Network and Storage Protocols

NFS mount problem after change sec option to "none" ...

pawel_wierzbicki
9,510 Views

Hi,

This is my next post about "mount nfs Permission deniad" after change sec option in export file on Netapp storage to "none".

So,

I need export one wolume (nfs2) to all clients (linux hosts and servers) without connet to LDAP or NIS database:

netapp-storage> exportfs

/vol/vol0/home  -sec=sys,rw,nosuid

/vol/vol0       -sec=sys,rw,anon=0,nosuid

/vol/nfs        -sec=sys,rw=10.0.138.151,nosuid

/vol/nfs2       -sec=sys,rw,nosuid

All users in clients hosts have different UID/GID.

All user can mount /vol/nfs2 in client station but all users saved file to its own UID/GID.

mount -t nfs -o vers=3,rw,bg,tcp,timeo=600,retrans=2,rsize=2048,wsize=2048,soft,intr 10.7.36.77:/vol/nfs2 /mnt/nfs2

where 10.7.36.77 is netapp-storage IP and 10.0.138.151 is client-simulator IP and security style volume nfs2 is UNIX.

client-simulator:/mnt/nfs2 # ls -la

total 12

drwxrwxrwx  3 nobody  nogroup 4096 May 25  2012 .

drwxr-xr-x  4 root    root    4096 May 24 10:17 ..

drwxrwxrwx 11 root    root    4096 May 25 08:00 .snapshot

-rw-r--r--  1 andrzej users      0 May 25  2012 andrzej_test

-rw-r--r--  1 pawel   users      0 May 25  2012 pawel_test

-rw-r--r--  1 nobody  nogroup    0 May 25  2012 root_test

I want all users to write down to this resource with the same privileges so I changed the option sec to "none" like "all_squash" option in NFS server.

netapp-storage> exportfs

/vol/vol0/home  -sec=sys,rw,nosuid

/vol/vol0       -sec=sys,rw,anon=0,nosuid

/vol/nfs        -sec=sys,rw=10.0.138.151,nosuid

/vol/nfs2       -sec=none,rw,nosuid

All looks great:

client-simulator:/mnt/nfs2 # ls -la

total 12

drwxrwxrwx  3 nobody  nogroup 4096 May 25  2012 .

drwxr-xr-x  4 root    root    4096 May 24 10:17 ..

drwxrwxrwx 11 root    root    4096 May 25 08:00 .snapshot

-rw-r--r--  1 andrzej users      0 May 25 10:56 andrzej_test

-rw-r--r--  1 nobody  nogroup    0 May 25  2012 andrzej_test2

-rw-r--r--  1 pawel   users      0 May 25 10:56 pawel_test

-rw-r--r--  1 nobody  nogroup    0 May 25  2012 pawel_test2

-rw-r--r--  1 nobody  nogroup    0 May 25 10:55 root_test

-rw-r--r--  1 nobody  nogroup    0 May 25  2012 root_test2

but after restart client I can't mount again:

client-simulator:~ # mount -t nfs -v -o rw,bg,vers=3,nosuid,tcp,timeo=600,retrans=2,rsize=2048,wsize=2048,soft,nointr 10.7.36.77:/vol/nfs2 /mnt/nfs2

mount.nfs: prog 100003, trying vers=3, prot=6

mount.nfs: trying 10.7.36.77 prog 100003 vers 3 prot TCP port 2049

mount.nfs: prog 100005, trying vers=3, prot=6

mount.nfs: trying 10.7.36.77 prog 100005 vers 3 prot TCP port 4046

mount.nfs: trying text-based options 'bg,timeo=600,retrans=2,rsize=2048,wsize=2048,soft,nointr,addr=10.7.36.77,vers=3,proto=tcp,mountvers=3,mountproto=tcp,mountport=4046'

mount.nfs: mount(2): Permission denied

mount.nfs: access denied by server while mounting 10.7.36.77:/vol/nfs2

When will restore the previous settings "sec" option are back to normal and client can mount this nfs share.

What is it ????

Is "none" option changes something in the access to the resource and storage?

help !!!!!

Pawel

OnTap 7.3.6 FAS3140

3 REPLIES 3

aborzenkov
9,510 Views

It is possible that client does not support sec=none or is configured to request sec=sys always. Tracing connection between Data ONTAP and filer is the easiest way to tell.

pawel_wierzbicki
9,510 Views

Netapp show:

netapp-storage> Fri May 25 12:49:47 CEST [MNTPool02:info]: Client 10.0.138.151 (xid 3197678953), is sent the NULL reply
Fri May 25 12:49:47 CEST [MNTPool05:info]: Client 10.0.138.151 (xid 1949255820), is sent the NULL reply
Fri May 25 12:49:47 CEST [MNTPool08:info]: Client 10.0.138.151 (xid 1966033036) in mount, has access rights to path /vol/nfs2
Fri May 25 12:49:47 CEST [MNTPool07:info]: Client 10.0.138.151 (xid 2256235966), is able to umount /vol/nfs2
Fri May 25 12:50:00 CEST [MNTPool01:info]: Client 10.0.138.151 (xid 625259639), is sent the NULL reply
Fri May 25 12:50:00 CEST [MNTPool02:info]: Client 10.0.138.151 (xid 587498261), is sent the NULL reply
Fri May 25 12:50:00 CEST [MNTPool05:info]: Client 10.0.138.151 (xid 604275477) in mount, has access rights to path /vol/nfs2
Fri May 25 12:50:00 CEST [MNTPool04:info]: Client 10.0.138.151 (xid 3838011868), is able to umount /vol/nfs2
Fri May 25 12:50:08 CEST [MNTPool00:info]: Client 10.0.138.151 (xid 2079087707), is sent the NULL reply
Fri May 25 12:50:08 CEST [MNTPool01:info]: Client 10.0.138.151 (xid 3120171983), is sent the NULL reply
Fri May 25 12:50:08 CEST [MNTPool02:info]: Client 10.0.138.151 (xid 3136949199) in mount, has access rights to path /vol/nfs2
Fri May 25 12:50:08 CEST [MNTPool06:info]: Client 10.0.138.151 (xid 3507068118), is able to umount /vol/nfs2

after the client tries to mount a resource ...

clinet is SLES 11 SP1

pawel_wierzbicki
9,510 Views

Client for NFS on Windows 7 Ultimate station works fine any time.....

Public