Thanks to Jeff Stephens, Peter Carucci, Scott Grigsby and Morry Katz
for trying hard to point me in the right direction on this one. Their
email responses are appended and appreciated - the cumulative effect
made me see the light.
The problem was that NFS is using DNS for host name resolution, and I
had cleverly called the host doing the NFS mount "hiPPo.ru.ac.za" in
the zone file. Now most of the time DNS stuff is case insensitive, but
NFS is fussy...
What eventually worked, after much trial and error and gnashing of
teeth, was this simple change to my /etc/exports:
/usr/share/src/local -access=hiPPo.ru.ac.za,root=hiPPo.ru.ac.za
Everything else stayed as is.
Here is my original posting:
=========================================================================
In <3pdap1$73m@hippo.ru.ac.za> ccfj@hippo.ru.ac.za (F. Jacot Guillarmod) writes:
>In common with just about everyone on the Internet, I'm trying to
>tighten up the security of our systems. One of the things that doesn't
>want to co-operate is NFS. Try as I might, if I use the "-access"
>option, I can't mount the directory. Here's the details:
>===================== /etc/exports on buffalo.ru.ac.za =================
>/usr/share/src/local -access=hippo.ru.ac.za,root=hippo.ru.ac.za
>===================== /etc/fstab on hippo.ru.ac.za =================
>/dev/sd0a / 4.2 rw 1 1
>/dev/sd2a /home 4.2 rw 1 3
>/dev/sd1a /usr 4.2 rw 1 2
>/dev/fd0 /pcfs pcfs rw,noauto 0 0
>/dev/sd1b /dev/sd1b swap 0 0 0
>/dev/sd2b /dev/sd2b swap 0 0 0
>buffalo.ru.ac.za:/usr/share/src/local /junk nfs rw,noquota,soft,intr,bg 0 0
>===================== "output of mount -va" =================
>mount: /dev/sd2a already mounted
>mount: /dev/sd1a already mounted
>mount: access denied for buffalo.ru.ac.za:/usr/share/src/local
>mount: giving up on:
> /junk
>==========================================================================
>If I change:
>/usr/share/src/local -access=hippo.ru.ac.za,root=hippo.ru.ac.za
>to:
>/usr/share/src/local -root=hippo.ru.ac.za
>things work just fine... except that any old Tom, Dick or Harry can then
>mount my file system :-(
>We're not running NIS, and we are running BIND 4.9.3 Beta17. I suspect
>some sort of RPC problem, but it's not clear which daemons should be
>running on which system if NIS isn't active.
>Any hints as to where exactly in TFM to look would be appreciated...
>I've gone through the NFS section of an old SunOS 4.1 system
>administration manual a few times, but still can't spot my obvious
>mistake.
========================================================================
and here are the responses. Thanks!
========================================================================
Date: Tue, 23 May 1995 15:36:20 -0600
From: Scott Grigsby <grigsby@terra.colorado.edu>
Subject: Re: NFS not working as advertised on SunOS 4.1.3_U1
Well, it seems like the problem is on buffalo, not the client.
Make sure you have rpc.mountd running on buffalo. (For maximum
security, *don't* run it with the -r option.) Some rpc.mountd(aemons)
complain about the case in /etc/exports, and clients may know buffalo
as just "buffalo" -- not the fully-qualified domain name. Try one of
these lines (or some combination thereof) in /etc/exports:
/usr/share/src/local -access=hippo:hippo.ru.ac.za,root=hippo:hippo.ru.ac.za
/usr/share/src/local -access=hippo:hippo.ru.Ac.ZA,root=hippo:hippo.ru.Ac.ZA
/usr/share/src/local -access=hippo:hippo.ru.ac,root=hippo:hippo.ru.ac
/usr/share/src/local -access=hippo:hippo.Ru.AC,root=hippo:hippo.Ru.AC
Also, be sure to run exportfs again after changing /etc/exports.
You might also try killing and restarting rpc.mountd.
You could also look in /etc/xtab and see if the filesystem is really
being exported.
Hope this helps!
Scott
========================================================================
Date: Fri, 19 May 95 10:44:55 -0500
From: Jeff A Stephens 312C M 402424 <jsteph@daugherty.com>
Subject: Re: NFS not working as advertised on SunOS 4.1.3_U1
With the results you're showing, I'd be willing to be that the root
access doesn't work either...Just because it doesnt complain doesn't
mean it granted root access to the system... You may want to check.
I'd say you need to check how the two hosts know each other. If they
know each other by just their hostnames, not hostname.domain, then
the authentication will not work...Suns auth system demands the host
names match up.
Just for giggles, try
/usr/share/src/local -access=hippo
I've run into situations like this before, and its usually just a
syntax problem somewhere...
Good luck!
Jeff
========================================================================
Date: Thu, 18 May 95 09:23:31 EDT
From: dkbfp-dev!nyprod!peterc@uunet.uu.net (Peter Carucci)
Subject: Re: NFS not working as advertised on SunOS 4.1.3_U1
The problem appears to be in your hostname selection. I don't think that dotted hostnames are supported. the following is from the BUG id section of the latest edition of sunSolve:
Bug Id: 1151614
Category: sysadmin
Subcategory: other
Release summary: s1093
Synopsis: want dotted hostname be supported
Integrated in releases:
Patch id:
Description:
customer commented
"
But more importantly, Sun/Att has made a very bad assumption that
hostnames should not contain dots. Applications like, NIS+ and cm (calendar
manager) do not work with dotted hostnames. There is no reason why an
application should be tied in with the format of a hostname.
I simply want to be able to set my hostname to a dotted hostname,
(partially qualified hostname) like beach.csri and setup NIS+ and use cm,
etc....
.
."
Your /etc/exports and /etc/fstab appear to be correct. I would suggest experimenting by changing the hostname and seeing what happens.
Good Luck,
Peter
===========================================================================
Date: Wed, 17 May 95 14:43:57 PDT
From: katz@rpal.rockwell.com (Morry Katz)
Subject: NFS not working as advertised on SunOS 4.1.3_U1
My best guess is that your NFS server is unable to reverse map
hippo.ru.ac.za's IP address to its FQDN so that the comparison of the
mounter and the access name fails. Since you are not running NIS,
this lookup should be checking the /etc/hosts file. Do you have
hippo.ru.ac.za listed in /etc/hosts? Is the FQDN the first name
listed after the IP address? I am not sure the later is required, I
forget the bugs/features of /etc/hosts lookups.
============================================================================
-- F.F. Jacot Guillarmod PO Box 94 \ | ccfj@hippo.ru.ac.za Computing Services Grahamstown 6140 \ / Fax: +27 461 25049 Rhodes University South Africa ;___*/ Phone: +27 461 318284 The views expressed above are not necessarily those of Rhodes University
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:25 CDT