permission denied on mount operation for NFS volume with netgroup in LDAP

zinovik_igor — Thu, 05 Jun 2025 06:19:11 GMT

Hello.

I'm trying to figure out why my filer do not allow me to mount volume for my netgroups that are stored in LDAP.

Client is opensuse 12.1

ldap2:~ # uname -r

3.1.10-1.9-desktop

NFS4 support is disabled:

ldap2:~ # grep NFS4_SUPPORT /etc/sysconfig/nfs

NFS4_SUPPORT="no"

NFS client services are running:

ldap2:~ # systemctl status nfs.service

nfs.service - LSB: NFS client services

Loaded: loaded (/etc/init.d/nfs)

Active: active (exited) since Wed, 12 Sep 2012 10:24:12 +0400; 51min ago

Process: 16025 ExecStop=/etc/init.d/nfs stop (code=exited, status=0/SUCCESS)

Process: 16047 ExecStart=/etc/init.d/nfs start (code=exited, status=0/SUCCESS)

CGroup: name=systemd:/system/nfs.service

Firewall is turned off. There is no NAT gateway between client and netapp filer.

I store my netgroups in LDAP:

dn: cn=home-hosts,ou=Netgroup,dc=local,dc=prv

objectClass: top

objectClass: nisNetgroup

cn: home-hosts

nisNetgroupTriple: (ldap1.local.prv,,)

nisNetgroupTriple: (ldap2.local.prv,,)

On filer side:

fas2> vol create test sataaggr 1g

fas2> exportfs -io rw=@home-hosts,anon=0 /vol/test

fas2> qtree status test

Volume Tree Style Oplocks Status

-------- -------- ----- -------- ---------

test unix enabled normal

fas2> ping ldap2.local.prv

ldap2.local.prv is alive

fas2> rdfile /etc/nsswitch.conf

hosts: files nis dns

passwd: files nis ldap

netgroup: files nis ldap

group: files nis ldap

shadow: files nis

Filer can successfully find host in netgroups that are stored in LDAP catalog:

fas2> options ldap.base.netgroup ldap.base.netgroup

ou=Netgroup,dc=local,dc=prv

fas2> priv set advanced

fas2*> getXXbyYY netgrp home-hosts ldap2.local.prv

client ldap2.local.prv is in netgroup home-hosts

With all this client still cannot mount volume.

ldap2:~ # mount.nfs -o rw,tcp,hard,timeo=600,nfsvers=3 fas2:/vol/test /mnt

mount.nfs: access denied by server while mounting fas2:/vol/test

ldap2:~ # showmount -e fas2

Export list for fas2:

/vol/test home-hosts

/vol/backup 172.20.20.29

I enabled nfs.mountd.trace option, but i do not see any messages regarding denied access in /etc/messages on filer.

If i change access to volume

fas2> exportfs -io rw=ldap2.local.prv /vol/test

client is able to mount volume.

I tried to `exportfs -f`, but it does not help. I'm just wondering why when i try to check host membership in netgroup

with getXXbyYY on filer i see queries on LDAP server, but i do not see queries when I'm trying to mount volume from client.

Re: permission denied on mount operation for NFS volume with netgroup in LDAP

zinovik_igor — Wed, 28 Nov 2012 17:41:15 GMT

My problem was that names that i specified in netgroup OU lacked PTR records in DNS.

On connection filer has only IP address that it need to map back to DNS name.

When i fixed reverse lookup everything start working fine.

topic Re: permission denied on mount operation for NFS volume with netgroup in LDAP in Network and Storage Protocols

permission denied on mount operation for NFS volume with netgroup in LDAP

Re: permission denied on mount operation for NFS volume with netgroup in LDAP