Networking :: Nfs4 - Mount.nfs4: Access Denied By Server While Mounting
Dec 5, 2010
i'm trying to setup a nfs4 server and client. i followed the instructions in
The SERVER is on 192.168.89.1 running Xubuntu 10.04, and the CLIENT is on 192.168.89.128 running Ubuntu 10.10. Firewall is disabled on both the server and the client for testing purposes. /etc/default/nfs-kernel-server on the SERVER:
# Number of servers to start up
# Runtime priority of server (see nice(1))
because we want UID/GUID to be mapped from names. This way, server and client do not need the users to share same UID/GUID. In that case,
1. Should i set those 2 fields to "no" and "yes" respectively instead?
2. Or else, how do i make sure that the uid on the server is mapped to something useful on the client instead of nobody and nogroup?
i'm trying to setup a nfs4 server and client. i followed the instructions in [URL](nfsv4 quick start section) and [URL] The SERVER is on 192.168.89.1 running Xubuntu 10.04, and the CLIENT is on 192.168.89.128 running Ubuntu 10.10. Firewall is disabled on both the server and the client for testing purposes. /etc/default/nfs-kernel-server on the SERVER:
# Number of servers to start up RPCNFSDCOUNT=8 # Runtime priority of server (see nice(1))
On the [URL], i see some steps related to portmap on the "NFS Server" and "NFS Client" sections. Would i need those steps as well? There's also a list of steps on [URL] (linked from [URL]. Are those necessary?
EDIT: Running showmount on the client seemed to show that NOTHING is shared on the server:
I run a mediaserver on Archlinux, working perfectly (or almost). I have set up NFS v3 and that worked for me on these clients:
- Debian Lenny - Archlinux 64bit
Now I've upgraded my Lenny-box to squeeze and I see that 2 of my 3 shared folders (tdone and twatch) are mounted like they should and the third one (media) doesn't come up. A 'mount -a' as root gives this error: mount.nfs4: access denied by server while mounting (null) My relevant fstab-lines:
I can not use nfs from F10 client to F12 server. nfs mount on F10 to F12 times out anf nfs4 mount gives "mount.nfs4: mounting localhost:/home failed, reason given by server: No such file or directory" I have tried to close firewall and set selinux to permissive mode on both client and server with same result. Samba works fine. On server [root@flokipal ~]# mount -t nfs4 localhost:/home /media/tonlist mount.nfs4: mounting localhost:/home failed, reason given by server: No such file or directory
[root@flokipal ~]# mount -t nfs localhost:/home /media/tonlist [root@flokipal ~]#
I wanted to use NFS4 with id mapping. I followed the write up at [URL] and basically have everything working.
The problem is that I cannot write a file unless I have group write permissions. On the server the user has uid = 1000, gid = 1000. On the client the user has uid =1699, gid = 1000. Both have the same user name.
On the client the directory listing properly shows the user name and the group name. If the file on the server is 644, the client cannot write to the file. If it is 664 on the server, then the client can write to the file.
/etc/export on server contains:
Code: /export 172.24.84.0/24(rw,fsid=0,insecure,no_subtree_check,async) /export/myuser 172.24.84.0/24(rw,nohide,insecure,no_subtree_check,async) /etc/fstab on client contains:
Attempts to do a mount -t nfs4 servername:/share /mnt hang. Performing an strace of the mount shows that the mount command is attempting to find /sbin/mount.nfs4 The nfs server, client, and util packages are installled. Did ps -ef | grep idmapd; ps -ef | grep gssd to check client side daemons and things look good. Not using gssd right now tho. Just want to get the thing to mount. Firewalls are not running. Doing a showmount -e servername reports the shares as being offered. I can mount it using nfs v3 protocol.
I just built an AMD Phenom II Six Core with 4 Gigs Ram a 160Gib / and swap, and (2) Two Tb mirror for Raid (data storage) I had been using DMRAID in the deprecated box but this box has MDADM v3.1.4 - 31st August 2010 from source (on MDADM wikipedia).
I have no permission problems with using the raid and dmraid is un-installed. The raid is working perfectly and is mounted in my fstab with ext4 defaults 0 2 as my options.
I have two exports /media/raid/Test /test
Both show IP and subnet on the showmount -e for the server. I can mount the test just fine on the server. I cannot, however, mount the /media/raid/Test error: mount.nfs: access denied by server while mounting hostname:/media/raid/Test Using dmraid I am able to have the deprecated box export and mount nfs shares from the raid but using MDADM on the new computer, I cannot. I get similar results with pointing MYSQL's data folder to a location on the "/media/raid/Database" (even with apparmor entries).
So I have a few Ubuntu (Hardy till I can find a replacement for Xen) boxes that I am trying move from nfs3 to nfs4.I set it up according to this guide: URL...However I ran into trouble when the client see's all users/groups as nobody/nogroup.The current set up is that all the boxes have synced uids/gids and all users with root access can be trusted. I read some reports that said the only way this could be fixed was by using Kerberos. However I would really prefer not having to move to Kerberos as I have heard that it is very intensive to set up. So what I am looking for here is a solution other than sticking with nfs3 or putting everything on Kerberos. However if you think that Kerberos is easier to set up than I am giving it credit for then that could be useful to hear as well.
I set up a nfs server that is working locally only, on remote I get this: root@poc ~]# mount -t nfs storage:/var/ftp/pub /net mount.nfs: access denied by server while mounting storage:/var/ftp/pub
This is my exports file: /var/ftp/pub/downloads 192.168.1.23(rw,sync) /var/ftp/pub 192.168.1.23(ro,sync) this is my rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100011 1 udp 875 rquotad .....
Firewall has 2049 open only. Other services suck as nfs or status, lockd have random ports, so firewalled.
I recently installed CentOS 5 as my server. I have samba running 100%, today i was working on NFS i had it semi working at one point where i could mount to the shared folder but i could not see any of the files in it, now when ever i try to access it i get, mount.nfs: access denied by server while mounting 192.168.1.100:/Server
I am connecting servers using NFS4 the shared directories are on servers running Debian 4 while the one who read from them is Debian 5.0.3. The problem is one of these shared servers suddenly stop responding and you cannot list it from Debian 5 server, also df hang, and the web application that is using it does not respond to requests that use this shared directory since it is blocked. Then the load on the server start to increase until the server cannot respond (over 90). I have found many entries in the syslog that refer to this like:
ma25555 kernel: [1200285.732919] nfs: server 10.xxx.xxx.xxx not responding, still trying Dec 31 08:16:33 ma25555 kernel: [1200289.815378] INFO: task java:9702 blocked for more than 120 seconds. Dec 31 08:16:33 ma25555 kernel: [1200289.835249] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. code....
I have tried the connection between the 2 servers using ping for one day and all are OK (zero lost)
There are 3 other servers that are running Debian 4 and are working fine.
I'm using Linux in a large multi-user network. Let A be some group which I'm am member of, but which is not my primary group. According to chmod(2) I should be able to chgrp a file to group A. Trying to do so succeeds on a local as well as on a NFSv3 mount, but not on a NFSv4/Kerberos mount (EPERM). Are there any special considerations regarding chgrp when using NFSv4 mounts?
[root@serv03 /]# ls -l /media/exPort/mMusic total 16 drwxrwxr-x 11 databank lhome 4096 Jun 23 21:25 iTunes drwxrwxr-x 3 databank lhome 4096 Aug 19 2010 Network Trash Folder drwxrwxr-x 3 databank lhome 4096 Aug 13 2010 Streaming Radio
But it doesn't work - neither it throws any errors in, nor does it mount the share. All I need is to mount "/mMusic" (i.e. /media/exPort/mMusic) as "serv03:/media/nMedia/mMusic" so that tree looks like this:
Since FC6, NFS became very finicky and seemingly causes servers to randomly denying mounts from some terminals but not others, with all exactly the same new FC installation and exactly the same hardware - crazy!. The only difference is hostnames of the terminals trying to mount NFS volumes on the server and I made sure that /etc/hosts on all terminals and servers contain each others ip addresses and hostnames. I always uninstall SELinux which is truly a huge pain in a corporate environment. Is there ANY way I can relax the NFS authentication on the server in order to make sure clients can mount volumes?
e.g. the following is encountered often, with sometimes crazy situations that clients can only mount nfs volum es from the server after I first boot the server and then ALL the terminals. It is painful as you might agree! Other way round, no go, client will not mount until server is booted and then client booted.
In this case I really prefer windows lackey security. It works. Never mind how crappy windows is, at least I don't have diabolical access problems on servers.. NFS used to be very nice about 6 years ago but truly sucks recently imo. /]# mount -o soft -t nfs nfsserver:/public /xfer mount.nfs: access denied by server while mounting nfsserver:/public
I'm trying to setup a kickstart installation and having some trouble with firewall settings. When you do a manual install it gives you the option on first boot to allow https, samba, and nfs4 in the firewall. I have as yet been unable to find the options for doing this in kickstart. Here is my current firewall line:
I have tried just adding --https but it errors on me. Am I just missing the keywords to set these up? I have looked but i can't find keywords for any services except telnet that are not already included in my firewall line. Should i be trying to do this with iptables in post rather than in the kickstart itself?
i set up a ubuntu server (10.04) with LDAP, Kerberos and NFS4. Did a set up for a client (ubuntu desktop 10.04 32 / 64) to connect to ldap, kerberos and nfs4-mount. All is working fine except of the idmapping. Some uids are not mapped to names. the entrys, which cannot be mapped, change. so 10 minutes before the uid was mapped to the correct name, after that time (i'm not sure if it's exactly 10 minutes) the name is mapped to nobody. sometimes the gid cannot be mapped too.I mount the nfs-share via nfs4 with sec=krb5 (krb5i or krb5p result in the same problem) and after successfully mounting the device, i type ls -la. i never have problems with getent passwd or with logging in as ldap-user. i get all the entries of the ldap-db and i also get kerberos tickets. All is working fine with nfs3, but i would like to use nfs4 for security-reasons.
if i run the rpc.idmapd with many "-v" i get the following messages in the daemon.log-file:
the first part is the response to a correct name-to-uid-mapping the second part is a failed one. both user exist, both users have the same ldap-entries (except of the different descriptions, uid and so on). the responses have the same timestamp, so the reply is in (nearly) the same second.
restarting the idmap-daemon every 5 minutes or other workarounds are not practicable in normal operating environment.
Using NFS on the client machine. I am running scientific linux on my machine. Its working fine for my other machines.I have made sure that the firewall is disabled and also the selinux too. here is what i get when i use rpcinfo -p on the client.
rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100007 2 udp 868 ypbind 100007 1 udp 868 ypbind .....
I just set up a storage server with NFS sharing. Everything work fine but, when trying to mount the remote partition on my ws, this is the issue: /usr/sbin/start-statd: line 8: /sbin/rpc.statd: Permission denied /usr/sbin/start-statd: line 8: /sbin/rpc.statd: Success mount.nfs: rpc.statd is not running but is required for remote locking. mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
I tried so to mount it locally : mount.nfs: access denied by server while mounting localhost:/var/ftp/pub /mnt I don't think it depends because of the permiss of the directory, and anyway it's 1777.
I configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.
I have a shared directory on another machine but I can't get it to mount as a samba share. The permission denied doesn't say where/which permission is denied. Is it on the remote on on the local machine? The remote has sharing enabled for the shareddocs directory and after I have mkdir'ed the local mount point I open it's permissions too. The verbose response from mount.cfis looks like this:
mount.cifs kernel mount options: unc=//192.168.1.102shareddocs,domain=WORKGROUP,ver=1,rw ,username=clive,,,,,,,,,,,ip=192.168.1.102,pass=** ****** mount error(13): Permission denied Refer to the mount.cifs( manual page (e.g. man mount.cifs)
I have a linux domain (FEDORA CORE 1) and two laptop's which are part of my domain with windows xp pro service pack 2.I have given two ip's to both the laptop's being primary as global and secondary as local.I have configured printer in one laptop and shared.Till last week i was accessing that shared printer from my other laptop and every thing was working fine.Last week i formatted one laptop,(which dose not have shared printer) from then onwards i am not able to access my other laptop. I get the following message when i try to accessmy other Laptop,"you might not have permission to use this network resource. contact the administrator of this server to find out if you have access permission there are currently no logon servers available to service the logon request"P.S : If i have only local IP i am able to see both the systems and i am able to access my printer, this problem comes only when i add global IP to both the machines.And also i have stopped the firewall and other things.
When trying to mount samba share off of domain member server sysimage in Windows receive error "There are currently no logon servers available to service this logon request". When trying to mount.cifs from PDC to samba share on sysimage receive error "mount error(13): Permission denied".
PDC is ClearOS 5.2 named "dc0" Samba file server is CentOS 5.5 x86_64 named "sysimage" dc0 Samba version is samba - 3.5.5-1.1.v5.i386 sysimage Samba version is samba-3.0.33-3.29.el5_5.1.x86_64
dc0 is configured correctly to my knowledge, windows machines can join domain, domain users can log into windows machines, user directories are mapped properly, logon scripts run properly. sysimage ldap authentication is set up as shown in "Procedure 7.1.
I am attempting to Kerborize an NFS server on a RHEL6 machine, but I cannot get it quite right. The error message I receive when executing the following command (as myself, not as root) is:
I have a keytab generated from the KDC for both NFS server and NFS client (both RHEL6 hosts) placed in /etc, and I have configured PAM/Kerberos so I can login via SSH and see I have a valid ticket with klist.
I can login to both NFS server and NFS client via SSH and get a ticket, but I don't know where the problematic NFS permissions reside.
The /etc/exports file on the NFS server looks like:
I have disabled IP Tables on both client and server, and hosts.allow and hosts.deny are not blocking traffic at the moment. On the NFS server.
Here is the output of rpcinfo:
On the NFS client, here is the output of that same command:
I've only recently encountered this problem with vsftpd when I was creating new ftp accounts. I keep on getting:
550 Access Denied.
on every action I try to do on ftp, no matter what. I've been trying to solve this myself however my attempts have been futile.
The permissions, and ownership have been checked and rechecked tens of times now, so thats not the issue. I've reinstalled the OS of my server twice now, and the problem is still persisting. Heres my config file, this isnt for anon by the way.
Code: # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. #
I am getting an access denied when trying to log in via SSH to my home server with putty(windows) over the internet. I can use any user including root and get the same result. If I use my Android phone with the ssh terminal command I am able to successfully log in and use the server.
Has anyone seen this? I have attached a screenshot of it to this post.
When I log in using PUTTY, as soon as I enter my username and hit enter I get Access denied, then a prompt for a password and all works well, it just tells me access denied even though it didnt deny me. its weird.
I'm using lenny (kernel-image 2.6.21-2-686) with openssh-server (1:4.6p1-5). I can access the server via ssh from local workstations. I cannot access from the internet.
I get the login prompt, but it only gives "access denied" errors after password input. 1.I have purged and reinstalled. 2.I have used the /etc/ssh directory from a working system. 3.I have compared /etc/pam.d/ssh between a working system and this one 4.There is no firewall 5.There are no entries in hosts.allow or hosts.deny 6.sshd_config is default debian
This has worked out-of-the-box for me numerous times. Another thing that is unusual about this system, is that even within the local network, I cannot assign and use a nonstandard port. This has also always worked on previous installs.
Since I am getting the login prompt, I am assuming that port-forwarding on the router is working properly. I'm running out of places to look. I hope someone has seen this behavior before.