Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.
NetApp Knowledge Base

How to configure an all_squash equivalent on a NetApp NFS export

Views:
2,027
Visibility:
Public
Votes:
0
Category:
data-ontap-8
Specialty:
nfs
Last Updated:

Applies to

  • Data ONTAP 8.2 7-Mode 
  • Data ONTAP 8.1 7-Mode 
  • Data ONTAP 8 7-Mode
  • Data ONTAP 7 and earlier

Description

This article describes on how to configure an all_squash equivalent on a NetApp NFS export.

Sometimes users prefer to use the all_squash option on a Network File System (NFS) export. On the Linux NFS server (not Data ONTAP), the all_squash option makes the server disregard the incoming NFS User Identifier/ Group Identifier (UID/ GID) and allows the server to be set in the exports instead. When the all_squash option is used, all clients for a particular export are forced to read and write as the same user.

The all_squash option is not used on the storage system. However, the sec=none and anon=(uid) options can be used. For more information, see the following KB: How to configure no_root_squash on Ontap 7mode and Clustered Data ONTAP.

For more information: TR-4067 NFS Best Practice and Implementation Guide (section: 4.8 Mapping All UIDs to a Single UID (squash_all))
For more information on how to perform this in Clustered Data ONTAP: How to enable the equivalent of all_squash in clustered Data ONTAP

The TSAP discusses that the issue is with all the newer NFS clients (not the storage system) that can be reproduced using two Linux machines. Two Debian boxes were used with the sec=none command in the export and the -o sec=none command in the mount and they failed.

Using the sec=none command with the anon=(uid) command through NFSv3 fails on the storage system, and the following message is logged on the console:

Client <IP>, is send the NULL reply

When trying to mount, the client will return an error output similar to the following:

1032305-1.png

 When trying to mount, the storage system will return an error output similar to the following:

1032305-2.png

 

Scan to view the article on your device
CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support