Unable to mount NFS export when client does not match any export-policy rules
Applies to
- ONTAP 9
- NFS
- CVO
Issue
- NFS clients are unable to mount the exported volume or qtree
- Client error:
Permission denied
and/oraccess denied by server while mounting
and/ormount.nfs: Operation not permitted
- Running the export-policy check-access command shows that the client was denied on
Rule Index 0
Example Volume:
::*> export-policy check-access -vserver vs_name -volume vol_name -client-ip 10.41.xx.xxx -authentication-method sys -protocol nfs3 -access-type read-write
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------- ---------- --------- ---------- ------ ----------
/ default svm_root volume 11 read
/oracle oracle_policy oracle volume 0 denied
2 entries were displayed.
Example Qtree:
::> export-policy check-access -vserver shruti -volume test_asa -client-ip 10.216.41.xx -authentication-method sys -protocol nfs3 -access-type read-write -qtree test_asa_qtree
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/ test1 shru_svm_root
volume 1 read
/test_asa default test_asa volume 5 read
/test_asa/test_asa_qtree qtree_policy
test_asa_qtree
qtree 0 denied
3 entries were displayed.