Fedora :: NFS Access Denied By Server While Mounting Nfsserver:/public
Dec 3, 2009
Since FC6, NFS became very finicky and seemingly causes servers to randomly denying mounts from some terminals but not others, with all exactly the same new FC installation and exactly the same hardware - crazy!. The only difference is hostnames of the terminals trying to mount NFS volumes on the server and I made sure that /etc/hosts on all terminals and servers contain each others ip addresses and hostnames. I always uninstall SELinux which is truly a huge pain in a corporate environment. Is there ANY way I can relax the NFS authentication on the server in order to make sure clients can mount volumes?
e.g. the following is encountered often, with sometimes crazy situations that clients can only mount nfs volum es from the server after I first boot the server and then ALL the terminals. It is painful as you might agree! Other way round, no go, client will not mount until server is booted and then client booted.
In this case I really prefer windows lackey security. It works. Never mind how crappy windows is, at least I don't have diabolical access problems on servers.. NFS used to be very nice about 6 years ago but truly sucks recently imo. /]# mount -o soft -t nfs nfsserver:/public /xfer mount.nfs: access denied by server while mounting nfsserver:/public
I set up a nfs server that is working locally only, on remote I get this: root@poc ~]# mount -t nfs storage:/var/ftp/pub /net mount.nfs: access denied by server while mounting storage:/var/ftp/pub
This is my exports file: /var/ftp/pub/downloads 192.168.1.23(rw,sync) /var/ftp/pub 192.168.1.23(ro,sync) this is my rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100011 1 udp 875 rquotad .....
Firewall has 2049 open only. Other services suck as nfs or status, lockd have random ports, so firewalled.
I recently installed CentOS 5 as my server. I have samba running 100%, today i was working on NFS i had it semi working at one point where i could mount to the shared folder but i could not see any of the files in it, now when ever i try to access it i get, mount.nfs: access denied by server while mounting 192.168.1.100:/Server
I just built an AMD Phenom II Six Core with 4 Gigs Ram a 160Gib / and swap, and (2) Two Tb mirror for Raid (data storage) I had been using DMRAID in the deprecated box but this box has MDADM v3.1.4 - 31st August 2010 from source (on MDADM wikipedia).
I have no permission problems with using the raid and dmraid is un-installed. The raid is working perfectly and is mounted in my fstab with ext4 defaults 0 2 as my options.
I have two exports /media/raid/Test /test
Both show IP and subnet on the showmount -e for the server. I can mount the test just fine on the server. I cannot, however, mount the /media/raid/Test error: mount.nfs: access denied by server while mounting hostname:/media/raid/Test Using dmraid I am able to have the deprecated box export and mount nfs shares from the raid but using MDADM on the new computer, I cannot. I get similar results with pointing MYSQL's data folder to a location on the "/media/raid/Database" (even with apparmor entries).
i'm trying to setup a nfs4 server and client. i followed the instructions in [URL](nfsv4 quick start section) and [URL] The SERVER is on 192.168.89.1 running Xubuntu 10.04, and the CLIENT is on 192.168.89.128 running Ubuntu 10.10. Firewall is disabled on both the server and the client for testing purposes. /etc/default/nfs-kernel-server on the SERVER:
Code:
# Number of servers to start up RPCNFSDCOUNT=8 # Runtime priority of server (see nice(1))
[code]....
On the [URL], i see some steps related to portmap on the "NFS Server" and "NFS Client" sections. Would i need those steps as well? There's also a list of steps on [URL] (linked from [URL]. Are those necessary?
EDIT: Running showmount on the client seemed to show that NOTHING is shared on the server:
I run a mediaserver on Archlinux, working perfectly (or almost). I have set up NFS v3 and that worked for me on these clients:
- Debian Lenny - Archlinux 64bit
Now I've upgraded my Lenny-box to squeeze and I see that 2 of my 3 shared folders (tdone and twatch) are mounted like they should and the third one (media) doesn't come up. A 'mount -a' as root gives this error: mount.nfs4: access denied by server while mounting (null) My relevant fstab-lines:
i'm trying to setup a nfs4 server and client. i followed the instructions in
[URL]
The SERVER is on 192.168.89.1 running Xubuntu 10.04, and the CLIENT is on 192.168.89.128 running Ubuntu 10.10. Firewall is disabled on both the server and the client for testing purposes. /etc/default/nfs-kernel-server on the SERVER:
Code:
# Number of servers to start up RPCNFSDCOUNT=8 # Runtime priority of server (see nice(1))
[code]....
because we want UID/GUID to be mapped from names. This way, server and client do not need the users to share same UID/GUID. In that case,
1. Should i set those 2 fields to "no" and "yes" respectively instead?
2. Or else, how do i make sure that the uid on the server is mapped to something useful on the client instead of nobody and nogroup?
I am working currently on my server on an issue, I configured the SSH Deamon that only people who have a valid ssh-key can login on to the server, and kicked the password option. Now I've added a user account git. I navigate to his home folder created the folder ".ssh" and created in that folder the file "authorized_keys" I copied my public key in there. Now on my local machine I added that identity (via ssh-add) and I wanted to connect to my server. but when I'm trying to login myself I can't the only message I get is "Permission denied (publickey)."
I configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.
I'm trying to write a p2p file sharing program using python's built-in libraries. Everything is going well. The only thing is that i'd like to be able to use openssl public and private keys so only a host with the public key could access/decrypt the filesharing. I've gotten these libraries (httplib, basehttpserver, ssl, os) to work using just a pem file containing both the public and private keys but no success with them seperately. Can someone point me in the right direction or offer an alternative? PS, the goal of the project is to create an anonymous, decentralized, secure file sharing program. I want to be able to upload this to sourceforge so everyone can use it, if that's any incentive
I have two nagging problems on one network which I do not have on another elsewhere, both using uptodate Debian servers. The server is on the private subnet behind a router/adsl modem. The symptoms of the one which does not work
1) Users cannot access their web site from lan. If they try, they get to the router web interface, same as if they entered http:10.0.0.138 which is the router's lan address.
2) Users cannot access smtp or pop3 service using the domain name, they can access it only using the servers LAN address.
I fear that I might have not set up the router properly because appart from that the two servers are almost identical but I do not know where I might have made an error.
I setup a Samba share and I cannot connect. I can mount in on local host but when I CD to the folder I mounted the share on I get access denied when I run ls.
I am attempting to Kerborize an NFS server on a RHEL6 machine, but I cannot get it quite right. The error message I receive when executing the following command (as myself, not as root) is:
Code:
I have a keytab generated from the KDC for both NFS server and NFS client (both RHEL6 hosts) placed in /etc, and I have configured PAM/Kerberos so I can login via SSH and see I have a valid ticket with klist.
I can login to both NFS server and NFS client via SSH and get a ticket, but I don't know where the problematic NFS permissions reside.
The /etc/exports file on the NFS server looks like:
Code:
I have disabled IP Tables on both client and server, and hosts.allow and hosts.deny are not blocking traffic at the moment. On the NFS server.
Here is the output of rpcinfo:
On the NFS client, here is the output of that same command:
Currently I am having troubles getting my ssh key to work correctly. I have had a desktop crash which has been reformatted to use ubuntu. The key residing in id_rsa.pub has been copied over to the ssh server into the authorized keys of the given user. however When we try to login we get a "permission denied (public key, keyboard-interactive)" error. below is the debug option:
jv@ops-desktop:~/.ssh$ ssh -v jv@x.x.x.x OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for *
I set up an SSH server on my home machine and finally figured out that I needed to disable password authentication to get RSA authentication enabled. Now I'm having problems with that too.ssh -v -i id_rsa ashtray@x.x.x.83
Code: OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /etc/ssh/ssh_config
Using NFS on the client machine. I am running scientific linux on my machine. Its working fine for my other machines.I have made sure that the firewall is disabled and also the selinux too. here is what i get when i use rpcinfo -p on the client.
rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100007 2 udp 868 ypbind 100007 1 udp 868 ypbind .....
I have not done the SMTP debug yet but just from basic troubleshooting, I think I know what the problem is. My mail server is rejecting my web server from sending mail due to 'relay access denied':
Code: root@www:# telnet mail.domain.tld 25 Trying 211.113.101.135... Connected to mail.domain.tld. Escape character is '^]'.
I've only recently encountered this problem with vsftpd when I was creating new ftp accounts. I keep on getting:
550 Access Denied.
on every action I try to do on ftp, no matter what. I've been trying to solve this myself however my attempts have been futile.
The permissions, and ownership have been checked and rechecked tens of times now, so thats not the issue. I've reinstalled the OS of my server twice now, and the problem is still persisting. Heres my config file, this isnt for anon by the way.
Code: # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. #
Has anyone seen this? I have attached a screenshot of it to this post.
When I log in using PUTTY, as soon as I enter my username and hit enter I get Access denied, then a prompt for a password and all works well, it just tells me access denied even though it didnt deny me. its weird.
I am getting an access denied when trying to log in via SSH to my home server with putty(windows) over the internet. I can use any user including root and get the same result. If I use my Android phone with the ssh terminal command I am able to successfully log in and use the server.
host is windows 2003 server 64-bit guest is ubuntu 9.04 server 64bit Qemu : 0.11.1 Qemu manager: 7.0
from Qemu manager, if network card is using User Networking, it's a NAT and I can see that Guest Ubuntu has an ip address 10.0.2.15 and is able to access the internet. However, as Guest ubuntu is running server so I want to do use Tap networking and I assue with Tap, the Guest ubuntu will get an ip address which is in the same subnet as host machine by dhcp. so from Qemu Manager 7.0, I changed Network card to be:
NE2000PCI Vlan Number =0 VLAN Type: Tap Networking Mac address: tap0's mac address from host TAP Network Adpator: Tap0
Note that tap0 was created by openvpn. and then fired Ubuntu guest, ifconfig shows no ip address on eth0 (which has the same mac address as Tap0) so the guest Ubuntu has no ip address and can't access public.
I've spent days trying to setup access properly from a public address to a monitoring server that works fine locally. Everything works from public access until I try to link to a CVS repository. The rancid CVS repository is set up as a separate server (virtualhost). It appears the referring link causes a DNS error (105: Server Not Found) when the CVS repository server is accessed from the public address. Things work fine when accessing via localhost.
Localhost link:
[URL]
Public link: (this results in 105 error caused by redirection (bold portion of link))
I did create an rsa certificate with ssh-keygen using my root account on a client: ssh-keygen -t rsa -b 2048 no passphrase I did copy the rsa pub_key from my client to the server scp id_rsa sampleuser@sampleserver:/home/sampleuser/.ssh/authorized_keys
I did change the ownership to the "sampleuser" of the pub key file on the server: I trayd to connect: ssh sampleuser@sapleserver
I get that: permission denied (public key)... I know I do smth wrong but I don't know what.
when client goes to bind to NFS share on remote server - they are getting access denied when using the mount command; [SERVER] - CentOS 5.3 /etc/exports /mnt/data 192.168.5.199(rw) - implying the client I want to have access
I have configured mail server with postfix with dovecot with no encryption: When connecting with Thunderbird imap is working fine. When sending email from another domain to this domain again it is fine. But when I want to send mail from my domain to another it gives me error and this is /var/log/maillog: Quote:Jan 18 18:23:09 srv1 postfix/smtpd[3991]: NOQUEUE: reject: RCPT from unknown[95.81.67.120]: 554 5.7.1 <Recipient email>: Relay access denied; from=<Sender> to=<Recipient email> proto=ESMTP helo=<[127.0.0.1]>
I'm having a hard time to access MySQL from the local or remote shell. If I try to access MySQL, using mysql -u root -pxxxx I get the error 1045 Access denied...
MySQL is running and I can access it, using phpmyadmin.
There must be something blocking shell access. Can anybody confirm and tell me how to check/configure for shell access? I'm using ca preconfigured CenOS from PBX in a flash and it seems they did some security settings - but I can't find any further information. I know I should probably post there, but the Mods didn't activate my account yet. And you know how it is if you try to figure something out. You won't stop.
