Intermittent NFS access denials due to negative netgroup lookups from NIS in ONTAP 9
Applies to
- ONTAP 9
- NFS
- Netgroups
- NIS
Issue
- Intermittent Permission Denied or Access Denied when mounting or accessing files
- Relevant export-policy uses netgroups to validate hosts
- vserver export-policy netgroup check-membership command intermittently returns incorrect results
- Hostname is confirmed to exist in the relevant netgroup on the NIS server
- In MGWD we can see where no rules are matched in this scenario:
Fri Jul 30 2020 11:28:45 -04:00 [kern_mgwd:info:1670] | [0.332.939] info : Authoritatively returning zero rules: CliAddr=10.10.10.10, vsid=12, rulesetid=25869803777, isRefresh=true, ruleCount=0, Result=0(no error) { in mgwd_export_check_1_svc() at src/mgmtgwd/nfs/mgwd_exports.cc:1824 }