Mounting the nfs share from CentOS/RHEL NFS server on a NFS client gives error as shown below:
# mount -t nfs x.x.x.x:/share /mnt mount.nfs: access denied by server while mounting x.x.x.x:/share
You can try running the mount command with the verbose option to get an detailed error on the issue.
# mount -t nfs -vvvv server.example.com:/share /mnt mount.nfs: timeout set for Fri Mar 9 17:56:57 2018 mount.nfs: trying text-based options 'vers=4.1,addr=x.x.x.x,clientaddr=x.x.x.x' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'vers=4.0,addr=x.x.x.x,clientaddr=x.x.x.x' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'addr=x.x.x.x' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: trying x.x.x.x prog 100003 vers 3 prot TCP port 2049 mount.nfs: prog 100005, trying vers=3, prot=17 mount.nfs: trying x.x.x.x prog 100005 vers 3 prot UDP port 300 mount.nfs: mount(2): Permission denied mount.nfs: access denied by server while mounting server.example.com:/share
This is a generic issue with NFS mounting at client and can occur due to many issues. Below are some of the most commonly occuring issues.
1. Try mounting with NFSv3
Sometimes the NFS server may only support NFSv3 connections. By default the mount command uses NFSv4, which may result is the error. To avoid this specify the NFSv3 while mounting the share.
# mount -t nfs -o nfsvers=3 x.x.x.x:/share /mnt
2. Check /etc/exports for correct share options
Ensure /etc/exports is properly referring to the correct NFS client information for providing access. Some NFS servers require NFS client name to be resolvable to IP, thus it should be resolvable via DNS or specified in /etc/hosts of the NFS server.. The format of the /etc/exports file is:
dir client1 (options) [client2(options)...]
Client options include (defaults are listed first):
ro / rw :
a) ro : allow clients read only access to the share.
b) rw : allow clients read write access to the share.
sync / async :
a) sync : NFS server replies to request only after changes made by previous request are written to disk.
b) async : specifies that the server does not have to wait.
wdelay / no_wdelay
a) wdelay : NFS server delays committing write requests when it suspects another write request is imminent.
b) no_wdelay : use this option to disable to the delay. no_wdelay option can only be enabled if default sync option is enabled.
no_all_squash / all_squash :
a) no_all_squash : does not change the mapping of remote users.
b) all_squash : to squash all remote users including root.
root_squash / no_root_squash :
a) root_squash : prevent root users connected remotely from having root access. Effectively squashing remote root privileges.
b) no_root_squash : disable root squashing.
# vi /etc/exports /test nfs_client(rw)
3. Check NFS server permissions
– There could be issue with the NFS server sharing the NFS share. Try mounting the problematic share on another NFS client, to rule out the possibility of issue at NFS server.
– Set the permission as (ro,no_root_squash,sync) for nfs export on server end and run command:
# exportfs -r
Then try to mount the NFS share directory. If specifying the NFS client in /etc/exports by domain or hostname ensure the domain name maps to the correct IP, an incorrect entry in /etc/hosts for example could cause access to be denied.
4. Using tcpdump
In very rare cases, you may have to use the tcpdump to capture tcpdump of the mount operation. Run the below command first to start capturing the network packets. In another terminal start the NFS mount operation.
# tcpdump -s0 -i [eth#] host [nfs_server_ip] -w /tmp/tcpdump.pcap
CentOS / RHEL 7 : Configuring an NFS server and NFS client