Hi Olga

Based on Jeff's post

Are there some NFS-client side flags that need to be set by
the sys-admins to have the state-operations performed
by the machine credential ?

Are there any server-side requirements that must be fulfilled
so that the correct behavior is negotiated between client and server ?

What versions of the client ( RHEL-7 , 8 ..) support this behavior 
( state-ops performed by machine credential )

What versions of NFS ( 4.0, 4.1 .... ) support / mandate this behavior

Thanks Again 

If any of you plan on visiting Illinois soon,  I owe you lunch !

Andy

Here's the paragraph of the spec stating that things like CLOSE must be allowed:

In cases where the server's security policies on a portion of its
namespace require RPCSEC_GSS authentication, a client may have to use
an RPCSEC_GSS credential to remove per-file state (e.g., LOCKU, CLOSE,
etc.). The server may require that the principal that removes the
state match certain criteria (e.g., the principal might have to be the
same as the one that acquired the state). However, the client might
not have an RPCSEC_GSS context for such a principal, and might not be
able to create such a context (perhaps because the user has logged
off). When the client establishes SP4_MACH_CRED or SP4_SSV protection,
it can specify a list of operations that the server MUST allow using
the machine credential (if SP4_MACH_CRED is used) or the SSV
credential (if SP4_SSV is used).

If the NAS vendor is disallowing it then they are in the wrong.