Risky101
asked on
Can't mount remote share: "failed: permission denied"
Hi,
The following command fails:
mount -t nfs 192.168.0.200:/ /mnt/test
It gives the following failure command:
mount: 192.168.0.200:/ failed, reason given by server: permission denied.
Background:
1. On the machine with the IP address 192.168.0.200, it has daemons /usr/sbin/rpc.nfsd and /usr/sbin/rpc.mountd running.
2. /etc/exports is ok, it is:
/ *(rw,no_root_squash)
The following command fails:
mount -t nfs 192.168.0.200:/ /mnt/test
It gives the following failure command:
mount: 192.168.0.200:/ failed, reason given by server: permission denied.
Background:
1. On the machine with the IP address 192.168.0.200, it has daemons /usr/sbin/rpc.nfsd and /usr/sbin/rpc.mountd running.
2. /etc/exports is ok, it is:
/ *(rw,no_root_squash)
Firslty I hope you are doing this on a private network nfs is horribly flawed when it comes to security especially if you allow remote root.
Check the /etc/hosts.allow and /etc/host.deny files to see if anything in there is blocking you.
Does /mnt/test exist?
Are the root passwords the same on both boxes? and it not are you authenticating to the remote box with the correct password.
Check the /etc/hosts.allow and /etc/host.deny files to see if anything in there is blocking you.
Does /mnt/test exist?
Are the root passwords the same on both boxes? and it not are you authenticating to the remote box with the correct password.
Hi,
Please check the permission on /. Is it 644. And restart nfsd:
# exportfs -a
# service nfs restart
"no_root_squash" has allowed all root previlege.
Regards,
Wesly
Please check the permission on /. Is it 644. And restart nfsd:
# exportfs -a
# service nfs restart
"no_root_squash" has allowed all root previlege.
Regards,
Wesly
ASKER
> Are you sure you want to mount the / (root partition).
>
> Make sure iptables is not causing the problem. Run iptables -F on the nfs server and try again.
There is no iptables utility on the embedded linux box.
>
> Make sure iptables is not causing the problem. Run iptables -F on the nfs server and try again.
There is no iptables utility on the embedded linux box.
ASKER
> Please check the permission on /. Is it 644. And restart nfsd:
> # exportfs -a
> # service nfs restart
Tried that - same error.
> # exportfs -a
> # service nfs restart
Tried that - same error.
ASKER
> Firslty I hope you are doing this on a private network nfs is horribly flawed
> when it comes to security especially if you allow remote root.
Yes, private network, for development only.
> Check the /etc/hosts.allow and /etc/host.deny files to see if anything in there is blocking you.
There is no /etc/hosts.deny, /etc/hosts.allow has the line:
ALL:ALL
> Does /mnt/test exist?
Yes.
> Are the root passwords the same on both boxes? and it not are you authenticating to the remote > box with the correct password.
No, the root passwords are different. I briefly tried changing the root password on the client to be the same as the password on the server - didnt work. How do I authenticate to the remote box with the correct password?
> when it comes to security especially if you allow remote root.
Yes, private network, for development only.
> Check the /etc/hosts.allow and /etc/host.deny files to see if anything in there is blocking you.
There is no /etc/hosts.deny, /etc/hosts.allow has the line:
ALL:ALL
> Does /mnt/test exist?
Yes.
> Are the root passwords the same on both boxes? and it not are you authenticating to the remote > box with the correct password.
No, the root passwords are different. I briefly tried changing the root password on the client to be the same as the password on the server - didnt work. How do I authenticate to the remote box with the correct password?
ASKER
> Are you sure you want to mount the / (root partition).
>
> Make sure iptables is not causing the problem. Run iptables -F on the nfs server and try again.
I'll restate this - there is no iptables utility on the nfs server (this is the embedded linux box).
>
> Make sure iptables is not causing the problem. Run iptables -F on the nfs server and try again.
I'll restate this - there is no iptables utility on the nfs server (this is the embedded linux box).
One more thing, could you check the "statd" and "lockd" are running on NFS server?
Wesly
Wesly
ASKER
No, there's not running - are these necessary?
Yes, they are needed.
Please do "service nfslock start" to turn on thes two services
and "chkconfig --level 345 nfslock on" to make it start by boot-up.
Wesly
Please do "service nfslock start" to turn on thes two services
and "chkconfig --level 345 nfslock on" to make it start by boot-up.
Wesly
ASKER
Er, are you sure that nfslock is needed? Nfslock is turned off on my Redhat 9.0 box, and it is working as a NFS server right now.
According to "http://packages.debian.org/stable/net/nfs-user-server", "This package contains all necessary programs to make your Linux machine act as an NFS server, being an NFS daemon (rpc.nfsd), a mount daemon (rpc.mountd)."
I am sure that there is some other explanation.
According to "http://packages.debian.org/stable/net/nfs-user-server", "This package contains all necessary programs to make your Linux machine act as an NFS server, being an NFS daemon (rpc.nfsd), a mount daemon (rpc.mountd)."
I am sure that there is some other explanation.
OK, nslockd and statd provide file lock feature for multiple processes access the same file at the same time through NFS.
It's more for file integration purpose to avoid multiple writing on the same file and corrupt the file.
For me, it is necessary.
For Debian, I'm not sure.
Wesly
It's more for file integration purpose to avoid multiple writing on the same file and corrupt the file.
For me, it is necessary.
For Debian, I'm not sure.
Wesly
ASKER
Thanks for your feedback - I turned it off to try to make things more reliable; theres only two computers on the network and one app running on that directory so it should be ok.
Any other clues as to why its failing?
Any other clues as to why its failing?
First of check what is exported by NFS Server
#showmount –e <remote ip>
1. for Client - Pls ping server and check if its working
2. now # showmount –e <ip addr>
OR
#showmount –e <netbios name of server>
3. Next is to if portmapper service is working or not
#rpcinfo –p <ip addr>
Good Luck again.
Manish.
Baroda.
India
#showmount –e <remote ip>
1. for Client - Pls ping server and check if its working
2. now # showmount –e <ip addr>
OR
#showmount –e <netbios name of server>
3. Next is to if portmapper service is working or not
#rpcinfo –p <ip addr>
Good Luck again.
Manish.
Baroda.
India
ASKER
1. Running ping on client:
$ ping 192.168.0.237
$ 64 bytes from 192.168.0.237: icmp_seq=1 ttl=64 time=0.608ms
2. Running showmount on client:
$ showmount -e 192.168.0.237
Export list for 192.168.0.237:
/ *
3. Running rpcinfo on client:
$ rpcinfo -p 192.168.0.237
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100003 2 udp 2049 nfs
100003 2 tcp 2049 nfs
100005 1 udp 625 mountd
100005 2 udp 625 mountd
100005 1 tcp 628 mountd
100005 2 tcp 628 mountd
4. The root password for the client and server is different. Would this stop it working? How can I authenticate across the network?
$ ping 192.168.0.237
$ 64 bytes from 192.168.0.237: icmp_seq=1 ttl=64 time=0.608ms
2. Running showmount on client:
$ showmount -e 192.168.0.237
Export list for 192.168.0.237:
/ *
3. Running rpcinfo on client:
$ rpcinfo -p 192.168.0.237
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100003 2 udp 2049 nfs
100003 2 tcp 2049 nfs
100005 1 udp 625 mountd
100005 2 udp 625 mountd
100005 1 tcp 628 mountd
100005 2 tcp 628 mountd
4. The root password for the client and server is different. Would this stop it working? How can I authenticate across the network?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
> Hi,
> Could you change the nfs share point (/etc/exports) on the server to something other than "/"?
> Say
> /var *(rw,no_root_squash)
> to see you can mount server:/var first.
>
> Wesly
Same problem - permission denied.
The root passwords on both boxes are different, but I can't figure out how to specify a different password when connecting.
> Could you change the nfs share point (/etc/exports) on the server to something other than "/"?
> Say
> /var *(rw,no_root_squash)
> to see you can mount server:/var first.
>
> Wesly
Same problem - permission denied.
The root passwords on both boxes are different, but I can't figure out how to specify a different password when connecting.
To whom does the IP pinged belongs to
i mean 192.168.0.237
regards,
Manish.
Baroda
India.
i mean 192.168.0.237
regards,
Manish.
Baroda
India.
ASKER
192.168.0.237 belongs to the NFS server.
192.168.0.35 belongs to the NFS client.
192.168.0.35 belongs to the NFS client.
ASKER
In the original post, I stated that 192.168.0.200 was the server. Either IP address for the server will do - there is two units.
Do you have another Unix/Linux box in the same network?
Could you try to mount from another Unix/Linux box?
Wesly
Could you try to mount from another Unix/Linux box?
Wesly
You mentioned that it is an embedded box, so maybe this does not apply but have you checked the syslog on the server for any relevant messages?
ASKER
I'm closing this, as there doesn't seem to be an answser forthcoming.
Make sure iptables is not causing the problem. Run iptables -F on the nfs server and try again.
Hope it helps
Manish.
Baroda.
India.