NFS: Server says "authenticated mount request", but client sees "access denied"

debian nfs rhel4

28,963

Solution 1

I've seen this if your /etc/hosts.allow and /etc/hosts.deny are not correct; check those files for a line with portmap in it and either comment it out (unsecure if you're not behind a firewall) or set the line on the client/server to be your specific subnet.

So for instance, in /etc/hosts.allow:

portmap: 192.168.0.0/16

...and comment out whatever is in /etc/hosts.deny to make only hosts.allow active. NFS uses tcpwrappers and these files to control access along with what's in /etc/exports.

Solution 2

I faced the same problem from a Debian 10.2 server with a macOS client. My solution:

On the NFS server, add the insecure option to the share in /etc/exports and re-run exportfs -r

Source here.

Solution 3

your rpcinfo indicates NFS is trying to connect over UDP. it appeared NFSv4 is no longer working over UDP but is expecting TCP to be used.

the linux kernel for example is trying to mount rootfs over UDP even for the NFSv4 and needed a special argument to be added at the tail of nfsroot. example: nfsroot=192.79.143.131:/diskless/client01,tcp

28,963

Author by

zigdon

Updated on September 17, 2022

Comments

zigdon almost 2 years

I have two machine, an NFS server (RHEL) and a client (Debian). The server has NFS set up, exporting a particular directory:

server:~$ sudo /usr/sbin/rpcinfo -p localhost
program vers proto   port
100000    2   tcp    111  portmapper
100000    2   udp    111  portmapper
100024    1   udp    910  status
100024    1   tcp    913  status
100021    1   udp  53391  nlockmgr
100021    3   udp  53391  nlockmgr
100021    4   udp  53391  nlockmgr
100021    1   tcp  32774  nlockmgr
100021    3   tcp  32774  nlockmgr
100021    4   tcp  32774  nlockmgr
100007    2   udp    830  ypbind
100007    1   udp    830  ypbind
100007    2   tcp    833  ypbind
100007    1   tcp    833  ypbind
100011    1   udp    999  rquotad
100011    2   udp    999  rquotad
100011    1   tcp   1002  rquotad
100011    2   tcp   1002  rquotad
100003    2   udp   2049  nfs
100003    3   udp   2049  nfs
100003    4   udp   2049  nfs
100003    2   tcp   2049  nfs
100003    3   tcp   2049  nfs
100003    4   tcp   2049  nfs
100005    1   udp   1013  mountd
100005    1   tcp   1016  mountd
100005    2   udp   1013  mountd
100005    2   tcp   1016  mountd
100005    3   udp   1013  mountd
100005    3   tcp   1016  mountd

server$ cat /etc/exports
/dir      *.my.domain.com(ro) 

client$ grep dir /etc/fstab
server.my.domain.com:/dir   /dir      nfs tcp,soft,bg,noauto,ro 0 0

All seems well, but when I try to mount, I see the following:

client$ sudo mount /dir
mount.nfs: access denied by server while mounting server.my.domain.com:/dir

And on the server I see:

server$ tail /var/log/messages
Mar 15 13:46:23 server mountd[413]: authenticated mount request from client.my.domain.com:723 for /dir (/dir)

What am I missing here? How should I be debugging this?

zigdon over 14 years

Two different users, but the server dir is set to 755 - readable by anyone. And since the export is RO, shouldn't that be sufficient?

zigdon over 14 years

Server has the proc/fs/nfsd, but it's empty. It does show the exports in /proc/fs/nfs/exports though. Failing to mount from multiple machines. A network trace shows the server responding to the mount request with a ERR_ACCESS flag, makes me think it's something server side, not client.
James over 14 years

If /proc/fs/nfsd is empty on server, it means the nfsd filesystem isn't mounted - it should have a few files in it which the NFS userspace uses to talk to the kernel server. Running mount -t nfsd none /proc/fs/nfsd should fix it. When it's not mounted you get this exact error from clients (been there, done that)
betontalpfa about 3 years

This should be a comment only...
betontalpfa about 3 years

This is not an answer...