由于访问被拒绝、UNIX root用户无法挂载NTFS卷

最后更新
另存为PDF

Views:: 84

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas<a>集群模式Data ONTAP 8.3</a><a>1008484</a>

Last Updated:

适用场景

ONTAP 9
NFSv3

问题描述

使用NFSv3作为挂载NFS导出 root 失败、并拒绝访问：

# mount nfsserver:/vtest/qtest /mnt mount.nfs: access denied by server while mounting nfsserver:/vtest/qtest

导出的卷(或qtree)采用NTFS安全模式
SVM已按照启用CIFS审核 ::> vserver audit show -vserver svm1
未配置显式用户映射

示例： UNIX用户 oracle 映射到Windows用户 NASLAB-CORP\ORACLE_Windows_user，但没有 root 用户条目

名称映射：

::> vserver name-mapping show -vserver svm1 Vserver Direction Position -------------- --------- -------- svm1 unix-win 1 Pattern: oracle Replacement: NASLAB-CORP\ORACLE_Windows_user

导出策略允许访问客户端：

::> check-access -vserver svm1 -volume vtest -qtree qtest -client-ip 10.xx.xx.xx -authentication-method sys -protocol nfs3 -access-type read-write (vserver export-policy check-access) Policy Policy Rule Path Policy Owner Owner Type Index Access ----------------------------- ---------- --------- ---------- ------ ---------- / root_policy svm1_root volume 1 read /vtest root_policy vtest volume 1 read /vtest/qtest root_policy qtest qtree 6 read-write 3 entries were displayed.

数据包跟踪指示、挂载成功、但FSFINFO调用失败、并显示以下错误：

438.9431500.00056210.xx.xx.yy10.xx.xx.xx 162 MOUNT AUTH_UNIX,AUTH_NULL V3 MNT Call (Reply In 44) /vtest 448.9432930.00014310.xx.xx.xx10.xx.xx.yy 138 MOUNT AUTH_NULL V3 MNT Reply (Call In 43) 638.9474380.00059810.xx.xx.yy10.xx.xx.xx 226 NFS AUTH_UNIX,AUTH_NULL V3 FSINFO Call (Reply In 64), FH: 0x4c220357 648.9476590.00022110.xx.xx.xx10.xx.xx.yy 106 NFS AUTH_NULL NFS3ERR_ACCES V3 FSINFO Reply