Skip to main content
NetApp Knowledge Base

UNIX root user unable to mount NTFS volume due to access denied

Views:
4,096
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • NFSv3
  • SMB Auditing is enabled

Issue

  • Mounting NFS export with NFSv3 as root fails with access denied: 

# mount nfsserver:/vtest/qtest /mnt
mount.nfs: access denied by server while mounting nfsserver:/vtest/qtest

  • Exported volume (or qtree) has NTFS security style
  • SVM has CIFS auditing enabled as per ::> vserver audit show -vserver svm1​​​​​​
  • No explicit user mapping configured

Example: UNIX user oracle maps to Windows user NASLAB-CORP\ORACLE_Windows_user, but no entry for root user

  • Name-mapping:

::> vserver name-mapping show -vserver svm1
Vserver        Direction Position    
-------------- --------- -------- 
svm1   unix-win  1        Pattern: oracle
                              Replacement: NASLAB-CORP\ORACLE_Windows_user

  • Export policy allows access to client:

::> check-access -vserver svm1 -volume vtest -qtree qtest -client-ip 10.xx.xx.xx -authentication-method sys -protocol nfs3 -access-type read-write
  (vserver export-policy check-access)
                                         Policy    Policy       Rule
Path                          Policy     Owner     Owner Type  Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/                             root_policy
                                         svm1_root
                                                   volume          1 read
/vtest                        root_policy
                                         vtest
                                                   volume          1 read
/vtest/qtest
                              root_policy
                                         qtest
                                                   qtree           6 read-write
3 entries were displayed.

  • Packet trace indicates, the mount succeeds, but the FSINFO Call fails with the following error:

438.9431500.00056210.xx.xx.yy10.xx.xx.xx    162 MOUNT AUTH_UNIX,AUTH_NULL         V3 MNT Call (Reply In 44) /vtest
448.9432930.00014310.xx.xx.xx10.xx.xx.yy    138 MOUNT AUTH_NULL                   V3 MNT Reply (Call In 43)
638.9474380.00059810.xx.xx.yy10.xx.xx.xx    226 NFS   AUTH_UNIX,AUTH_NULL         V3 FSINFO Call (Reply In 64), FH: 0x4c220357
648.9476590.00022110.xx.xx.xx10.xx.xx.yy    106 NFS   AUTH_NULL NFS3ERR_ACCES     V3 FSINFO Reply

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.