从LDAP使用网络组时、无法访问NFS挂载点
适用场景
- ONTAP 9 及更高版本
- NFS
- 网络组
问题描述
- 在导出策略中使用netgroup作为客户端匹配时、NFS挂载失败、客户端上显示以下错误:
mount.nfs: access denied by server while mounting nfs-server-name:/mount-point
- 导出策略规则包括已配置为对网络组使用文件、LDAP和nis的网络组和ns-switch。
- 导出策略检查访问失败:
cdot_vsim_9_8::> check-access -vserver vs1 -volume vol1 -client-ip 10.x.2.x -authentication-method sys -protocol nfs3 -access-type read-write
(vserver export-policy check-access)
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/ default vs1_root volume 1 read
/vol1 policy-name vol1 volume 0 denied
2 entries were displayed.
- "netgrpcheck"显示客户端不是导出策略规则中添加的网络组的成员。
cdot_vsim_9_8::*> getxxbyyy netgrpcheck -node node1 -vserver vs1 -netgroup netgroup1 -clientIP 10.x.2.x -enable-domain-search-flag true -trust-any-source false -show-source true
Client 10.x.2.x is not a member of netgroup netgroup1
Searched using NETGROUP_BYHOST_CACHE
Source used for lookup: NS Cache
- 跟踪显示客户端IP 10.x.2.x的挂载调用失败、并显示错误"ERR_access"(访问被拒绝)
No Date Source Destination Proto Info
57 01:17:01 10.x.2.x 10.x.2.x MOUNT V3 MNT Call (Reply In 59) /vol1
59 01:17:01 10.x.2.x 10.x.2.x MOUNT MNT Reply (Call In 57) Error:ERR_ACCESS