UNIX root user unable to mount NTFS volume in NFSv4 due to access denied when auditing has been enabled
Applies to
- ONTAP 9
- CIFS/SMB
- NFSv4
- NTFS Security Style
- Auditing
Issue
- Permission and access denied seen when attempting to mount a share
mount -vt nfs SVM1:/AUDITPOC /mnt/testmnt/mount.nfs: timeout set for Thu Nov 6 12:41:10mount.nfs: trying text-based options 'vers=4.2,addr=10.1.1.90,clientaddr=10.1.1.115'mount.nfs: mount(2): Permission deniedmount.nfs: trying text-based options 'vers=4,minorversion=1,addr=10.1.1.90,clientaddr=10.1.1.115'mount.nfs: mount(2): Permission deniedmount.nfs: trying text-based options 'vers=4,addr=10.1.1.90,clientaddr=10.1.1.115'mount.nfs: mount(2): Permission deniedmount.nfs: trying text-based options 'addr=10.161.12.90'mount.nfs: prog 100003, trying vers=3, prot=6mount.nfs: portmap query retrying: RPC: Timed outmount.nfs: prog 100003, trying vers=3, prot=17mount.nfs: portmap query failed: RPC: Timed outmount.nfs: access denied by server while mounting SVM1:/AUDITPOC- Issue occurred after Auditing was enabled on the vserver
- Results of a sectrace:
::> sectrace trace-result show -index 2Vserver: SVM1Node Index Filter Details Reason--------------- ----- -------------------------- ------------------------------CLUSTER-N1 2 Security Style: NTFS and Access is denied because the NT ACL UNIX user could not be mapped to a valid NT user while reading the user's access rights on an object. Protocol: nfs Volume: AUDITPOC Share: - Path: / Win-User: - UNIX-User: 65534 Session-ID: -CLUSTER-N1 2 Security Style: NTFS and Access is denied because the NT ACL UNIX user could not be mapped to a valid NT user while reading the user's access rights on an object.- Packet Trace observation:
289 11:48:02.792231 10.1.1.115 10.1.1.90 NFS V4 Call (Reply In 290) ACCESS FH: 0x20aaa126, [Check: RD LU MD XT DL]290 11:48:02.792440 10.1.1.90 10.1.1.115 NFS V4 Reply (Call In 289) ACCESS, [Allowed: RD LU MD XT DL]291 11:48:02.794014 10.1.1.115 10.1.1.90 NFS V4 Call (Reply In 292) LOOKUP DH: 0x20aaa126/AUDITPOC292 11:48:02.803848 10.1.1.90 10.1.1.115 NFS V4 Reply (Call In 291) LOOKUP | GETATTR Status: NFS4ERR_ACCESS