NFS Server: Blocked attempt to mount

I've set up an NFS server on linux 2.0.25 , using nfs-server-2.2beta26.


/etc/exports:

        /pub    (rw,all_squash)
        /usr1   192.168.40.*(rw)
        /usr2   linuxhost(rw) hpuxhost(rw) irixhost(rw) pchost(rw)


So far, there are no problems to mount the exported
partitions from AIX, IRIX, HP-UX. I can also mount /pub
from anywhere.

If the NFS client is Linux (2.0.25), or DOS with PCTCP (ftp
software), the mount fails. On the NFS server there is a
entry in /var/log/messages

        Jun 13 12:08:36 nfsserver mountd[165]: NFS client linuxhost tried to access /usr1
        Jun 13 12:08:36 nfsserver mountd[165]: Blocked attempt of 192.168.40.53 to mount /usr1


while

        linuxhost# mount nfsserver:/usr1 /net/usr1

says:

        mount: nfsserver:/usr1 failed, reason given by server: Permission
denied


If I change the  /usr1  entry in /etc/exports to:

        /usr1   192.168.40.*(rw) linuxhost(rw)

the mount request fails again but with following entry in
messages:

        Jun 13 12:10:20 nfsserver nfsd[167]: NFS client linuxhost tried to access /usr1
        Jun 13 12:10:26 nfsserver nfsd[167]: NFS client linuxhost tried to access /usr1

and on linuxhost:

        linuxhost# mount nfsserver:/usr1 /net/usr1
        mount: wrong fs type, bad option, bad superblock on troja:/usr1,
               or too many mounted file systems


To get closer to the problem, I disabled NIS (on both: NFS
server and clients) and used different hostnames in
/etc/exports.

From my point of view, the wildcards in hostnames/ipnumbers
in  /etc/exports cause the problem.


Appreciate any help,
ahoffmann
Tebis AG, Munich
LVL 51
ahoffmannAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

strobertCommented:
Do you have a linuxhost rntey in your /etc/hosts?
what does host linuxhost report?
have you tried:
/usr1 192.168.40.*(rw) 192.168.40.53(rw)
as the entry in /etc/exports?
how about:
/usr1 192.168.40.53(rw)

0
ahoffmannAuthor Commented:
> what does host linuxhost report?
I do not DNS.

> /usr1 192.168.40.*(rw) 192.168.40.53(rw)
no matter if I use ips or hostnames, the result is the same.
Only the simple configuration without wildcards are working.
0
strobertCommented:
host should work even without DNS...(it checks the /etc/hosts file)
how about putting:
/usr1 192.168.40.* (rw)
/usr1 192.168.40.53 (rw)

(two seperate lines)
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

ahoffmannAuthor Commented:
dont't know what implementation of host you have, but mine uses
DNS (see man host)

> /usr1 192.168.40.* (rw)
> /usr1 192.168.40.53 (rw)
this is what I definitelly *not* wnat to do
acces should be allowed to any host from the specified net
0
unicorntechCommented:
What are the permissions on the directory you are trying to mount?
0
ahoffmannAuthor Commented:
permissions are:
drwxr-xr-x   4 root     root         1024 Jun 11 14:41 usr1
drwxr-xr-x   4 root     root         1024 Jun 11 14:41 usr2

I can mount usr2 but not usr1 (see question)
0
ahoffmannAuthor Commented:
Adjusted points to 200
0
peleCommented:
First you can't change mount points just like that. If your linux box has /etc/fstab entries, it expects to see those entries correct in the real world. So if you're trying to mount something from another export on your server, you _have_ to specify the filesystem (nfs). Now onto the other bit...

From what I see there this sounds like a security problem. And what better place to look for security than /etc/hosts.deny/allow?
In your hosts.deny put
portmap: ALL
and forget about it, if you want something secure.
then in your hosts.allow put:
portmap: 1.1.1.1/1.1.1.2/1.1.1.3/1.1.1.4/1.1.1.5....
remember to substitute this for your real IPs and _remember_ to
put your linux box in there aswell!!!
And that's about it really...
Regards,

Pele
0
ahoffmannAuthor Commented:
> If your linux box has /etc/fstab entries, it expects to see those entries correct in the real world
I'm not talking about the clients fstab, my problem is on the server's exports file.

> hosts.deny      portmap: ALL
I forget :-(

> hosts.allow      portmap: ip/ip/ip/..
I forget too, because I want to have wildcards. This is what
the  *  in exports claims to be. I need this 'cause there are some dhcp assigned IPs, and I never want to change this file if someone puts new (trusted) hosts anywhere.

0
peleCommented:
ok ok, mistaks are for people ?;)
Still, make sure your hosts.deny contains portmap: ALL
and then hosts.allow do
LOCAL: ALL.
Your wildcards in exports won't help you if you don't do what I've told you.
Your server must know what to services to deny and what services to allow to whom. So, deny to everyone, but allow everything to LOCAL. And youd wildcards aren't a problem, because you can mount  from the hp and all the other machines, SO LEAVE YOUR exports ALONE!!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ahoffmannAuthor Commented:
My configuration looks like:

hosts.deny      ALL: ALL
hosts.allow      ALL: 192.168.40.

Pele, this is similar to your solution (if you meant ALL: LOCAL instead of LOCAL: ALL), but keep in mind that LOCAL might be slightly different to 192.168.40. .

I've tried millions of hosts.* combinations, ending up in
hosts.allow      ALL: ALL
but it's always the same: some (special, see question) clients cannot connect.

I'm unaware if you are pointing to the right direction, 'cause chnages to hosts_access anyhow doesn't affect my problem. While changing exports (see the linuxhost example in my question) results in different behaviors.

BTW, pele, what do you mean by: SO LEAVE YOUR exports ALONE ??
no wildcards, access to everyone?


Pele, I've rejected your answer to make it more atractive for other experts. If you have reasonable hints feel free to contact me at hoffmann@tebis.de . We'll find a way to grade you then :-)
0
peleCommented:
So, my friend, what you're saying is that your hosts.* look
just dandy, but your exports is giving you problems?
Well, you just intrigued me (even though it's impossible), and you know what, I went home,  and _renamed_ all my machines, to match exactly your names, and your IPs. And guess what?
/usr        192.168.*(rw)
/usr/local  192.168.40.*(rw) linuxhost(rw)
works just fine!
(And no I didn't want to repartition my disks to reflect your ones)
With NOTHING in /etc/hosts.allow and /etc/hosts.deny
I didn't have time to edit the other files because I was in a hurry to get back to work. But maybe I'll do that tomorrow morning and try the very same setup you've got.
So, there's nothing wrong with your /etc/exports as I said.
The only thing you might want to check is to add linuxhost to your hosts, maybe the poor server doesn't know about it.
first try mounting from an IP
as in mount 192.168.40.1:/usr1 /import or whatever and see if the resolver might be a problem. Otherwise everything is just fine.
You've got some other problem there...
Your linuxhost _is_ on the same (sub)net right? Because you were mentioning dynamic ip somewhere there....
_Now_ challenge me...
Pele

P.S. _you_ can contact _me_ on pele@artewisdom.com
0
peleCommented:
So, my friend, what you're saying is that your hosts.* look
just dandy, but your exports is giving you problems?
Well, you just intrigued me (even though it's impossible), and you know what, I went home,  and _renamed_ all my machines, to match exactly your names, and your IPs. And guess what?
/usr        192.168.*(rw)
/usr/local  192.168.40.*(rw) linuxhost(rw)
works just fine!
(And no I didn't want to repartition my disks to reflect your ones)
With NOTHING in /etc/hosts.allow and /etc/hosts.deny
I didn't have time to edit the other files because I was in a hurry to get back to work. But maybe I'll do that tomorrow morning and try the very same setup you've got.
So, there's nothing wrong with your /etc/exports as I said.
The only thing you might want to check is to add linuxhost to your hosts, maybe the poor server doesn't know about it.
first try mounting from an IP
as in mount 192.168.40.1:/usr1 /import or whatever and see if the resolver might be a problem. Otherwise everything is just fine.
You've got some other problem there...
Your linuxhost _is_ on the same (sub)net right? Because you were mentioning dynamic ip somewhere there....
_Now_ challenge me...
Pele

P.S. _you_ can contact _me_ on pele@artewisdom.com
0
peleCommented:
this cgi is lame....
0
ahoffmannAuthor Commented:
ups, this question was "auto-accepted" by E-E ;-(

So if someone spend the points for reading this, I'll say that it still won't work that way (pele's suggestion).
I checked all (/etc/host*, /etc/exports) again and again, I used IPs instead of names, I fiddled around with several /etc/host* ..

As long as there is 192.168.40.* in /etc/exports I get the messages and no mount :-((
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.