“mount.nfs: access denied by server while mounting” – how to resolve

Problem

Mounting the nfs share from CentOS/RHEL NFS server on a NFS client gives error as shown below:

# mount -t nfs x.x.x.x:/share /mnt
mount.nfs: access denied by server while mounting x.x.x.x:/share

You can try running the mount command with the verbose option to get an detailed error on the issue.

# mount -t nfs -vvvv server.example.com:/share /mnt
mount.nfs: timeout set for Fri Mar 9 17:56:57 2018
mount.nfs: trying text-based options 'vers=4.1,addr=x.x.x.x,clientaddr=x.x.x.x'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.0,addr=x.x.x.x,clientaddr=x.x.x.x'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'addr=x.x.x.x'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying x.x.x.x prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying x.x.x.x prog 100005 vers 3 prot UDP port 300
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting server.example.com:/share

Solution

This is a generic issue with NFS mounting at client and can occur due to many issues. Below are some of the most commonly occuring issues.

1. Try mounting with NFSv3

Sometimes the NFS server may only support NFSv3 connections. By default the mount command uses NFSv4, which may result is the error. To avoid this specify the NFSv3 while mounting the share.

# mount -t nfs -o nfsvers=3 x.x.x.x:/share /mnt

2. Check /etc/exports for correct share options

Ensure /etc/exports is properly referring to the correct NFS client information for providing access. Some NFS servers require NFS client name to be resolvable to IP, thus it should be resolvable via DNS or specified in /etc/hosts of the NFS server.. The format of the /etc/exports file is:

dir client1 (options) [client2(options)...]

Client options include (defaults are listed first):
ro / rw :
a) ro : allow clients read only access to the share.
b) rw : allow clients read write access to the share.
sync / async :
a) sync : NFS server replies to request only after changes made by previous request are written to disk.
b) async : specifies that the server does not have to wait.
wdelay / no_wdelay
a) wdelay : NFS server delays committing write requests when it suspects another write request is imminent.
b) no_wdelay : use this option to disable to the delay. no_wdelay option can only be enabled if default sync option is enabled.
no_all_squash / all_squash :
a) no_all_squash : does not change the mapping of remote users.
b) all_squash : to squash all remote users including root.
root_squash / no_root_squash :
a) root_squash : prevent root users connected remotely from having root access. Effectively squashing remote root privileges.
b) no_root_squash : disable root squashing.

Example :

# vi /etc/exports
/test nfs_client(rw)

3. Check NFS server permissions

– There could be issue with the NFS server sharing the NFS share. Try mounting the problematic share on another NFS client, to rule out the possibility of issue at NFS server.
– Set the permission as (ro,no_root_squash,sync) for nfs export on server end and run command:

# exportfs -r

Then try to mount the NFS share directory. If specifying the NFS client in /etc/exports by domain or hostname ensure the domain name maps to the correct IP, an incorrect entry in /etc/hosts for example could cause access to be denied.

4. Using tcpdump

In very rare cases, you may have to use the tcpdump to capture tcpdump of the mount operation. Run the below command first to start capturing the network packets. In another terminal start the NFS mount operation.

# tcpdump -s0 -i [eth#] host [nfs_server_ip] -w /tmp/tcpdump.pcap