RPCPROG_MNT: RPC: Authentication error; why = Client credential too weak

mamalos · #1 March 30th, 2011, 15:38

Hi everybody,

this (the title of this thread) is the error I am getting from my NFS client when I try to mount a filesystem from my NFS server. On the server I get:

Code:

[tcp] 192.168.100.11:home: RPCPROG_MNT: RPC: Authentication error; why = Client credential too weak

I am executing the command as root, and both server and client run a version of FreeBSD-8 (not the latest). $ shomount -e servershows the correct information. If I start mountd with the -n option (on the server), then everything works just fine.

tcpdump shows that the client connects from an unprivileged port, indeed, which worries me.

Is there a way to understand why my client tries to mount remote filesystems using a non-privileged port, even though the mount command is executed as root?

For the POC, I switched the roles of server and client, and I had exactly the same problem.

I know I am missing something easy on this, but my head is stuck. If anyone can help, it would be really great!

Thank you all in advance.

**SirDice** · #2 March 30th, 2011, 16:20

It's probably rpcbind. What does # rpcinfo server tell you?
Are mountd and nfs properly registered? Do you set any flags for rpcbind, mountd and/or nfsd?

mamalos · #3 March 31st, 2011, 12:05

SirDice,

Thank you for your answer. Here is what rpcinfo shows:

Code:

 # rpcinfo server
   program version netid     address                service    owner
    100000    4    tcp       0.0.0.0.0.111          rpcbind    superuser
    100000    3    tcp       0.0.0.0.0.111          rpcbind    superuser
    100000    2    tcp       0.0.0.0.0.111          rpcbind    superuser
    100000    4    udp       0.0.0.0.0.111          rpcbind    superuser
    100000    3    udp       0.0.0.0.0.111          rpcbind    superuser
    100000    2    udp       0.0.0.0.0.111          rpcbind    superuser
    100000    4    tcp6      ::.0.111               rpcbind    superuser
    100000    3    tcp6      ::.0.111               rpcbind    superuser
    100000    4    udp6      ::.0.111               rpcbind    superuser
    100000    3    udp6      ::.0.111               rpcbind    superuser
    100000    4    local     /var/run/rpcbind.sock  rpcbind    superuser
    100000    3    local     /var/run/rpcbind.sock  rpcbind    superuser
    100000    2    local     /var/run/rpcbind.sock  rpcbind    superuser
    100003    2    udp       0.0.0.0.8.1            nfs        superuser
    100003    3    udp       0.0.0.0.8.1            nfs        superuser
    100003    2    udp6      ::.8.1                 nfs        superuser
    100003    3    udp6      ::.8.1                 nfs        superuser
    100003    2    tcp       0.0.0.0.8.1            nfs        superuser
    100003    3    tcp       0.0.0.0.8.1            nfs        superuser
    100003    2    tcp6      ::.8.1                 nfs        superuser
    100003    3    tcp6      ::.8.1                 nfs        superuser
    100005    1    udp6      ::.2.108               mountd     superuser
    100005    3    udp6      ::.2.108               mountd     superuser
    100005    1    tcp6      ::.2.108               mountd     superuser
    100005    3    tcp6      ::.2.108               mountd     superuser
    100005    1    udp       0.0.0.0.2.108          mountd     superuser
    100005    3    udp       0.0.0.0.2.108          mountd     superuser
    100005    1    tcp       0.0.0.0.2.108          mountd     superuser
    100005    3    tcp       0.0.0.0.2.108          mountd     superuser

Excerpt from the server's /etc/rc.conf:

Code:

rpcbind_enable="YES"
mountd_flags="-nr"
nfs_server_enable="YES"
nfs_client_enable="YES"
mountd_enable="YES"

Excerpt from the client's /etc/rc.conf:

Code:

rpcbind_enable="YES"
mountd_enable="YES"
mountd_flags="-e"
rpc_statd_enable="YES"
rpc_lockd_enable="YES"
nfs_server_enable="YES"
nfs_client_enable="YES"
nfs_client_flags="-n 4"
nfsuserd_enable="YES"
gssd_enable="YES"

Excerpt from the server's kernel config file:

Code:

options 	NFSCLIENT		# Network Filesystem Client
options		NFSD			# NFSv4 server
options 	NFSLOCKD		# Network Lock Manager
options 	NFS_ROOT		# NFS usable as /, requires NFSCLIENT
options		KGSSAPI			# Gia to kerberized NFS
device		crypto			# Epishs gia to kerberized NFS

Excerpt from the client's kernel config file:

Code:

options 	NFSCLIENT		# Network Filesystem Client
options 	NFSSERVER		# Network Filesystem Server
options 	NFSLOCKD		# Network Lock Manager
options 	NFS_ROOT		# NFS usable as /, requires NFSCLIENT
options		KGSSAPI			# Gia to kerberized NFS
device		crypto			# Epishs gia to kerberized NFS

As you can see, my nfs client works as an nfs server too (using gssapi sec=krb5i exports). I've tried mounting the share from another FreeBSD client, and had the same results. Moreover, you can see that my server is built with nfs4 support, but I don't think that this is the problem, since trying to mount my client's nfs share from the another client machine (also FreeBSD) has the exact same results. Nonetheless, when I mount the same shares from my linux clients, it works (linux uses a privileged port).

Thanks again for your interest.

**SirDice** · #4 April 1st, 2011, 07:18

Try removing the mountd_flags on the server.

mamalos · #5 April 1st, 2011, 11:58

SirDice,

I commented out mountd_flags and had the exact same result. Then I realized that mountd_flags is set to '-r' in /etc/defaults/rc.conf (which was also proved by ps axuww | grep -i mountd), so I removed it, with no luck either.

I don't know why this is happening, I'll test it again after I upgrade all my machines (after I back them up) to the latest version of FreeBSD and relative ports.

Thanks again.

mamalos · #6 April 1st, 2011, 12:25

SirDice,

one more thing that I think should be highlighted: It must be the client's fault, not the server's. As I stated on a previous message, my linux clients work fine (they're using a privileged port).

Gkarfield · #7 August 12th, 2011, 07:11

hello mamalos

from fbsd 7.1 [client] I get connection with the server [ fbsd 8.1], the mount works fine.
But I decided before some days to built bsd inside bsd [virtual] and I get the same errror as you.

ftp works fine by the way.
----
I am a simple user [short of]

qsecofr · #8 August 12th, 2011, 22:14

Any permissions discrepancies on the exported directory tree and the mount point on the client?

On the server, you can tell mountd which port to listen on with the "-p" option. The man page for mount_nfs suggests that the "-P" and "-N" options are obsolete.

peetaur · #9 October 7th, 2011, 07:27

A NAT changes the port from the server's point of view so the server sees an insecure port. Perhaps you have the client behind a NAT?

In a Linux server, you can specify "insecure" in the options of the export line.

In FreeBSD, I read that you can add to rc.conf:

Code:

nfs_reserved_port_only="NO"

I tried that, and it has no effect.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
[Solved] NFS RPCPROG_MNT: RPC: Timed out	Steije	Web & Network Services	16	February 22nd, 2012 00:24
[Solved] Failed to contact local NSM - rpc error 5	chazz	Web & Network Services	6	October 7th, 2011 15:21
periodic daily (pam_acct_mgmt: authentication error)	le4o360	General	12	January 18th, 2011 12:42
failed rpc error unable to receive errno connection refused	tuntun	Web & Network Services	0	May 12th, 2010 22:28
[Solved] SSL Credential Error?	anthony911	Web & Network Services	3	September 2nd, 2009 18:41