Mounting an nfs share - Permission Denied
 

I use nfs to share files between Linux machines on our work network. I thought I understood how it worked but I guess not.

Here is a line from /etc/exports of the server machine:

/home/media/kennels 192.168.0.*(rw)

Now there are two machines on our network that already use this share with no problems but I have just setup a new machine that gives this error when I try to mount it:

mount: 192.168.0.69:/home/media/kennels failed, reason given by server: Permission denied

Why would the server allow some machines on our network access but not others? This is the log from the server:

May 22 16:29:09 localhost mountd[2601]: Unauthorized access by NFS client 192.168.0.86.
May 22 16:29:09 localhost mountd[2601]: Blocked attempt of 192.168.0.86 to mount /home/media/My Documents (Networked)/Kennels

And this is the relevent line from the client machines /etc/fstab:

192.168.0.69:/home/media/kennels /mnt/kennels nfs rw 0 0

I don't understand. NFS seemed to simple. I can get around this by naming the machine specifically in the /etc/exports file but I don't want to have to do this every time a machine is added to the network and I would like to better understand how NFS works.

Can anyone tell me what's going on?

run "exportfs" on the server, is it listed there? if not restart nfsd and look again. you might find it works with an alternative (nicer) network definition, i.e. 192.168.0.0/24. reading directly from the "exports" manpagedid you read that? ;)

Still no good
 

Thanks for the advice, but strill no joy. I have tried changing the /etc/exports line in question to:

/home/media/animal 192.168.0.0/100(ro)

The IP of the client is 192.168.0.86 so I guess it should qualify but I still am getting refused. There is no exportfs command on the server so I have been using /etc/init.d/nfs-user-server restart instead. Should this work? Also is it a problem restarting the nfs server while other clients are still connected? Also would it be a problem if the client software was more up-to-date than the server software?

Any more ideas?

That's not correct, you should use '24' not '100', The number after the slash tells how many digits to use for networkadress, use '24' and all computers in 192.168.0.0 (=range 192.168.0.1 - 192-168-0-254) are allowed.

Now I'm confused; how does 192.168.0.1 to 192.168.0.254 map onto 24 digits? Surely this is eight digits, even in binary (three in decimal, or two in hex). And what about 192.168.0.255 (which, IIRC, is what Windows XP always calls its network interface if it thinks it's the default internet gateway)?

As I work it out, /24 would match addresses 192.0.0.1 through 192.255.255.255 inclusive (assuming that this is the number of binary digits). Don't you want /8 here?

/100 would match every possible IPv4 address (and even every 64-bit IPv6 address), assuming that it didn't just ignore it as being out of range.

You got the idea, only count from left - /8 gives 192.0.0.1 through 192.255.255.255.
You are completely right, I chose to only give range of valid IP's for computers. .255 is broadcast adress, used for eg DHCP-calls. And .0 is the network, thus you should never use .0 or 255 (like 192.168..0.0 or 192.168.0.255) for computers (in very special configs you can do that, don't try it.)

You have a maximum of 4x8 binary digits, /100 is out of range and doesn't work - network part of adress must be known.