# nfs server access denial



## ThunderWolf (Jul 7, 2012)

When I try to mount the NFS share on the client I get this error message:

```
mount.nfs: access denied by server while mounting 192.168.0.3:/home/user
```

This is my /etc/rc.conf file:

```
hostname="bishop1"
ifconfig_xl0="DHCP"
ifconfig_xl0_ipv6="inet6 accept_rtadv"
sshd_enable="YES"
powerd_enable="YES"
ftpd_enable="YES"
rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
```

This is my /etc/exports file:

```
/home -alldirs 192.168.0.6(rw)
```

This is my /var/log/messages file with nfsd messages filtered out:

```
Jul  3 21:34:32 bishop1 user: /etc/rc.d/nfsd: WARNING: Unable to force mountd. It may already be running.
Jul  3 21:34:32 bishop1 user: /etc/rc.d/nfsd: WARNING: failed precmd routine for nfsd
```

This is my /var/log/messages file with mountd messages filtered out:

```
Jul  3 21:34:32 bishop1 user: /etc/rc.d/mountd: WARNING: /etc/exports is not readable.
Jul  3 21:34:32 bishop1 mountd[2588]: can't open /etc/exports
Jul  3 21:34:32 bishop1 mountd[2588]: can't open any exports file
Jul  3 21:34:32 bishop1 user: /etc/rc.d/nfsd: WARNING: Unable to force mountd. It may already be running.
Jul  3 22:58:10 bishop1 mountd[2852]: bad exports list line /home
Jul  3 23:09:39 bishop1 mountd[2853]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  3 23:11:44 bishop1 mountd[2853]: bad exports list line /home
Jul  3 23:12:12 bishop1 mountd[2853]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  3 23:18:30 bishop1 mountd[1112]: bad exports list line /home
Jul  3 23:27:30 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  3 23:27:54 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home
Jul  3 23:36:23 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  3 23:37:27 bishop1 mountd[1113]: bad exports list line /home
Jul  3 23:42:21 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  3 23:43:08 bishop1 mountd[1113]: bad exports list line /home
Jul  3 23:43:15 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  3 23:49:25 bishop1 mountd[1113]: bad exports list line /home
Jul  3 23:49:30 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  3 23:51:12 bishop1 mountd[1113]: bad exports list line /home
Jul  3 23:51:18 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  3 23:51:52 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  3 23:55:54 bishop1 mountd[1508]: bad exports list line /home
Jul  3 23:56:21 bishop1 mountd[1509]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:15:32 bishop1 mountd[1509]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:16:56 bishop1 mountd[1509]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:21:44 bishop1 mountd[1594]: bad exports list line /home
Jul  4 00:22:07 bishop1 mountd[1595]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:22:23 bishop1 mountd[1595]: bad exports list line /home
Jul  4 00:22:27 bishop1 mountd[1595]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:23:05 bishop1 mountd[1595]: bad exports list line /home
Jul  4 00:23:09 bishop1 mountd[1595]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:23:23 bishop1 mountd[1595]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:24:03 bishop1 mountd[1595]: bad exports list line /home
Jul  4 00:24:08 bishop1 mountd[1595]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:29:35 bishop1 mountd[1112]: bad exports list line /home
Jul  4 00:30:18 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:33:40 bishop1 mountd[1113]: bad exports list line /home
Jul  4 00:33:50 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:34:23 bishop1 mountd[1113]: bad exports list line /home
Jul  4 00:34:27 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:41:52 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:46:33 bishop1 mountd[1112]: bad exports list line /home
Jul  4 00:47:52 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 00:50:44 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  4 02:09:30 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home
Jul  4 02:09:36 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home
Jul  4 02:12:18 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home
Jul  4 02:15:46 bishop1 mountd[1112]: bad exports list line /home
Jul  4 02:16:09 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home
Jul  4 02:20:03 bishop1 mountd[1112]: bad exports list line /home
Jul  6 12:55:49 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  6 12:56:06 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
Jul  6 13:14:18 bishop1 mountd[1113]: mount request denied from 192.168.0.6 for /usr/home/user
```

I have tried rebooting the machine and restarting the rpcbind, nfsd, and mountd service in several different ways.

I changed the rpcbind line in /etc/hosts.allow to:

```
rpcbind : ALL : allow
```

server: 192.168.0.3: FreeBSD
client: 192.168.0.6: Fedora


----------



## danny (Jul 7, 2012)

Hello ThunderWolf, 

As this is your first post: Welcome to the forum. 

I'm not sure if you're allowed to directly mount /home, as this is a symlink and not a directory:

```
file /home 
/home: symbolic link to `usr/home'
```

So please use /usr/home/ for /etc/exports instead and put the same entry to your client's /etc/fstab

You may also want to put

```
mountd_enable="YES"
```
to your /etc/rc.conf

Is you client's portmap-daemon running properly?


*** UPDATE: ***

```
Jul  3 21:34:32 bishop1 user: /etc/rc.d/mountd: WARNING: /etc/exports is not readable.
```
You're running mountd(8) as root, aren't you? 

Please provide file rights:

```
ls -l /etc/exports
```


Regards
Danny


----------



## ThunderWolf (Jul 8, 2012)

Thank you for the help danny, but the symbolic link was only half the problem. This line gives the same error as before:

```
/usr/home -alldirs 192.168.0.6(rw)
```
error msg:

```
mount.nfs: access denied by server while mounting 192.168.0.3:/usr/home/user
```
removing "(rw)" from the line mounts without error:

```
/usr/home -alldirs 192.168.0.6
```
, but it only give me the default read access.
Adding -maproot=user to the line gives me all access, like this:

```
/usr/home -alldirs -maproot=user 192.168.0.6
```
, so again thank you for helping me solve this problem.

"O" and you wanted to know my /etc/exports permissions:

```
rw-r--r--
```


----------



## sa (Jul 12, 2012)

You tried to use Linux like syntax for the exports(5) file, and it was misunderstood by mountd(8). Default access for any exported file system is r/w.


----------



## TheDreamer (Jul 13, 2012)

ThunderWolf said:
			
		

> removing "(rw)" from the line mounts without error:
> 
> ```
> /usr/home -alldirs 192.168.0.6
> ...



This probably means that the uid of the user is not the same between client and server.  This stumped me for a while recently, because I used local identity management for my Sun and Linux workstations.  So, Sun picks 100 as an initial uid.  And, I had been changing my Linux systems from its initial uid of 1000 to make my account 100.  But, I'm replacing my Sun workstation with FreeBSD, and had got with LDAP (and a 6-digit uid).

Stumped me why shares from FreeBSD were being seen as read-only from my Linux environments....and adding rw made it all stop working.

The Dreamer.


----------



## SirDice (Jul 13, 2012)

Yes, it's a common mistake. You need to keep in mind that permissions aren't set to a _username_ but to a _userid_. The mapping between those two can be different on different machines. That's one of the reasons why a centralized accounts database makes things easier. A user will get the same UID on all machines.


----------



## TheDreamer (Jul 19, 2012)

Feel I should add while NFSv4 makes things more complicatedsecure by doing user@domain/group@domain instead of uid/gid, it requires that server and clients have some common identity database system so that uid/gid to name mappings are the same for both.

We don't use NFSv4 at work, because we lack a central system for gid mappings.  Though I've been thinking that someday when I convince the boss to give me some general production FreeBSD servers, that I'll do something about that problem.  It came up recently, because Linux would rather constantly complain (rather than ignore) that it doesn't know how to copy zfsacls between NFSv3 shares on our NAS.  And, we don't use any special ACLs.


----------

