跳转到主内容

从LDAP使用网络组时、无法访问NFS挂载点

Views:
10
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas<a>2009-487537</a>
Last Updated:

适用场景

  • ONTAP 9 及更高版本
  • NFS
  • 网络组

问题描述

  • 在导出策略中使用netgroup作为客户端匹配时、NFS挂载失败、客户端上显示以下错误:
mount.nfs: access denied by server while mounting nfs-server-name:/mount-point
 
  • 导出策略规则包括已配置为对网络组使用文件、LDAP和nis的网络组和ns-switch。
  • 导出策略检查访问失败:
cdot_vsim_9_8::> check-access -vserver vs1 -volume vol1 -client-ip 10.x.2.x -authentication-method sys -protocol nfs3 -access-type read-write
(vserver export-policy check-access)
Policy   Policy    Rule
Path              Policy   Owner   Owner Type  Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/               default   vs1_root   volume      1 read
/vol1             policy-name  vol1    volume      0 denied
2 entries were displayed.
 
  • "netgrpcheck"显示客户端不是导出策略规则中添加的网络组的成员。
cdot_vsim_9_8::*> getxxbyyy netgrpcheck -node node1 -vserver vs1 -netgroup netgroup1 -clientIP 10.x.2.x -enable-domain-search-flag true -trust-any-source false -show-source true
Client 10.x.2.x is not a member of netgroup netgroup1
Searched using NETGROUP_BYHOST_CACHE
Source used for lookup: NS Cache
 
  • 跟踪显示客户端IP 10.x.2.x的挂载调用失败、并显示错误"ERR_access"(访问被拒绝)
No     Date   Source       Destination  Proto   Info
57   01:17:01 10.x.2.x     10.x.2.x     MOUNT     V3 MNT Call (Reply In 59) /vol1
59   01:17:01 10.x.2.x     10.x.2.x     MOUNT     MNT Reply (Call In 57) Error:ERR_ACCESS

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.