# Help: error 7 (RPC: Authentication error) mounting FreeBSD 12.1-RELEASE NFS export



## jdrch (Jul 6, 2020)

I have a FreeBSD 12.1-RELEASE machine, hostname DellOptiPlex390. I would like to export the folders /usr/home/jdrch/KeePass and /usr/home/jdrch/Sync and mount them via NFS on an OpenIndiana Hipster GUI machine with IP address 192.168.0.71. My username, jdrch, is the same on both machines. I therefore have the following:

My /etc/rc.conf:


```
hostname="DellOptiPlex390"
zfs_enable="YES"
kld_list="sysctlinfo"
ifconfig_re0="DHCP"
linux_enable="YES"
dbus_enable="YES"
dsbdriverd_enable="YES"
sddm_enable="YES"
sshd_enable="YES"
nfs_client_enable="YES"
webmin_enable="YES"
smartd_enable="YES"
ntpd_enable=YES
ntpd_sync_on_start=YES
rpcbind_enable="YES"
nfs_server_enable="YES"
nfsv4_server_enable="YES"
mountd_flags="-r"
mountd_enable="YES"
rpc_lockd_enable="YES"
rpc_statd_enable="YES"
```

My /etc/exports:


```
# Export /usr/home as read-write to OpenIndiana
/usr/home -alldirs -rw -mapall=MyFreeBSDUsername 192.168.0.71
```

I'm exporting /usr/home because the exports(5) man page seems to imply that's necessary. FTA:



> All ZFS file systems in the subtree below the NFSv4 tree root must be exported



After any update to either of those files I restart both nfsd & mountd on the FreeBSD server.

Unfortunately, I haven't had any luck getting the export to mount.

Trying to mount one of the subfolders fails:


```
# mount DellOptiPlex390:/usr/home/jdrch/KeePass /export/home/jdrch/KeePass
Password:
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
nfs mount: mount: /export/home/jdrch/KeePass: Permission denied
```

Trying to mount the exported filesystem also fails:


```
# mount DellOptiPlex390:/usr/home/ /export/home/jdrch/KeePass        
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
nfs mount: mount: /export/home/jdrch/KeePass: Permission denied
```

Using `sec=sys` in the mount command doesn't work, either:


```
# mount -F nfs -o vers=4,sec=sys DellOptiPlex390:/usr/home/jdrch/KeePass /export/home/jdrch/KeePass
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
nfs mount: mount: /export/home/jdrch/KeePass: Permission denied
```

Substituting the FreeBSD server's IP address for its hostname has no effect.

Any ideas about anything being wrong with the server-side setup?


----------



## Mjölnir (Jul 7, 2020)

The UIDs of your user on both machines should be the same?
EDIT: Else you need to set up a UID mapping.
Try using the kernel-based NFS server instead?
`zfs set sharenfs='your options' dataset
zfs share dataset`


----------



## jdrch (Jul 7, 2020)

mjollnir said:


> set up a UID mapping.



How do I do that?


mjollnir said:


> Try using the kernel-based NFS server instead?
> `zfs set sharenfs='your options' dataset
> zfs share dataset`



What do I need in /etc/rc.conf and /etc/exports for that to work?


----------



## SirDice (Jul 7, 2020)

With NFSv4 you don't need to match the UIDs, nfsuserd(8) will take care of matching usernames to UIDs. You do need to make sure it's running, on both sides. 

Remove the `-mapall=MyFreeBSDUsername` from your exports. This causes _everything_ to be mapped to that user account. Usually not what you want.

Regarding the authentication error, that's usually because the client is or isn't using reserved ports. Another reason could be that the client is trying to mount as a non-root user. 


```
nfs_reserved_port_only="NO"     # Provide NFS only on secure port (or NO).

weak_mountd_authentication="NO" # Allow non-root mount requests to be served.
```


----------



## Mjölnir (Jul 7, 2020)

RTFM nfsuserd(8)
EDIT: As usual, SirDice's answer is much more helpful... and comes 15 seconds before mine...


----------



## jdrch (Jul 7, 2020)

SirDice said:


> ```
> nfs_reserved_port_only="NO"     # Provide NFS only on secure port (or NO).
> 
> weak_mountd_authentication="NO" # Allow non-root mount requests to be served.
> ```



I'm assuming these would be set in /etc/rc.conf?


mjollnir said:


> RTFM nfsuserd(8)



Is the part you're referring to?



> For Kerberized NFSv4 mounts, it must be running on both client(s) and server for correct operation. For non-Kerberized NFSv4 mounts, this daemon must be running unless all client(s) plus the server are configured to put uid/gid numbers in the owner and owner_group strings.


----------



## Mjölnir (Jul 7, 2020)

Yes to both.  Use e.g. `sysrc nfs_reserved_port_only=NO` to edit rc.conf(5) safely.  It keeps track of duplicates, surrounding "" and such.
EDIT: Once you succeed, set the thread _solved_: In the 1st post click: _"..."->edit thread->prefix_
Good luck!


----------



## jdrch (Jul 19, 2020)

mjollnir SirDice  I edited /etc/rc.conf as directed and ran `# service nfsd restart` and `# service mountd reload`, and am still getting the same error. Any other ideas?


----------



## Mjölnir (Jul 20, 2020)

From nfsv4(4): On ther server, you have
`sysrc nfs_server_enable=YES`
`sysrc nfsv4_server_enable=YES`
`sysrc nfsuserd_enable=YES`
On the client:
`sysrc nfsuserd_enable=YES`
`sysrc hostid_enable=YES`
You will also need to add at least one "V4:'' line to the exports(5) file for NFSv4 to work.
User/group names are consistent (equal) on client & server. All correct?


----------



## SirDice (Jul 20, 2020)

Please use [CMD][/CMD] for *single* commands. Use [code][/code] for system output and/or whole lists of commands.


----------

