCESS)
May 14 10:38:46 CentOS-Client1.example.exam systemd[1]: Starting firewalld - dynamic firewall daemon...
May 14 10:38:51 CentOS-Client1.example.exam systemd[1]: Started firewalld - dynamic firewall daemon.
May 14 10:38:53 CentOS-Client1.example.exam firewalld[745]: WARNING: ICMP type 'beyond-scope' is not supported by the ...pv6.
May 14 10:38:53 CentOS-Client1.example.exam firewalld[745]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP...ime.
May 14 10:38:53 CentOS-Client1.example.exam firewalld[745]: WARNING: ICMP type 'failed-policy' is not supported by the...pv6.
May 14 10:38:53 CentOS-Client1.example.exam firewalld[745]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICM...ime.
May 14 10:38:53 CentOS-Client1.example.exam firewalld[745]: WARNING: ICMP type 'reject-route' is not supported by the ...pv6.
May 14 10:38:53 CentOS-Client1.example.exam firewalld[745]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP...ime.
May 14 10:42:08 CentOS-Client1.example.exam systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 14 10:42:08 CentOS-Client1.example.exam systemd[1]: Stopped firewalld - dynamic firewall daemon.
Hint: Some lines were ellipsized, use -l to show in full.
Server side -
Code: Select all
[root@CentOS-Server1 ~]# date;systemctl stop firewalld.service
Mon May 14 10:41:49 IST 2018
[root@CentOS-Server1 ~]# ls -ldZ /nfs*
drwxr-xr-x. root root unconfined_u:object_r:public_content_rw_t:s0 /nfs_k_share
drwxr-xr-x. nfsnobody root unconfined_u:object_r:public_content_rw_t:s0 /nfsshare
[root@CentOS-Server1 ~]# systemctl status -l nfs-server.service
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
Drop-In: /run/systemd/generator/nfs-server.service.d
└─order-with-mounts.conf
Active: active (exited) since Mon 2018-05-14 10:39:18 IST; 7min ago
Process: 1387 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Process: 1350 ExecStartPre=/bin/sh -c /bin/kill -HUP `cat /run/gssproxy.pid` (code=exited, status=0/SUCCESS)
Process: 1346 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 1387 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/nfs-server.service
May 14 10:39:17 CentOS-Server1.example.exam systemd[1]: Starting NFS server and services...
May 14 10:39:18 CentOS-Server1.example.exam systemd[1]: Started NFS server and services.
[root@CentOS-Server1 ~]#
I also read few articles where it was mentioned that KDC might have some trouble with chrony, so I have set up NTP on my KDC.
so KDC has this -
Code: Select all
[root@Cent-Pro ~]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
+fwdns2.vbctv.in 80.87.128.222 4 u 65 64 237 43.880 12.716 3.377
*139.59.43.68 193.6.176.19 3 u 30 64 373 12.945 8.666 2.667
[root@Cent-Pro ~]# ntpstat
unsynchronised
polling server every 64 s
while the nfs server and nfs client use chrony, they refer to the KDC machine for time sync.
The client even users the nfs server as a peer.
Code: Select all
[root@CentOS-Client1 ~]# chronyc sources
210 Number of sources = 2
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
=? CentOS-Server1.example.e> 0 8 0 - +0ns[ +0ns] +/- 0ns
^? Cent-Pro.example.exam 0 8 0 - +0ns[ +0ns] +/- 0ns
Chrony on the NFS server.-
Code: Select all
[root@CentOS-Server1 ~]# chronyc sources
210 Number of sources = 5
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? Cent-Pro.example.exam 0 8 0 - +0ns[ +0ns] +/- 0ns
^+ ec2-13-126-37-14.ap-sout> 2 7 37 35 -3419us[-3419us] +/- 80ms
^* ec2-52-66-5-185.ap-south> 2 6 375 106 -5724us[-5610us] +/- 81ms
^+ ntp.slackware.in 3 6 357 44 -424us[ -424us] +/- 102ms
^+ fwdns2.vbctv.in 4 6 377 43 -5076us[-5076us] +/- 214ms
Also, I do not have a DNS,, but my hostfiles (/etc/hosts) are updated as mentioned in the first post. The servers can ping each other with FQDN/IP just fine