Network Storage Protocols Discussions

permission denied on mount operation for NFS volume with netgroup in LDAP

zinovik_igor

  Hello.

I'm trying to figure out why my filer do not allow me to mount volume for my netgroups that are stored in LDAP.

Client is opensuse 12.1

ldap2:~ # uname -r

3.1.10-1.9-desktop

NFS4 support is disabled:

ldap2:~ # grep NFS4_SUPPORT /etc/sysconfig/nfs

NFS4_SUPPORT="no"

NFS client services are running:

ldap2:~ # systemctl status nfs.service

nfs.service - LSB: NFS client services

           Loaded: loaded (/etc/init.d/nfs)

           Active: active (exited) since Wed, 12 Sep 2012 10:24:12 +0400; 51min ago

          Process: 16025 ExecStop=/etc/init.d/nfs stop (code=exited, status=0/SUCCESS)

          Process: 16047 ExecStart=/etc/init.d/nfs start (code=exited, status=0/SUCCESS)

           CGroup: name=systemd:/system/nfs.service

Firewall is turned off.  There is no NAT gateway between client and netapp filer.

I store my netgroups in LDAP:

dn: cn=home-hosts,ou=Netgroup,dc=local,dc=prv

objectClass: top

objectClass: nisNetgroup

cn: home-hosts

nisNetgroupTriple: (ldap1.local.prv,,)

nisNetgroupTriple: (ldap2.local.prv,,)

On filer side:

fas2> vol create test sataaggr 1g

fas2> exportfs -io rw=@home-hosts,anon=0 /vol/test

fas2> qtree status test

Volume   Tree     Style Oplocks  Status

-------- -------- ----- -------- ---------

test              unix  enabled  normal

fas2> ping ldap2.local.prv

ldap2.local.prv is alive

fas2> rdfile /etc/nsswitch.conf

hosts: files       nis     dns

passwd: files      nis     ldap

netgroup: files    nis  ldap

group: files       nis     ldap

shadow: files      nis

Filer can successfully find host in netgroups that are stored in LDAP catalog:

fas2> options ldap.base.netgroup ldap.base.netgroup         

ou=Netgroup,dc=local,dc=prv

fas2> priv set advanced

fas2*> getXXbyYY netgrp home-hosts ldap2.local.prv

client ldap2.local.prv is in netgroup home-hosts 

With all this client still cannot mount volume.

ldap2:~ # mount.nfs -o rw,tcp,hard,timeo=600,nfsvers=3 fas2:/vol/test /mnt

mount.nfs: access denied by server while mounting fas2:/vol/test 

ldap2:~ # showmount -e fas2

Export list for fas2:

/vol/test   home-hosts

/vol/backup 172.20.20.29

I enabled nfs.mountd.trace option, but i do not see any messages regarding denied access in /etc/messages on filer.

If i change access to volume

fas2> exportfs -io rw=ldap2.local.prv /vol/test

client is able to mount volume. 

I tried to `exportfs -f`, but it does not help.  I'm just wondering why when i try to check host membership in netgroup

with getXXbyYY on filer i see queries on LDAP server, but i do not see queries when I'm trying to mount volume from client.

1 REPLY 1

Re: permission denied on mount operation for NFS volume with netgroup in LDAP

zinovik_igor

My problem was that names that i specified in netgroup OU lacked PTR records in DNS.

On connection filer has only IP address that it need to map back to DNS name.

When i fixed reverse lookup everything start working fine.

View solution in original post

2021 NetApp Partner Experience Survey
PES Banner
All Community Forums
Public