Mount failed with mount: mount.nfs: access denied by server while mounting error

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (RHEL) 6, 7
  • NFS

Issue

  • Error is seen in the log:

     <hostname> mount: mount.nfs: access denied by server while mounting *.*.*.*:/home/share
    

Resolution

  • Include insecure option in /etc/exports on NFS server like below:

    # cat /etc/exports 
    /home/export *(rw,sync,no_root_squash,insecure)
    
  • Re-export the share:

    # exportfs -rav
    
  • Try to mount the NFS share on NFS client.

Note: Share should be unmounted from all the clients before making any configuration changes on the NFS server else the share will become stale

Root Cause

  • Reserved ports are TCP/UDP ports from 0 to 1024 for privileged services and designated as well-known ports.

  • Below error was captured in log which means that NFS server requires a secure port:

    <hostname> rpc.mountd[8111]: refused mount request from *.*.*.* for /home/export (/home/export): illegal port 21645
    

Diagnostic Steps

  • NFS Server is pingable and able to telnet to port 2049 and 111.
  • The showmount -e <nfs server ip> command gets hung.
  • rpcinfo -p <nfs server ip> displays list of all registered RPC programs
  • Try to mount with NFS version 3 but still it failed with error "access denied".
  • Check /var/lib/nfs/etab at NFS share that share is exported or not.
  • Tcpdump analysis:

    # tshark -tad -n -r clien.pcap -Y 'frame.number == 500' -O rpc | sed '/^Re/,$ !d'
    Remote Procedure Call, Type:Reply XID:0x3f510e1b
        Fragment header: Last fragment, 20 bytes
            1... .... .... .... .... .... .... .... = Last Fragment: Yes
            .000 0000 0000 0000 0000 0000 0001 0100 = Fragment Length: 20
        XID: 0x3f510e1b (1062276635)
        Message Type: Reply (1)
        [Program: NFS (100003)]
        [Program Version: 4]
        [Procedure: COMPOUND (1)]
        Reply State: denied (1)
        [This is a reply to a request in frame 498]
        [Time from request: 0.000611000 seconds]
        Reject State: AUTH_ERROR (1)                            <===== Error
        Auth State: bad credential (seal broken) (1)
    

The nfs-server can not authenticate the NFS client.

  • Further tcpdump analysis

    # tshark -tad -nr client.pcap -Y nfs.status!=0
    20 2018-12-18 13:46:46.377409  *.*.*.* → *.*.*.*  NFS 144 V4 Reply (Call In 12) PUTROOTFH | GETATTR Status: 
    NFS4ERR_PERM 
    

NFS4ERR_PERM indicates that the requester is not the owner. The operation was not allowed because the caller is neither a privileged user (root) nor the owner of the target of the operation.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.