UNIX root user unable to mount NTFS volume due to access denied
Applies to
- ONTAP 9
- NFSv3
- SMB Auditing is enabled
Issue
- Mounting NFS export with NFSv3 as
root
fails with access denied:
# mount nfsserver:/vtest/qtest /mnt
mount.nfs: access denied by server while mounting nfsserver:/vtest/qtest
- Exported volume (or qtree) has NTFS security style
- SVM has CIFS auditing enabled as per
::> vserver audit show -vserver svm1
- No explicit user mapping configured
Example: UNIX user oracle
maps to Windows user NASLAB-CORP\ORACLE_Windows_user
, but no entry for root
user
- Name-mapping:
::> vserver name-mapping show -vserver svm1
Vserver Direction Position
-------------- --------- --------
svm1 unix-win 1 Pattern: oracle
Replacement: NASLAB-CORP\ORACLE_Windows_user
- Export policy allows access to client:
::> check-access -vserver svm1 -volume vtest -qtree qtest -client-ip 10.xx.xx.xx -authentication-method sys -protocol nfs3 -access-type read-write
(vserver export-policy check-access)
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/ root_policy
svm1_root
volume 1 read
/vtest root_policy
vtest
volume 1 read
/vtest/qtest
root_policy
qtest
qtree 6 read-write
3 entries were displayed.
- Packet trace indicates, the mount succeeds, but the FSINFO Call fails with the following error:
438.9431500.00056210.xx.xx.yy10.xx.xx.xx 162 MOUNT AUTH_UNIX,AUTH_NULL V3 MNT Call (Reply In 44) /vtest
448.9432930.00014310.xx.xx.xx10.xx.xx.yy 138 MOUNT AUTH_NULL V3 MNT Reply (Call In 43)
638.9474380.00059810.xx.xx.yy10.xx.xx.xx 226 NFS AUTH_UNIX,AUTH_NULL V3 FSINFO Call (Reply In 64), FH: 0x4c220357
648.9476590.00022110.xx.xx.xx10.xx.xx.yy 106 NFS AUTH_NULL NFS3ERR_ACCES V3 FSINFO Reply