SECURE NFS VIA SSH TUNNELLING John Bowman http://www.math.ualberta.ca/imaging/snfs 7 November 2002 Troubleshooting/Frequently Asked Questions This troubleshooting guide assumes that one is mounting the directory /DIR from the remote computer REMOTE on the local computer LOCAL.DOMAIN as /REMOTE/DIR. The exact text of the error messages below may vary between operating systems. 1. mount: LOCAL.DOMAIN:/DIR failed, reason given by server: Permission denied Reread Step 1 of README.NFS, in particular: Ensure that conventional NFS is up and running: verify that you can mount the exported directories on the same machine (on REMOTE; not on localhost). Also check that /DIR after LOCAL.DOMAIN: in /etc/fstab agrees with the exported filesystem name; be sure to re-export with exportfs -r 2. mount: RPC: Unable to receive; errno = Connection refused On LOCAL, use the command sumountall (or sumountall -f) to clear any old rpc_psrv processes. Make sure that no ssh connection remains: issue the command ps -awux | grep 'ssh[[:space:]].*[[:space:]]rpc_pcl' and kill the corresponding processes. Check that no old pid file exists in /var/run/snfs, in user subdirectories of /var/run/snfs, and in .snfs-LOCAL directories in user home directories. Also be sure that LOCAL isn't improperly associated with 127.0.0.1 in /etc/hosts; only localhost.localdomain and localhost should be associated with this IP address. The correct IP address of LOCAL (as reported by /sbin/ifconfig) should appear in /etc/hosts. If you modify the TEMPLATE file, or a REMOTE.tmpl file, be sure to delete (or recreate) the rpc_psrv configuration files for REMOTE, in the etc/snfs directory, in the user subdirectories of etc/snfs and in .snfs-LOCAL directories in user home directories; otherwise, your changes won't take effect. 3. mount: RPC: Port mapper failure - RPC: Unable to receive Reread Step 4 of README.NFS. Make sure that the /etc/fstab entry for /REMOTE/DIR refers to the local host LOCAL, not REMOTE. (If you have a firewall, this must be the local machine name or IP number as seen from within the firewall.) LOCAL.DOMAIN:/DIR /REMOTE/DIR nfs user,noauto,hard,intr,rsize=8192,wsize=8192,mountprog=MOUNTPROG,nfsprog=NFSPROG 0 0 4. mount: RPC: Program not registered Verify that the correct IP number for LOCAL.DOMAIN is in /etc/portmap: portmap: nnn.nnn.nnn.nnn 5. mount: RPC: Authentication error; why = Client credential too weak First, be sure to mkdir the mountpoint /REMOTE/DIR on LOCAL. If the problem persists, kill any old rpc_pcl processes on REMOTE. If you still receive this message, either rpc_psrv or rpc_pcl is blocking a request. Check the UdpForward options in the rpc_psrv configuration file (e.g. etc/snfs/REMOTE). To disable all security checks in rpc_psrv (LOCAL side) set Insecure yes in the rpc_psrv conf file. To disable security checks in rpc_pcl (REMOTE side), set TrustedId * in the rpc_pcl configuration file (etc/rpc_pcl.conf) on REMOTE. (Normally, it should not be necessary to touch these security settings.) 6. mount: RPC: Timed out Kill any old rpc_pcl processes on REMOTE. Make sure that the NFS server is running on REMOTE and that its version agrees with that specified in the rpc_psrv configuration file (etc/snfs/REMOTE). 7. mount: wrong fs type, bad option, bad superblock on LOCAL.DOMAIN:/DIR, or too many mounted file systems Be sure that the nfsprog specified in /etc/fstab agrees with that specified in the rpc_psrv configuration file (etc/snfs/REMOTE). 8. mount hangs indefinitely. Ensure that REMOTE can access its own nfs port 2049 via udp (i.e. that it is not being blocked by a packet filter like ipchains). 9. Cannot register service: RPC: Unable to receive; errno = Connection refused Either portmap is not running, or another rpc_psrv is running and using the same MOUNTPROG. Use a unique MOUNTPROG for each host. 10. /usr/local/bin/snfsmount: rpc_psrv failed Reread Step 6 of README.NFS and verify that your passwordless ssh connection is working. If the message "fatal can't bind local address with privileged port" appears in syslog on REMOTE, you forgot to install rpc_pcl on REMOTE with setuid privileges. Also try restarting the nfs subsystem. 11. /usr/local/bin/snfsmount: Could not determine host Be sure that the mountprog specified in /etc/fstab agrees with that specified in the rpc_psrv configuration file (etc/snfs/REMOTE). 12. If all else fails, read the file README.NFS more carefully, following each step explicitly. If your mount command doesn't support the nfsprog and mountprog options, see the file README.Solaris in the NFS directory. 13. If you are using POSIX Access Control Lists on your server, you can avoid permission denied messages (e.g. from /bin/ls -l) by mounting the filesystem with the noacl option. For more information on ACLs under Linux, see http://www.suse.de/~agruen/acl/linux-acls/. You may redistribute it and/or modify this file under the terms of the GNU General Public License (see the file LICENSE).