Revisions to mount.nfs4: access denied by server while mounting (when same configs previously worked fine)

Bumped by Community user

occurred Oct 6 at 12:01

Bumped by Community user

occurred May 29 at 10:04

Bumped by Community user

occurred Jan 26 at 6:07

Bumped by Community user

occurred Sep 27, 2024 at 14:01

Bumped by Community user

occurred May 13, 2024 at 12:03

Bumped by Community user

occurred Jan 7, 2024 at 10:00

added 617 characters in body

Source Link

edited Jan 12, 2021 at 22:06

lampShadesDrifter

211
2
5
14

Checking the SE Linux settings, I see...

[root@clientserver /]$ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31

I did not set these (or really have much experience with SE Linux), but the "permissive" makes me think that it should not be a firewall problem.

Checking the SE Linux settings, I see...

[root@clientserver /]$ sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: permissive Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 31

I did not set these (or really have much experience with SE Linux), but the "permissive" makes me think that it should not be a firewall problem.

added 241 characters in body

Source Link

edited Jan 12, 2021 at 19:56

lampShadesDrifter

211
2
5
14

So again, everything seems to be configured as needed. (I have seen some answers that recommend a specific configuration for /etc/exports but I'd prefer to keep as is and this configuration was working up until now). And changing the DNS name to the IP in the nfsserver's /etc/exports file and running exportfs -rav did not change the situation.

Anyone with more experience know what could be going wrong here? Any further debugging advice / info to add that would make this question better (eg. anyone see anything in this post where further investigation into a certain possibility should be done)?

So again, everything seems to be configured as needed. (I have seen some answers that recommend a specific configuration for /etc/exports but I'd prefer to keep as is and this configuration was working up until now).

Anyone with more experience know what could be going wrong here? Any further debugging advice / info to add that would make this question better?

So again, everything seems to be configured as needed. (I have seen some answers that recommend a specific configuration for /etc/exports but I'd prefer to keep as is and this configuration was working up until now). And changing the DNS name to the IP in the nfsserver's /etc/exports file and running exportfs -rav did not change the situation.

Anyone with more experience know what could be going wrong here? Any further debugging advice / info to add that would make this question better (eg. anyone see anything in this post where further investigation into a certain possibility should be done)?

added 77 characters in body

Source Link

edited Jan 8, 2021 at 22:02

lampShadesDrifter

211
2
5
14

and got the error you see above. (Notice it tries all the different versions of nfs and still fails). Not sure which security flavor it wantsto use (I don't recall ever specifying this before and we use SSSD to link our Windows AD accounts to both client and nfs servers, so I assume it's the default), but in any case I've tried with both -o sec=sys and -o sec=krb5 options and got the same results.

and got the error you see above. (Notice it tries all the different versions of nfs and still fails). Not sure which security flavor it wants (I don't recall ever specifying this before, so I assume it's the default), but in any case I've tried with both -o sec=sys and -o sec=krb5 options and got the same results.

and got the error you see above. (Notice it tries all the different versions of nfs and still fails). Not sure which security flavor to use (I don't recall ever specifying this before and we use SSSD to link our Windows AD accounts to both client and nfs servers, so I assume it's the default), but in any case I've tried with both -o sec=sys and -o sec=krb5 options and got the same results.