Data ONTAP Discussions

Highlighted

NFS v4 mount gives access denied on junction path

Hi,

 

I am pretty new to Clustered Data Ontap. On our FAS2620 with NetApp Release 9.4P4 I created a export policy for a share with NTFS security. The strange thing is, that I can mount the share /vol/vol1, but not /vol/vol1/projects.

 

When I mount /vol/vol1 I can see the projects folder and I have the correct access rights with my user, but I would rather mount /vol/vol1/projects directly. When I try it on my Ubuntu 18.04 Linux client, I get an error message:

 

mount -o sec=sys,vers=4.0 svm1:/vol/vol1/projects /mnt
mount.nfs: access denied by server while mounting svm1:/vol/vol1/projects

 

On the other hand, mount of /vol/vol1 succeeds without problems. When specifying NFS v3, I can mount both path, i.e. /vol/vol1 and /vol/vol1/projects.

What am I mssing?

 

Kind regards,

Andreas

 
7 REPLIES 7

Re: NFS (v3 and v4) mount gives access denied on junction path


@USER_2000 wrote:

Hi,

 

I am pretty new to Clustered Data Ontap. On our FAS2620 with NetApp Release 9.4P4 I created a export policy for a share with NTFS security. The strange thing is, that I can mount the share /vol/vol1, but not /vol/vol1/projects.

 

When I mount /vol/vol1 I can see the projects folder and I have the correct access rights with my user, but I would rather mount /vol/vol1/projects directly. When I try it on my Ubuntu 18.04 Linux client, I get an error message:

 

mount.nfs: access denied by server while mounting svm1:/vol/vol01/projects

 

On the other hand, mount of /vol/vol1 succeeds without problems.

What am I mssing?

 

Kind regards,

Andreas

 

You can check perm issions with 'file-directory' CMD

vserver security file-directory show -vserver vs1 -path /vol/vol1/projects

Is the 'projects' folder created as a qtree or folder.
If qtree, check security style on it:
qtree show -vserver vs1

 

Also, on cDOT you have to add your export policy to the root namespace..but that should already been done as you can mount one layer up

 

Re: NFS (v3 and v4) mount gives access denied on junction path

Hi,

 

It is a qtree with NTFS security style. When I mount the share with NFS v3 or the path /vol/vol1 with NFS v4, permissions work as expected. The default export policy on the root has been openend and I created a export policy for /vol/vol1/projects as well. I probably made a mistake there, but I have no idea what could be the problem and where to look.

 

I tried check-access:

svm::> check-access -vserver svm1 -volume vol1 -client-ip 10.1.1.100 -authentication-method sys -protocol nfs4 -access-type read-write
  (vserver export-policy check-access)
                                         Policy    Policy       Rule
Path                          Policy     Owner     Owner Type  Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/                             default    svm1_root
                                                   volume          1 read
/vol                          default    svm1_root
                                                   volume          1 read
/vol/vol1                     default    vol1      volume          1 read-write
3 entries were displayed.
The result is the same vor nfs3.

 

Kind regards,

Andreas

Re: NFS (v3 and v4) mount gives access denied on junction path

As it´s NTFS security style and not Unix you could try to check the -ntfs-unix-security-ops {ignore|fail}] option.

 

You can read more about it here:
vserver export-policy rule show

 

But basically check with:

cluster::*> vserver export-policy rule show -vserver vs1 -fields ntfs-unix-security-ops                                                                             vserver        policyname ruleindex ntfs-unix-security-ops

-------------- ---------- --------- ----------------------

vs1                 default            1                  fail

 

If it says fail, change to ignore and test

 

 

 

Re: NFS v4 mount gives access denied on junction path

I once ran into the same issue. You need to grant the NTFS right "Traverse folder/ execute file" to the "Authenticated User" group on your projects folder.

Re: NFS (v3 and v4) mount gives access denied on junction path

I changed the option, but it made no difference. Just some more information:

 

rngx6786::> export-policy check-access -vserver svm1 -volume svm1_vol01 -client-ip 10.1.1.100 -authentication-method sys -protocol nfs4 -access-type read-write -qtree projects
                                         Policy    Policy       Rule
Path                          Policy     Owner     Owner Type  Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/                             default    svm1_root
                                                   volume          1 read
/vol                          default    svm1_root
                                                   volume          1 read
/vol/vol1                     default    svm1_vol01
                                                   volume          1 read
/vol/vol1/projects            default    svm1_vol01
                                                   volume          1 read-write
4 entries were displayed.

rngx6786::> qtree show
Vserver    Volume        Qtree        Style        Oplocks   Status
---------- ------------- ------------ ------------ --------- --------
svm1       svm1_root ""           ntfs         enable    normal
svm1       svm1_vol01
                         ""           ntfs         enable    readonly
svm1       svm1_vol01
                         projects     ntfs         enable    readonly
svm1       svm1_vol01
                         topics       ntfs         enable    readonly

Re: NFS v4 mount gives access denied on junction path

The permissions are set like this, so it must be something different.

 

Thank you,

 

Andreas

Re: NFS v4 mount gives access denied on junction path

You are using nfs4..

 

Have you set up NFSv4 iddomain specified on the client and vServer??

 

https://kb.netapp.com/app/answers/answer_view/a_id/1030467/~/how-to-configure-nfsv4-in-cluster-mode-

 

 

Forums