Can't access NFSv4 shares after upgrade to TrueNAS-12.0-U5

[xenu]

I was not able to mount any nfsv4 shares on my linux clients after the upgrade. Kerberos Ticket looked fine, keytab included the host and nfs-service keytab. I was able to id my FreeIPA users on the TrueNAS server, showmount -e showed the exports. But mounting via autofs only showed

Code:

ls /mnt/freenas/
cannot access '/mnt/freenas/media': No such file or directory
d?????????? ? ?    ?     ?            ? media/

Manual mount showed:

Code:

sudo mount -v -t nfs -o vers=4,rw,sec=krb5p,soft,proto=tcp freenas01.ipa.mydomain.com:/mnt/tank/media /mnt/freenas/media/
mount.nfs: timeout set for Thu Aug  5 10:38:37 2021
mount.nfs: trying text-based options 'sec=krb5p,soft,proto=tcp,vers=4.2,addr=10.0.20.4,clientaddr=10.0.50.2'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'sec=krb5p,soft,proto=tcp,vers=4,minorversion=1,addr=10.0.20.4,clientaddr=10.0.50.2'
mount.nfs: mount(2): Operation not permitted
mount.nfs: Operation not permitted

Rebooting into U4.1 I am able to mount my shares again (well I have to restart my NFS service from the gui after a reboot for it to work but that has been happening since 12.0).

 

[sretalla]

Why do you need to specify proto=tcp? Does it work without that option?

 

[xenu]

I think it is because "Serve UDP NFS clients" is unchecked for the NFS service. I just copied the chosen options from when NFS was working. Will reboot and try with udp enabled for the service and the mount option removed later today. It does work with U4.1 however.

 

[xenu]

Tried it with udp enabled, no change.

 

[Gcon]

Tried it with udp enabled, no change.

What NIC/driver are you using for TrueNAS? I posted another thread thinking I had issues with a StarTech M.2 SATA PCIe card but it turned out not to be the culprit, as I took it out and am getting lock ups with 120.0-U5 on Intel X710 ixl0 rNDC (daughter card). Always locks up as soon as the ixl0 interface comes up. Problems seemed to start after buiding a VM and a couple of jails sharing it with system managment.

Pulled that out and replaced it. using a (genuine) Dell discrete NIC now based on X520-DA2 and working fine.
So yeah... maybe the issues are at a lower level with NIC drivers?

 

[xenu]

I use

Code:

igb1@pci0:6:0:0:        class=0x020000 card=0x153315d9 chip=0x15338086 rev=0x03 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'I210 Gigabit Network Connection'
    class      = network
    subclass   = ethernet

Also I just tried again with 12.0-U5.1 but same result unfortunately. Switching back to my U4.1 environment and NFSv4 shares work again right away. I tried comparing configs and running services but cannot figure out what the issue is. It seems my clients do not get a nfs kerberos ticket with U5(.1) as they do using U4.1. The keytab does contain it though:

Code:

# ktutil list                                                                   
FILE:/etc/krb5.keytab:                                                         
                                                                                
Vno  Type                     Principal                                         Aliases
  1  aes256-cts-hmac-sha1-96  host/freenas01.ipa.mydomain.com@IPA.MYDOMAIN.COM 
  1  aes128-cts-hmac-sha1-96  host/freenas01.ipa.mydomain.com@IPA.MYDOMAIN.COM 
  1  aes256-cts-hmac-sha1-96  nfs/freenas01.ipa.mydomain.com@IPA.MYDOMAIN.COM   
  1  aes128-cts-hmac-sha1-96  nfs/freenas01.ipa.mydomain.com@IPA.MYDOMAIN.COM