ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

What am I not understanding about 8.3-cluster NFS permissions?

wsanderstii
‎2017-09-22 04:08 PM
2,580 Views

What am I not understanding about 8.3-cluster NFS permissions? I have created a volume called "templates" on a vserver:

netapp-clr01::> volume show -vserver netapp-nfs01
Vserver   Volume       Aggregate    State      Type       Size  Available Used%
--------- ------------ ------------ ---------- ---- ---------- ---------- -----
netapp-nfs01
          netapp_nfs01_root
                       netapp_clr01_01_aggr1
                                    online     RW          1GB    972.5MB    5%
netapp-nfs01
          templates    netapp_clr01_01_aggr1
                                    online     RW          3TB     2.85TB    5%

It is assigned a policy called "templates":

 

 

netapp-clr01::> volume show -volume templates -fields policy
vserver volume policy
------------ --------- ---------
netapp-nfs01 templates templates

 

That looks like this:

netapp-clr01::> vserver export-policy rule show
             Policy          Rule    Access   Client                RO
Vserver      Name            Index   Protocol Match                 Rule
------------ --------------- ------  -------- --------------------- ---------
netapp-nfs01 templates       1       nfs      0.0.0.0/0             any


netapp-clr01::> vserver export-policy rule show -policyname templates -vserver netapp-nfs01 -ruleindex 1

 Vserver: netapp-nfs01
 Policy Name: templates
 Rule Index: 1
 Access Protocol: nfs
Client Match Hostname, IP Address, Netgroup, or Domain: 0.0.0.0/0
 RO Access Rule: any
 RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
 Superuser Security Types: any
 Honor SetUID Bits in SETATTR: true
 Allow Creation of Devices: true

 

Still, mount permission is denied: 

netapp-clr01::vserver export-policy> check-access -vserver netapp-nfs01 -volume templates -client-ip 10.0.161.220 -authentication-method none -protocol nfs3 -access-type read
                                         Policy    Policy       Rule
Path                          Policy     Owner     Owner Type  Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/                             default    netapp_nfs01_root
                                                   volume          0 denied
root@photon-f6aa139e42ab [ ~ ]# showmount -e 10.2.48.102
Export list for 10.2.48.102:
/ (everyone)
root@photon-f6aa139e42ab [ ~ ]# mount -v 10.2.48.102:/ /mnt
mount.nfs: timeout set for Fri Sep 22 23:17:29 2017
mount.nfs: trying text-based options 'vers=4.2,addr=10.2.48.102,clientaddr=10.2.129.1'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.1,addr=10.2.48.102,clientaddr=10.2.129.1'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.0,addr=10.2.48.102,clientaddr=10.2.129.1'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'addr=10.2.48.102'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 10.2.48.102 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 10.2.48.102 prog 100005 vers 3 prot UDP port 635
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting 10.2.48.102:/

 

What am I missing here?

 

 

0 Kudos
View By:
1 REPLY 1

wsanderstii
‎2017-09-22 04:37 PM
2,566 Views

Aha! I needed to add an access policy rule for the root file system....

 

0 Kudos
Announcements
All Community Forums
Public