mount failure

[AveiShriety]

server: 192.168.190.128, export: /opt/data/, nfs version: 3, returned state: 13 now my nfs server uses nfs version 4, is the difference between the java code version and nfs server version the key to cause this error?

[AveiShriety]

@DavidASeibert please help solve this question or guide me! Recently I always meet this error, and can't make my work go on ...... always thank you very much

[DavidASeibert]

@AveiShriety This looks from the error like a permissions issue, not a version issue. Most likely the mount isn't open for the IP address of the caller, or for RW access, or possibly for both. Can you mount the file system as root from the server that's making the NFS call? If that fails, then the issue is the mount options, and you'll have to change those.

[AveiShriety]

@DavidASeibert

• linux-nfs-server

  First, I estabish a linux-nfs-server which ip is 192.168.10.128 and the content of File '/etc/exports' is: '_/opt/data *(rw,sync,no_root_squash,no_allsquash)', in this linux-nfs-server, the access of '/opt/data' is: 'rwxrwxrwx'.

• linux-nfs-client

  And I have the whole access to RW file in the linux-nfs-client which ip is 192.168.10.129 (I create a file in linux-nfs-client and I would see and read this file in linux-nfs-server).

• java code

  But I can't use java codeNfs3 nfs3 = new Nfs3("192.168.10.128", "/opt/data/", new CredentialUnix(0, 0, null), 3); to make connection. And always error: server:192.168.10.128, export: /opt/data/, nfs version: 3, returned state: 13

So, to your enthusiastic answer, I thought I can mount the file system as root from the server that's making the NFS call and I have the RW access.Do you think that I'm right??? If I'm right, then what's the key to cause this error?

[AveiShriety]

May be No Read permission is the key to this question, but as I said before, in the linux-nfs-client that I established, I have the whole RW access which the access of the sharing fold /opt/data/ in the linux-nfs-server is:rwxrwxrwx as root. Which access else need I to open?

[AveiShriety]

@DavidASeibert have solved. Illegal port which is >1024, I changed the /etc/exports where add paramter 'insecure'. Always thank u so much

[DavidASeibert]

@AveiShriety Great! Sorry I couldn't be more help. The client should be trying to use to use a privileged port (<1024) in that case. It's a standard one we've tested against, because EMC Isilon server NFS RPC calls require a privileged port on the client side. If you want secure NFS, you need to make sure you run the client as root, as only root can use privileged ports. I probably need to make the documentation and error messages clearer.

[AveiShriety]

@DavidASeibert yeah, it could not be better to do that. Hhhhhhhaaa...

[AveiShriety]

looking forward to U Enhancement

[DavidASeibert]

Added an issue for the enhancement, so no work remains for this issue.

[anasawad]

Hi @DavidASeibert may you provide some steps of how to secure NFS?

[DavidASeibert]

Hi, @anasawad There are many ways to secure your NFS server, and that's a good topic. This isn't the right forum to discuss that, though. All security lockdown is done on the server side. This project is completely client-focused, and there's nothing to secure on the client side.

[ruslanb-egnaroinc]

Hi, I have the issue : com.emc.ecs.nfsclient.mount.MountException: mount failure, server: 192.168.2.28, export: /mnt/nfs/home, nfs version: 3, returned state: 13 . Server and client are well configured, so where is the issue?

[DavidASeibert]

By the spec, 13 is MNT3ERR_ACCES, or Permission denied. This is documented in the class com.emc.ecs.nfsclient.mount.MountStatus.

[ruslanb-egnaroinc]

Hi, @DavidASeibert thanks for the response. Actually the reason was with secure option within /etc/exports. With secure on, there is no way to mount the file system. This option requires that requests originate on an Internet port less than IPPORT_RESERVED (1024). This option is on by default. To turn it off, specify insecure like : '/home *(rw,sync,insecure)'. Maybe it will be helpful.

[ruslanb-egnaroinc]

@DavidASeibert is there any way to mount the folder and adjust /etc/exports using library ?

[DavidASeibert]

@ruslanb-egnaroinc The nfs client library will handle secure mounts automatically, but only if you run the library as root. In this case, it will detect that the server is requiring a privileged client port (one below 1024), and will automatically find one. If you aren't running as root, though, the client won't be able to use a privileged port, and you'll see the error you found.

[ruslanb-egnaroinc]

Hello @DavidASeibert . Could you please let me know how can I run the library as root?

[DavidASeibert]

@ruslanb-egnaroinc It's the client-side user that must have root privileges (the one actually running the application on the client machine that calls the nfs client). If that user has root privileges, the client machine will let the NFS client use a privileged port on the client machine. If not, the client will be unable to use a privileged port on the client machine, and the mount will fail. To test, you can try running a command to mount the secure NFS server files on the client machine as that user. If that user can't use a privileged port, then that mount will also fail.

[ruslanb-egnaroinc]

@DavidASeibert This is great, but. How can I make the root configs within nfs library? How nfs3 will know that local machine is as root? Where I can for example put password for accessing remote server through ssh?

[ruslanb-egnaroinc]

@DavidASeibert Hello, could you please get back to my question?

[DavidASeibert]

Sorry, @ruslanb-egnaroinc . Got pulled into something else, so thanks for the reminder. NFS3 will know you are trying to connect with server-side root permissions if you just use the default configuration (uid=0, gid=0). In the case of a secure server, it also checks to see that the client-side port is privileged, i.e., below 1024. All you need to do to pass that check is to make sure you're calling the client as a user who has permission to access privileged ports on the client machine. The NFS client will see the call failing because it requires a privileged port, and will automatically find a privileged port to use if the client machine will allow that.

There is no password check, as Unix RPC does not use password authentication, so there is no way to add a password to the client. If you want something more secure than unix (uid/gid) credentials, you would need to use kerberos authentication, and I have not yet implemented that yet for the NFS client. You probably don't need that, though, you just need to make sure you're calling the client as a user who can access privileged ports.

[PENGCHENGLIN007]

I use NFS3 upload file to nfs client,error message is " No registry entry for program: 100005, version: 3, serverIP: 172.16.44.36". can NFS3 only upload file to nfs server?