# NFS server access denied



## marcinpruciak (Sep 3, 2016)

I have a NFS server on free bsdFreeBSD, when try mount on Linux machine iI have access denied error:

```
mount -v -t nfs4 192.168.1.10:/mnt/owncloud /tmp/test/
mount.nfs4: timeout set for Sat Sep  3 18:40:49 2016
mount.nfs4: trying text-based options 'addr=192.168.1.10,clientaddr=192.168.1.3'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting 192.168.1.10:/mnt/owncloud
```

My configuration of server:
/etc/exports:

```
/mnt/owncloud   *       (sync,fsid=0,no_root_squash)
```

/etc/rc.conf

```
rpcbind_enable="YES"
mountd_enable="YES"
nfs_server_enable="YES"
nfs_server_flags="-u -t -n 4"
nfsv4_server_enable="YES"
mountd_flags="-r"
```

Where is my mistake?


----------



## marcinpruciak (Sep 4, 2016)

My firewall is disabled for now.
Results from sockstat:

```
# sockstat
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS      
root     nfsd       23197 5  tcp4   *:2049                *:*
root     nfsd       23197 6  tcp6   *:2049                *:*
root     sudo       23133 3  stream (not connected)
marcin   sshd       23131 3  tcp4   192.168.1.10:22       192.168.1.2:60118
marcin   sshd       23131 4  stream -> ??
root     sshd       23115 3  tcp4   192.168.1.10:22       192.168.1.2:60118
root     sshd       23115 5  stream -> ??
root     rpc.lockd  21061 3  dgram  -> /var/run/logpriv
root     rpc.statd  20998 4  udp6   *:626                 *:*
root     rpc.statd  20998 5  tcp6   *:626                 *:*
root     rpc.statd  20998 6  udp4   *:626                 *:*
root     rpc.statd  20998 7  tcp4   *:626                 *:*
root     rpc.statd  20998 9  dgram  -> /var/run/logpriv
root     rpcbind    20934 4  udp6   *:*                   *:*
root     rpcbind    20934 5  stream /var/run/rpcbind.sock
root     rpcbind    20934 6  udp6   *:111                 *:*
root     rpcbind    20934 7  udp6   *:979                 *:*
root     rpcbind    20934 8  tcp6   *:111                 *:*
root     rpcbind    20934 9  udp4   *:111                 *:*
root     rpcbind    20934 10 udp4   *:915                 *:*
root     rpcbind    20934 11 tcp4   *:111                 *:*
root     nfsuserd   20659 3  udp4   *:860                 *:*
root     nfsuserd   20658 3  udp4   *:860                 *:*
root     nfsuserd   20657 3  udp4   *:860                 *:*
root     nfsuserd   20656 3  udp4   *:860                 *:*
root     nfsuserd   20655 3  udp4   *:860                 *:*
root     mountd     20496 5  dgram  -> /var/run/logpriv
root     mountd     20496 6  udp6   *:832                 *:*
root     mountd     20496 7  tcp6   *:832                 *:*
root     mountd     20496 8  udp4   *:832                 *:*
root     mountd     20496 9  tcp4   *:832                 *:*
root     smbd       18550 7  dgram  /var/db/samba4/private/msg.sock/18550
root     smbd       18550 31 dgram  -> /var/run/logpriv
root     smbd       18550 41 tcp4   192.168.1.10:139      192.168.1.2:10130
root     smbd       16813 7  dgram  /var/db/samba4/private/msg.sock/16813
root     smbd       16813 31 dgram  -> /var/run/logpriv
root     smbd       16813 41 tcp4   192.168.1.10:445      192.168.1.2:38436
root     smbd       16809 7  dgram  /var/db/samba4/private/msg.sock/16809
root     smbd       16809 31 dgram  -> /var/run/logpriv
root     smbd       16809 41 tcp4   192.168.1.10:139      192.168.1.2:44752
root     sshd       636   3  tcp6   *:22                  *:*
root     sshd       636   4  tcp4   *:22                  *:*
root     smbd       595   7  dgram  /var/db/samba4/private/msg.sock/595
root     smbd       595   31 dgram  -> /var/run/logpriv
root     smbd       592   7  dgram  /var/db/samba4/private/msg.sock/592
root     smbd       591   7  dgram  /var/db/samba4/private/msg.sock/591
root     smbd       582   7  dgram  /var/db/samba4/private/msg.sock/582
root     smbd       582   31 dgram  -> /var/run/logpriv
root     smbd       582   35 tcp4   127.0.0.1:445         *:*
root     smbd       582   36 tcp4   127.0.0.1:139         *:*
root     smbd       582   37 tcp6   ::1:445               *:*
root     smbd       582   38 tcp6   ::1:139               *:*
root     smbd       582   39 tcp4   192.168.1.10:445      *:*
root     smbd       582   40 tcp4   192.168.1.10:139      *:*
root     nmbd       579   7  dgram  /var/db/samba4/private/msg.sock/579
root     nmbd       579   17 udp4   *:137                 *:*
root     nmbd       579   18 udp4   *:138                 *:*
root     nmbd       579   19 udp4   192.168.1.10:137      *:*
root     nmbd       579   20 udp4   192.168.1.255:137     *:*
root     nmbd       579   21 udp4   192.168.1.10:138      *:*
root     nmbd       579   22 udp4   192.168.1.255:138     *:*
root     nmbd       579   23 dgram  -> /var/run/logpriv
root     nmbd       579   24 stream /var/run/samba4/nmbd/unexpected
root     syslogd    466   4  dgram  /var/run/log
root     syslogd    466   5  dgram  /var/run/logpriv
root     syslogd    466   6  udp6   *:514                 *:*
root     syslogd    466   7  udp4   *:514                 *:*
root     devd       322   4  stream /var/run/devd.pipe
root     devd       322   5  seqpac /var/run/devd.seqpacket.pipe
root     devd       322   7  dgram  -> /var/run/logpriv
?        ?          ?     ?  tcp6   ::1:968               ::1:111
?        ?          ?     ?  udp4   *:*                   *:*
?        ?          ?     ?  tcp6   *:795                 *:*
?        ?          ?     ?  udp4   *:2049                *:*
?        ?          ?     ?  udp6   *:849                 *:*
?        ?          ?     ?  udp6   *:2049                *:*
?        ?          ?     ?  tcp4   *:649                 *:*
?        ?          ?     ?  udp6   *:869                 *:*
?        ?          ?     ?  udp4   *:783                 *:*
```

showmount looks like has problem:

```
# showmount
RPC: Program not registered
showmount: can't do mountdump rpc
```


rpcinfo:

```
# rpcinfo
   program version netid     address                service    owner
    100000    4    tcp       0.0.0.0.0.111          rpcbind    superuser
    100000    3    tcp       0.0.0.0.0.111          rpcbind    superuser
    100000    2    tcp       0.0.0.0.0.111          rpcbind    superuser
    100000    4    udp       0.0.0.0.0.111          rpcbind    superuser
    100000    3    udp       0.0.0.0.0.111          rpcbind    superuser
    100000    2    udp       0.0.0.0.0.111          rpcbind    superuser
    100000    4    tcp6      ::.0.111               rpcbind    superuser
    100000    3    tcp6      ::.0.111               rpcbind    superuser
    100000    4    udp6      ::.0.111               rpcbind    superuser
    100000    3    udp6      ::.0.111               rpcbind    superuser
    100000    4    local     /var/run/rpcbind.sock  rpcbind    superuser
    100000    3    local     /var/run/rpcbind.sock  rpcbind    superuser
    100000    2    local     /var/run/rpcbind.sock  rpcbind    superuser
    100024    1    udp6      ::.2.114               status     superuser
    100024    1    tcp6      ::.2.114               status     superuser
    100024    1    udp       0.0.0.0.2.114          status     superuser
    100024    1    tcp       0.0.0.0.2.114          status     superuser
    100021    0    udp6      ::.3.101               nlockmgr   superuser
    100021    0    tcp6      ::.3.27                nlockmgr   superuser
    100021    0    udp       0.0.0.0.3.15           nlockmgr   superuser
    100021    0    tcp       0.0.0.0.2.137          nlockmgr   superuser
    100021    1    udp6      ::.3.101               nlockmgr   superuser
    100021    1    tcp6      ::.3.27                nlockmgr   superuser
    100021    1    udp       0.0.0.0.3.15           nlockmgr   superuser
    100021    1    tcp       0.0.0.0.2.137          nlockmgr   superuser
    100021    3    udp6      ::.3.101               nlockmgr   superuser
    100021    3    tcp6      ::.3.27                nlockmgr   superuser
    100021    3    udp       0.0.0.0.3.15           nlockmgr   superuser
    100021    3    tcp       0.0.0.0.2.137          nlockmgr   superuser
    100021    4    udp6      ::.3.101               nlockmgr   superuser
    100021    4    tcp6      ::.3.27                nlockmgr   superuser
    100021    4    udp       0.0.0.0.3.15           nlockmgr   superuser
    100021    4    tcp       0.0.0.0.2.137          nlockmgr   superuser
    100003    2    udp       0.0.0.0.8.1            nfs        superuser
    100003    3    udp       0.0.0.0.8.1            nfs        superuser
    100003    2    udp6      ::.8.1                 nfs        superuser
    100003    3    udp6      ::.8.1                 nfs        superuser
    100003    2    tcp       0.0.0.0.8.1            nfs        superuser
    100003    3    tcp       0.0.0.0.8.1            nfs        superuser
    100003    2    tcp6      ::.8.1                 nfs        superuser
    100003    3    tcp6      ::.8.1                 nfs        superuser
```


----------



## SirDice (Sep 5, 2016)

Your exports file looks like it came from Linux, FreeBSD uses a different syntax. See exports(5)


----------



## netaccs (May 16, 2018)

I have the same problem. On Server in rc.conf I have

```
rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"
nfs_client_enable="YES"
nfs_client_flags="-n 4"
```
In /etc/exports

```
/storage/zzz  -maproot=root 192.168.1.10 192.168.1.20
```
When make changes in exports file on server, restarting using this method.
On client (192.168.1.20) in rc.conf

```
nfs_client_enable="YES"
nfs_client_flags="-n 4"
```

Restarting the client

```
/etc/rc.d/nfsclient restart
NFS access cache time=60
```

When try to mount
mount -v 192.168.1.10:/storage/zzz/ /zzz/
there is error:

```
[tcp] 192.168.1.10:/storage/zzz: Permission denied
```
On Server 
	
	



```
mountd[33035]: mount request denied from 192.168.1.20 for /storage/zzz
```

Where I am wrong?


----------



## SirDice (May 16, 2018)

What does `showmount -e 192.168.1.10` show?

You can remove nfs_client_flags, it doesn't exist. And I would suggest removing mountd_flags too, the default options should be fine, there's no need to change them.


----------



## ucomp (May 16, 2018)

marcinpruciak said:


> Where is my mistake?



your mistake is in rc  AND  in exports:

use this in rc.conf  :

nfsv4_server_enable="YES"
nfsuserd_enable="YES" 
--
and in exports you have to use v4- syntax like :

V4: /
 <rootdir> [-sec=secflavors] [host(s) or net]


----------



## SirDice (May 16, 2018)

ucomp said:


> and in exports you have to use v4- syntax like :


No, the "old" NFSv3 syntax is just fine. FreeBSD's NFS can handle both.


----------



## ucomp (May 16, 2018)

SirDice said:


> No, the "old" NFSv3 syntax is just fine. FreeBSD's NFS can handle both.


yeah, but from my fast reading over this short thread I saw that he wants to mount v4 from his tux-box , so : V4: /   blabla -maproot=blabla

https://www.freebsd.org/cgi/man.cgi...opos=0&manpath=FreeBSD+11.0-RELEASE+and+Ports


----------



## SirDice (May 16, 2018)

Yeah, his first post forces NFSv4, later posts don't. If you force NFSv4 then you would indeed be correct. But that post dates back to 2016.


----------



## ucomp (May 16, 2018)

SirDice said:


> But that post dates back to 2016.


 Ha Ha lol  , didn`t notice the date of the 1st post 

Sir, you should be forced to develop a warning-plugin(or similar)  for your forum for outdated posts ;-)


----------



## netaccs (May 21, 2018)

SirDice said:


> What does `showmount -e 192.168.1.10` show?
> 
> You can remove nfs_client_flags, it doesn't exist. And I would suggest removing mountd_flags too, the default options should be fine, there's no need to change them.



showmount -e 192.168.1.10
Exports list on 192.168.1.10:
/storage/zzz                   192.168.1.12 192.168.1.24 192.168.1.15 192.168.1.34 192.168.1.20

All other works fine.


----------



## netaccs (May 29, 2018)

I removed mountd_flags="-r" and nfs_client_flags="-n 4" from rc.conf
/etc/rc.d/nfsd restart and still got Permission denied denied from client.

Also from host server messages I have
mountd[33035]: mount request denied from 192.168.1.20 for /storage/zzz

After few restarts of mountd rpcbind nfsd now I got another error on client:
[tcp] 192.168.1.10:/storage/zzz: RPCPROG_NFS: RPC: Program not registered

Also something strange. In server /etc/exports it reads only first line of the file
less /etc/exports

```
/storage/backups -maproot=root 192.168.1.100 192.168.1.15 192.168.1.34 192.168.1.20
V4: /
/storage/zzz maproot=root -network 192.168.1/24
```
I also try instead of V4 and maproot and network to be like this

```
/storage/backups -maproot=root 192.168.1.100 192.168.1.15 192.168.1.34 192.168.1.20
/storage/zzz maproot=root 192.168.1.20
```
and still got can't connect.

```
showmount -e 192.168.1.10
Exports list on 192.168.1.10:
/storage/backups                   192.168.1.100 192.168.1.15 192.168.1.34 192.168.1.20
```

I change first line from /storage/backups to
/storage/backups /storage/zzz
and now I can mount it, strange :/


----------



## doa379 (Jun 30, 2021)

^^^ Don't guess. Nothing strange about it.
rpcbind service should be started before nfsd or mountd. Everytime you change /etc/exports you reload the mountd service.
As pointed out earlier the format for /etc/exports for nfs4 should be like so:

```
V4: /
<rootdir> [-sec=secflavors] [host(s) or net]
```


----------

