ONTAP Discussions

What am I not understanding about 8.3-cluster NFS permissions?

wsanderstii

What am I not understanding about 8.3-cluster NFS permissions? I have created a volume called "templates" on a vserver:

netapp-clr01::> volume show -vserver netapp-nfs01
Vserver   Volume       Aggregate    State      Type       Size  Available Used%
--------- ------------ ------------ ---------- ---- ---------- ---------- -----
netapp-nfs01
          netapp_nfs01_root
                       netapp_clr01_01_aggr1
                                    online     RW          1GB    972.5MB    5%
netapp-nfs01
          templates    netapp_clr01_01_aggr1
                                    online     RW          3TB     2.85TB    5%

It is assigned a policy called "templates":

 

 

netapp-clr01::> volume show -volume templates -fields policy
vserver volume policy
------------ --------- ---------
netapp-nfs01 templates templates

 

That looks like this:

netapp-clr01::> vserver export-policy rule show
             Policy          Rule    Access   Client                RO
Vserver      Name            Index   Protocol Match                 Rule
------------ --------------- ------  -------- --------------------- ---------
netapp-nfs01 templates       1       nfs      0.0.0.0/0             any


netapp-clr01::> vserver export-policy rule show -policyname templates -vserver netapp-nfs01 -ruleindex 1

Vserver: netapp-nfs01
Policy Name: templates
Rule Index: 1
Access Protocol: nfs
Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: any
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true

 

Still, mount permission is denied: 

netapp-clr01::vserver export-policy> check-access -vserver netapp-nfs01 -volume templates -client-ip 10.0.161.220 -authentication-method none -protocol nfs3 -access-type read
                                         Policy    Policy       Rule
Path                          Policy     Owner     Owner Type  Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/                             default    netapp_nfs01_root
                                                   volume          0 denied
root@photon-f6aa139e42ab [ ~ ]# showmount -e 10.2.48.102
Export list for 10.2.48.102:
/ (everyone)
root@photon-f6aa139e42ab [ ~ ]# mount -v 10.2.48.102:/ /mnt
mount.nfs: timeout set for Fri Sep 22 23:17:29 2017
mount.nfs: trying text-based options 'vers=4.2,addr=10.2.48.102,clientaddr=10.2.129.1'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.1,addr=10.2.48.102,clientaddr=10.2.129.1'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.0,addr=10.2.48.102,clientaddr=10.2.129.1'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'addr=10.2.48.102'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 10.2.48.102 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 10.2.48.102 prog 100005 vers 3 prot UDP port 635
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting 10.2.48.102:/

 

What am I missing here?

 

 

1 REPLY 1

wsanderstii

Aha! I needed to add an access policy rule for the root file system....

 

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

Public