Yet another Permission Denied with NFS exported from NetApp Filer

Background Information:

Storage Filer: NetApp configured with NFS license.
Linux Client: SLES 11 SP2 with nfs-client-1.2.3-18.17.2

Problem:

While trying to mount the exported File System via NFS, you may see this common error:

# mount /software/export/
mount.nfs: access denied by server while mounting filer_name:/vol/Some_vol01_nfs_software

Further Troubleshooting from the client:

Its always good idea to enable full debug for NFS client requests:

# echo "65535"   > /proc/sys/sunrpc/nfs_debug

From there, you need to look for your local messages, like so:

# tail -f /var/log/messages
Jul 9 14:07:50 servername kernel: [605981.673777] NFS: received 1 auth flavors
Jul 9 14:07:50 servername kernel: [605981.673782] NFS: auth flavor[0]: 0
Jul 9 14:07:50 servername kernel: [605981.673807] NFS: MNT request succeeded
Jul 9 14:07:50 servername kernel: [605981.673812] NFS: server does not support requested auth flavor
Jul 9 14:07:50 servername kernel: [605981.673828] NFS: sending UMNT request for filer_name:/vol/Some_vol01_nfs_software

From those messages, we can conclude that the Filer somehow its not providing an auth-method the client can understand.

Further troubleshooting from the Filer:

Its always good idea to return to the basics, and make some ICMP tests, both by IP and by hostname, in case you are using them.

Since this was an already working volume exported using NFS, we needed to ensure the exports where properly configured, this is the affected line in the Filer:

cat exports
#Auto-generated by setup Tue May 11 19:01:33 GMT 2010 for Filer
#/vol/vol0 -sec=sys,rw,anon=0,nosuid
/vol/Some_vol01_nfs_software -sec=none,ro=192.168.100.X:192.168.100.X:hostname1

Also, The option nfs.mountd.trace can be turned on to help debug access requests

Solution:

The usage of the option sec=none was causing no auth-mechanism was presented to the client. I’ve seen other versions of SLES not being affected by this, but I suppose there’s some new security concerns resolved on this specific version.

To avoid this situation, just go to the default sec setting for Linux clients:

sec=sys

After changing the filer exporfs file, and typing exportfs -a to reload its configuration, now the client was able to mount the File Systems properly.

References:

http://www.wafl.co.uk/tag/exports/

http://www.novell.com/communities/node/3787/configuring-nfsv4-server-and-client-suse-linux-enterprise-server-10

 

 

One thought on “Yet another Permission Denied with NFS exported from NetApp Filer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s