Solved: Re: NFS SHARE MOUNT /multiprotocol share

Netapp_maniac · ‎2021-09-08

Hello Folks,

Background -

I have created a vol with unix security style for multiprotcol . I see that windows clients are able to access the share but for linux/unix clients i am unable to mount the nfs share without root permissions . I am able to mount the share only if i do sudo bash .I have disabled the option of mount-root-only but still unable to get it fixed.

How can i get this fix ? why i am not able to mount without being root user .

Thanks,

parisi · ‎2021-09-09

This is not a NetApp issue, but an NFS client issue.

The way the client is configured controls what non-root users can and cannot do.

For instance, on my client, only root can use "-o" on mounts:

bash-4.2$ mount -o nfsvers=3 demo:/home /mnt/home
mount: only root can use "--options" option

I can sudo, but if I'm not in the sudoers file, I'm not allowed mount commands:
bash-4.2$ sudo mount -o nfsvers=3 demo:/home /mnt/home

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for git:
git is not in the sudoers file. This incident will be reported.

When I add the user to the sudoers file, it can mount:

bash-4.2$ sudo mount -o nfsvers=3 demo:/home /mnt/home
[sudo] password for git:

demo:/home on /mnt/home type nfs (rw,relatime,vers=3,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.193.67.237,mountvers=3,mountport=635,mountproto=udp,local_lock=none,addr=10.193.67.237)

You could also leverage the automounter files to remove the need for users to be in sudoers, where the mount occurs when they cd to the mountpoint.

https://linux.die.net/man/8/automount

View solution in original post

DarrenJ · ‎2021-09-08

What does your export policy look like for the volume you're trying to access?

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-930/vserver__export-policy__rule__show.html

Netapp_maniac · ‎2021-09-08

I have set it as default

Rule Index: 1
Access Protocol: nfs3
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0.0.0.0/0
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: any
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true

DarrenJ · ‎2021-09-08

Try a sectrace to see where it's hanging up.

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_run_Sectrace_for_NFS

Netapp_maniac · ‎2021-09-08

Tried sectrace using IP , trace -result shows up nothing

tried for unix user

i have got below error when creating a filter.

Vserver: svm_dragonzee (internal ID: 3)

Error: Acquire UNIX credentials procedure failed
[ 2 ms] Entry for user-name: aadfakm-a01 not found in the
current source: FILES. Entry for user-name: aadfakm-a01
not found in any of the available sources
**[ 7] FAILURE: Unable to retrieve UID for UNIX user aadfakm-a01

Error: command failed: Failed to create or modify an NFS security trace filter because the UNIX user name "aadfakm-a01" could not be
resolved to a UNIX ID.

But as per export-policy rule i have added clientmatch for access , so any user loggin in thru matching clients should be able to mount it ?

Mjizzini · ‎2021-09-08

The incoming UNIX user ID (UID) that tries to mount or access a mount point cannot be looked up in any of the name-services (NIS, LDAP, file).

You will need the unix user to be validated to the Vserver.

If you are using LDAP, check if there is any connection issues.

As a troubleshooting step, you can create a local unix-user on the Vserver and check if it will work correctly.

Netapp_maniac · ‎2021-09-13

We dont have LDAP/NIS in our environment , When creating local unix user on vserver it worked but what if i have n no. of users . what should be done in that case.

parisi · ‎2021-09-09