Unable to mount NFS share from FreeNAS

Status
Not open for further replies.

Elegant

Explorer
Joined
Aug 27, 2015
Messages
67
Hi guys,
I've recently tried creating an NFSv4 share (ticking the appropriate box) from FreeNAS for my Arch Linux machine. For some strange reason, the client indicates that I am being denied by the server:

sudo mount -vvv -t nfs4 -o sec=sys FreeNAS:/mnt/tank/Private /mnt/Private2
mount.nfs4: timeout set for Thu Jul 27 01:17:15 2017
mount.nfs4: trying text-based options 'sec=sys,vers=4.2,addr=10.0.0.21,clientaddr=10.0.0.40'
mount.nfs4: mount(2): Protocol not supported
mount.nfs4: trying text-based options 'sec=sys,vers=4.1,addr=10.0.0.21,clientaddr=10.0.0.40'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting FreeNAS:/mnt/tank/Private


I double-checked that forward and reverse DNS lookups were working on both ends and then checked /var/log/messages which produced no entry; it did create an entry if I typed the share path incorrectly though so I know there is some communication between client and server. My next course of action was to ensure that my Arch Linux could see the share:

showmount -e FreeNAS
Export list for FreeNAS:
/mnt/tank/Private (everyone)


I also checked /etc/exports on FreeNAS to ensure the settings were accurate:

root@FreeNAS:~ # cat /etc/exports
V4: / -sec=sys
/mnt/tank/Private -maproot="nobody":"nobody" -sec=sys


I'm not entirely sure this is a FreeNAS issue or if there is something I am missing from Arch Linux (nfs-utils is installed). If anyone has any insight into what may be causing the issue it would be greatly appreciated.
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
Who owns the Private dataset? What mount command are you using to mount?

Sent from my Nexus 5X using Tapatalk
 

Elegant

Explorer
Joined
Aug 27, 2015
Messages
67
Those questions were exactly what I needed. I set maproot to the owner of the dataset and it mounts (I'm under the impression this is correct) but now I have a new problem. On one share I would like to mount a subdirectory so I checked "All Directories" unfortunately using the command sudo mount -vvv -t nfs -o sec=sys FreeNAS:/mnt/tank/Users/Elegant /tmp/Elegant is not mounting the directory Elegant under the dataset Users.
 

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
Those questions were exactly what I needed. I set maproot to the owner of the dataset and it mounts (I'm under the impression this is correct) but now I have a new problem. On one share I would like to mount a subdirectory so I checked "All Directories" unfortunately using the command sudo mount -vvv -t nfs -o sec=sys FreeNAS:/mnt/tank/Users/Elegant /tmp/Elegant is not mounting the directory Elegant under the dataset Users.
Remove that sec option you probably don't need it. When you say it doesn't work you need to provide an error message or something so we can help you.

Sent from my Nexus 5X using Tapatalk
 

Elegant

Explorer
Joined
Aug 27, 2015
Messages
67
Removed sec option; Command + Output:

sudo mount -vvv -t nfs FreeNAS:/mnt/tank/Users/Elegant /tmp/Elegant
mount.nfs: timeout set for Fri Jul 28 00:09:40 2017
mount.nfs: trying text-based options 'vers=4.2,addr=10.0.0.21,clientaddr=10.0.0.40'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.1,addr=10.0.0.21,clientaddr=10.0.0.40'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting FreeNAS:/mnt/tank/Users/Elegant


Dataset Users is owned by administrators:domain admins which is set under maproot. I can mount Users itself but not the the subdirectories of that dataset, "All Directories" is checked. Perhaps I'm missing something?

EDIT: Seems that only the users that are part of the Domain Admins group are able to access their home share though the Users dataset. This may also require further investigating...
 
Last edited:

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
Removed sec option; Command + Output:

sudo mount -vvv -t nfs FreeNAS:/mnt/tank/Users/Elegant /tmp/Elegant
mount.nfs: timeout set for Fri Jul 28 00:09:40 2017
mount.nfs: trying text-based options 'vers=4.2,addr=10.0.0.21,clientaddr=10.0.0.40'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.1,addr=10.0.0.21,clientaddr=10.0.0.40'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting FreeNAS:/mnt/tank/Users/Elegant


Dataset Users is owned by administrators:domain admins which is set under maproot. I can mount Users itself but not the the subdirectories of that dataset, "All Directories" is checked. Perhaps I'm missing something?

EDIT: Seems that only the users that are part of the Domain Admins group are able to access their home share though the Users dataset. This may also require further investigating...
Of course only the owner or group members can access the files. I thought we worked past that already. You could also give the folder permissions to be world read and execute.

Sent from my Nexus 5X using Tapatalk
 

Elegant

Explorer
Joined
Aug 27, 2015
Messages
67
Of course only the owner or group members can access the files.

Are you refering to mounting the subdirectories (still unresolved) or the other users not being able to access their home share?

I was able to determine why I could not access the home share (after mounting the Users dataset) despite the users being given access through the ACLs on Windows. Samba processes SIDs as ID_TYPE_BOTH, meaning both a UID and GID are created for each user. This is problematic as when you assign permissions through the ACL, it adds the permissions for the GID over the UID. With SSSD (what I have on Arch Linux), only the UID is created thus I have a scenario where the user appears to missing permissions (GID is missing and has my ACE!). If I add the UID to the ACL the user is able to access their home directory despite being neither the administrator nor part of domain admins.
 

Elegant

Explorer
Joined
Aug 27, 2015
Messages
67
Alright, I removed all GIDs where GID=UID and re-added them as proper UIDs for my home shares (this is transparent to Windows since UID=GID so the ACL remains unaffected), all users can now browse their home directory if the Users dataset is mounted.

I still have yet to resolve the issue with mounting subdirectories in the Users dataset (this was an issue before and after the above). Every subdirectory and file is owned by administrator:domain admins yet I am not allowed to mount them. I doubled-checked to see if alldirs is present when running cat /etc/exports and it is so I'm not grasping why subdirectories can not be mounted directly. Mount command and output are the same as above:

sudo mount -vvv -t nfs FreeNAS:/mnt/tank/Users/Elegant /tmp/Elegant
mount.nfs: timeout set for Fri Jul 28 00:09:40 2017
mount.nfs: trying text-based options 'vers=4.2,addr=10.0.0.21,clientaddr=10.0.0.40'
mount.nfs: mount(2): Protocol not supported
mount.nfs: trying text-based options 'vers=4.1,addr=10.0.0.21,clientaddr=10.0.0.40'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting FreeNAS:/mnt/tank/Users/Elegant


Anyone have any ideas? Thanks!
 
Status
Not open for further replies.
Top