Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-3478: Why does access to NFS v3 mounts sometimes work, but not all the time?

Authentication Service ,  

12 April,16 at 11:38 AM

Applies to: All versions of Centrify DirectControl
When mounting an NFS v3 file system (e.g. on a Samba share) to a Centrified system with an AD user who is a member of more than 16 groups, it is observed that the user can sometimes get access to the mounted system, but not all the time. The behavior is inconsistent. 
Is there any reason for this?
It is a NFS v3 client's limitation to send random 16 groups to NFS server for verification. 
For users who belong to more than 16 groups, the NFS v3 client will randomly pick 16 groups to get shared file system access - this is why it sometimes works; but not all the time.
This is an OS-related issue and not a Centrify-issue. However here are a few possible workarounds:
  1. Reduce the number of user groups to which the user can belong to. 
    Note: Centrify provides an adsetgroup command to adjust the group membership and it is session-based.
  2. Switch to NFS v4 which does not have a limitation in user groups.
  3. Use CIFS export instead of NFS.
Links discussing the classic NFS 16-group limitation: (External links are provided as a courtesy)
Keywords: nfsv3 16-group limitation adsetgroup