LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-12-2016, 12:46 PM   #1
Curunir
LQ Newbie
 
Registered: Jun 2016
Posts: 4

Rep: Reputation: Disabled
NFS server denies access


Greetings!

I am currently trying to migrate my desktop to Linux, and in that process I want to shift my local file server from Samba to NFS. My file server has been running fine on Linux for years, but Samba does have some downsides, so I figured I should do it properly and use NFS.
I set up everything according to this guide. As both my server and client machines are running Mint 17.3, I figured the Ubuntu guide would be close enough.

The problem I encountered is this. When I try to mount an NFS share on my client, I get this error:
Code:
mount.nfs: access denied by server while mounting 192.168.2.101:/anime
Similarly, when I try to see the shares with showmount -e 192.168.2.101, this error occurs:
Code:
clnt_create: RPC: Port mapper failure - Authentication error
I followed the guide closely, used the exportfs -ra command after making changes to the exports file and restarted just about anything to make sure, but the problem persists. From the error messages, I guess the authentication failure occurs not with the actual NFS server, but with rpcbind itself. I am fairly new to these things, so I don't know how that service does its authentication and what I might check.
I did open port 2049 on the server's firewall just to rule that out, but no change. This old thread seems to be about the same problem, but since it somehow seems to have resolved itself there, that was no help.

I don't think my share structure is a problem, but here is my configuration anyway: The server is mounting the file archives to /media/<username>/ and then binding them to /export/, all done in fstab. The exports file then references the /export/ directories to the sole client machine with this line for each share:
Code:
/export/anime 192.168.2.104/24(rw,async,no_subtree_check)
Any idea why the client is denied access? The quoted IP Adresses are accurate and the machines communicate fine over Samba.
 
Old 06-12-2016, 10:55 PM   #2
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 772

Rep: Reputation: 242Reputation: 242Reputation: 242
rpcbind can be built using tcpwrappers. If that's the case, you'll need the appropriate entires in /etc/hosts.allow, /etc/hosts.deny. Try to use 'rpcinfo $REMOTE_HOST' and see if you can see services or if you get errors in the syslogs. See if rpcbind is working OK before you look at NFS daemons. In your case maybe something like:

Code:
/etc/hosts.deny

rpcbind: ALL EXCEPT 192.168.2., 127.0.0.1, [::1], LOCAL
The individual NFS server binaries MAY need similar entires in those files, but I'm not sure as it's been some time since I used/setup NFS. Make sure also that rpcbind and the /etc/services file agree on what you are calling port 111. The rpcbind code, IIR, uses "rpcbind" while some /etc/services list port 111/tcp as "sunrpc".
 
Old 06-13-2016, 01:22 AM   #3
Curunir
LQ Newbie
 
Registered: Jun 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
I appended the exception you suggested to /etc/hosts.deny. This resulted in showmount -e <server hostname> now working for the client, but access is still denied when trying to mount an NFS share. I do see in /etc/services that port 111 is in fact being called "sunrpc" both for TCP and UDP. The question is, what can I do about it? Change it in there to "rpcbind" or change something else?

Last edited by Curunir; 06-13-2016 at 01:28 AM.
 
Old 06-16-2016, 09:30 PM   #4
jayjwa
Member
 
Registered: Jul 2003
Location: NY
Distribution: Slackware, Termux
Posts: 772

Rep: Reputation: 242Reputation: 242Reputation: 242
Quote:
Originally Posted by Curunir View Post
I do see in /etc/services that port 111 is in fact being called "sunrpc" both for TCP and UDP. The question is, what can I do about it? Change it in there to "rpcbind" or change something else?
That's probably not the issue, since whoever built your rpcbind probably took that into account that it should match /etc/services. rpcbind probably wouldn't start up if they didn't. There must be something else. Do you have Kerberos or other authentication means enabled?
 
Old 06-17-2016, 02:01 AM   #5
Curunir
LQ Newbie
 
Registered: Jun 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
The machine that acts as a server runs a pretty standard Mint installation, 17.3 with Mate. The only thing I ever did relating to authentication was getting Samba shares to run.

I do recall that I upgraded the installation from Mint 17.1 or 17.2 at some point, using the Update Manager. Could it be that this somehow broke authentication? I'm not very keen on doing a fresh install, but I might do that if it will fix the issue. The Mint 17 versions are based on the current Ubuntu LTS branch, in case that is relevant.

Last edited by Curunir; 06-17-2016 at 02:04 AM.
 
Old 06-17-2016, 06:19 AM   #6
Sayan Acharjee
Member
 
Registered: Feb 2010
Location: Chennai, India
Distribution: Manjaro
Posts: 624

Rep: Reputation: 64
Check the below thread, user had similar issue

http://www.linuxquestions.org/questi...unting-934161/
 
Old 06-17-2016, 01:05 PM   #7
Curunir
LQ Newbie
 
Registered: Jun 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
Thanks, but I did already link back to that in my original post. As I said then, nothing I read there was of any help.

If I cannot resolve this, I will have to give up on NFS and stick with Samba. If there is any other useful alternative for local file sharing, I would be glad for suggestions.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
server denies access after hosts.deny error billbeecham Linux - Server 1 12-04-2007 09:07 AM
Mounted NFS share denies access to subdirectories anvilravine Linux - Server 7 10-04-2007 12:10 AM
ripperX denies me access to CD Drive d00bid00b Linux - Software 10 04-30-2006 03:34 PM
Iptables denies NFS to client and hangs ethics Linux - Networking 7 11-21-2005 06:59 PM
in.rsdh denies access to root sylliaad Linux - Security 2 07-13-2005 06:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration