Skip to main content
NetApp Knowledge Base

Unable to mount NFS export when client does not match any export-policy rules

  1. Last updated
  2. Save as PDF
Views:
970
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9
  • NFS
  • CVO

Issue

  • NFS clients are unable to mount the exported volume or qtree
  • Client error: Permission denied and/or access denied by server while mounting and/or mount.nfs: Operation not permitted
    • ​​​​

      [root@client1 ~]# mount 10.1.2.3:/vol1 /mnt -v
      mount.nfs: timeout set for Fri Mar 12 01:11:48 2021
      mount.nfs: trying text-based options 'vers=4.1,addr=10.1.2.3,clientaddr=10.3.4.5'
      mount.nfs: mount(2): Operation not permitted
      mount.nfs: trying text-based options 'addr=10.1.2.3'
      mount.nfs: prog 100003, trying vers=3, prot=6
      mount.nfs: trying 10.1.2.3 prog 100003 vers 3 prot TCP port 2049
      mount.nfs: prog 100005, trying vers=3, prot=17
      mount.nfs: trying 10.1.2.3 prog 100005 vers 3 prot UDP port 635
      mount.nfs: mount(2): Permission denied
      mount.nfs: Operation not permitted    

    • [root@client1 ~]# mount 10.1.2.3:/vol1 /mnt
      mount.nfs: access denied by server while mounting 10.1.2.3:/vol1

  • Running the export-policy check-access command shows that the client was denied on Rule Index 0

Example Volume:

::*> export-policy check-access -vserver vs_name -volume vol_name -client-ip 10.41.xx.xxx -authentication-method sys -protocol nfs3 -access-type read-write
                             Policy    Policy     Rule
Path              Policy     Owner     Owner Type Index  Access
----------------- ---------- --------- ---------- ------ ----------
/                 default    svm_root  volume         11 read
/oracle          oracle_policy oracle  volume         0  denied
2 entries were displayed.

Example Qtree:

::> export-policy check-access -vserver shruti -volume test_asa -client-ip 10.216.41.xx -authentication-method sys -protocol nfs3 -access-type read-write  -qtree test_asa_qtree
                                         Policy    Policy       Rule
Path                          Policy     Owner     Owner Type  Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/                             test1      shru_svm_root
                                                   volume          1 read
/test_asa                     default    test_asa  volume          5 read
/test_asa/test_asa_qtree      qtree_policy
                                         test_asa_qtree
                                                   qtree           0 denied
3 entries were displayed.

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.