NFS: Server says "authenticated mount request", but client sees "access denied"
Solution 1
I've seen this if your /etc/hosts.allow and /etc/hosts.deny are not correct; check those files for a line with portmap in it and either comment it out (unsecure if you're not behind a firewall) or set the line on the client/server to be your specific subnet.
So for instance, in /etc/hosts.allow:
portmap: 192.168.0.0/16
...and comment out whatever is in /etc/hosts.deny to make only hosts.allow active. NFS uses tcpwrappers and these files to control access along with what's in /etc/exports.
Solution 2
I faced the same problem from a Debian 10.2 server with a macOS client. My solution:
On the NFS server, add the insecure
option to the share in /etc/exports
and re-run exportfs -r
Solution 3
your rpcinfo
indicates NFS is trying to connect over UDP. it appeared NFSv4 is no longer working over UDP but is expecting TCP to be used.
the linux kernel for example is trying to mount rootfs over UDP even for the NFSv4 and needed a special argument to be added at the tail of nfsroot
. example: nfsroot=192.79.143.131:/diskless/client01,tcp
zigdon
Updated on September 17, 2022Comments
-
zigdon almost 2 years
I have two machine, an NFS server (RHEL) and a client (Debian). The server has NFS set up, exporting a particular directory:
server:~$ sudo /usr/sbin/rpcinfo -p localhost program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 910 status 100024 1 tcp 913 status 100021 1 udp 53391 nlockmgr 100021 3 udp 53391 nlockmgr 100021 4 udp 53391 nlockmgr 100021 1 tcp 32774 nlockmgr 100021 3 tcp 32774 nlockmgr 100021 4 tcp 32774 nlockmgr 100007 2 udp 830 ypbind 100007 1 udp 830 ypbind 100007 2 tcp 833 ypbind 100007 1 tcp 833 ypbind 100011 1 udp 999 rquotad 100011 2 udp 999 rquotad 100011 1 tcp 1002 rquotad 100011 2 tcp 1002 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 1013 mountd 100005 1 tcp 1016 mountd 100005 2 udp 1013 mountd 100005 2 tcp 1016 mountd 100005 3 udp 1013 mountd 100005 3 tcp 1016 mountd server$ cat /etc/exports /dir *.my.domain.com(ro) client$ grep dir /etc/fstab server.my.domain.com:/dir /dir nfs tcp,soft,bg,noauto,ro 0 0
All seems well, but when I try to mount, I see the following:
client$ sudo mount /dir mount.nfs: access denied by server while mounting server.my.domain.com:/dir
And on the server I see:
server$ tail /var/log/messages Mar 15 13:46:23 server mountd[413]: authenticated mount request from client.my.domain.com:723 for /dir (/dir)
What am I missing here? How should I be debugging this?
-
zigdon over 14 yearsTwo different users, but the server dir is set to 755 - readable by anyone. And since the export is RO, shouldn't that be sufficient?
-
-
zigdon over 14 yearsServer has the proc/fs/nfsd, but it's empty. It does show the exports in /proc/fs/nfs/exports though. Failing to mount from multiple machines. A network trace shows the server responding to the mount request with a ERR_ACCESS flag, makes me think it's something server side, not client.
-
James over 14 yearsIf /proc/fs/nfsd is empty on server, it means the nfsd filesystem isn't mounted - it should have a few files in it which the NFS userspace uses to talk to the kernel server. Running mount -t nfsd none /proc/fs/nfsd should fix it. When it's not mounted you get this exact error from clients (been there, done that)
-
betontalpfa about 3 yearsThis should be a comment only...
-
betontalpfa about 3 yearsThis is not an answer...