由于访问被拒绝、UNIX root用户无法挂载NTFS卷
适用场景
- ONTAP 9
- NFSv3
问题描述
- 使用NFSv3作为挂载NFS导出
root
失败、并拒绝访问:
# mount nfsserver:/vtest/qtest /mnt
mount.nfs: access denied by server while mounting nfsserver:/vtest/qtest
- 导出的卷(或qtree)采用NTFS安全模式
- SVM已按照启用CIFS审核
::> vserver audit show -vserver svm1
- 未配置显式用户映射
示例: UNIX用户 oracle
映射到Windows用户 NASLAB-CORP\ORACLE_Windows_user
,但没有 root
用户条目
- 名称映射:
::> vserver name-mapping show -vserver svm1
Vserver Direction Position
-------------- --------- --------
svm1 unix-win 1 Pattern: oracle
Replacement: NASLAB-CORP\ORACLE_Windows_user
- 导出策略允许访问客户端:
::> check-access -vserver svm1 -volume vtest -qtree qtest -client-ip 10.xx.xx.xx -authentication-method sys -protocol nfs3 -access-type read-write
(vserver export-policy check-access)
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/ root_policy
svm1_root
volume 1 read
/vtest root_policy
vtest
volume 1 read
/vtest/qtest
root_policy
qtest
qtree 6 read-write
3 entries were displayed.
- 数据包跟踪 指示、挂载成功、但FSFINFO调用失败、并显示以下错误:
438.9431500.00056210.xx.xx.yy10.xx.xx.xx 162 MOUNT AUTH_UNIX,AUTH_NULL V3 MNT Call (Reply In 44) /vtest
448.9432930.00014310.xx.xx.xx10.xx.xx.yy 138 MOUNT AUTH_NULL V3 MNT Reply (Call In 43)
638.9474380.00059810.xx.xx.yy10.xx.xx.xx 226 NFS AUTH_UNIX,AUTH_NULL V3 FSINFO Call (Reply In 64), FH: 0x4c220357
648.9476590.00022110.xx.xx.xx10.xx.xx.yy 106 NFS AUTH_NULL NFS3ERR_ACCES V3 FSINFO Reply