mount.nfs:挂载时服务器拒绝访问

mount.nfs:挂载时服务器拒绝访问

我遇到了一个问题,我已经在 Google 上搜索了至少6 小时28 小时,但毫无收获。每当我尝试挂载目录时,都会收到以下错误(末尾有详细版本):

mount.nfs:挂载时服务器拒绝访问:

最初我将其用作computer1nfs 服务器,但我已将其移至computer2并尝试将其挂载computers3-8。另外需要注意的是,computer2现在充当所有其他计算机(甚至computer1)的 dhcp 路由器,但我几乎可以肯定问题与 的 nfs 设置有关,computer2因为我已尝试以下操作:

  1. 尝试将原始computer1服务器中的文件夹挂载到其中一个computers3-8客户端 -成功
  2. 尝试将原始computer1服务器中的文件夹挂载到新computer2服务器——成功
  3. 尝试将新服务器上的文件夹挂载computer2到其中一个computers3-8客户端——失败
  4. 尝试将文件夹从新computer2服务器挂载到旧computer1服务器--失败
  5. 尝试导出然后安装任何其他文件夹computer2——失败
  6. ssh 往返computer2--成功

除此之外,我还检查了文件的相关部分,确保/etc/exports没有任何错误。因此,我几乎绝对确定这不是权限问题。

问题: 鉴于这不是网络错误,有人可以建议我如何开始调试这个问题吗?

详细输出:

mount: proc already mounted on /proc
mount: /dev/mmcblk0p5 already mounted on /boot
mount: tmpfs already mounted on /var/tmp
mount: tmpfs already mounted on /var/log
mount.nfs: timeout set for Fri Nov 15 07:27:02 2013
mount.nfs: trying text-based options 'vers=3,rsize=8192,wsize=8192,nolock,addr=192.168.7.1'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.7.1 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 192.168.7.1 prog 100005 vers 3 prot UDP port 37300
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting 192.168.7.1:/home/raspi/Documents/raspi/raspi

详细输出2:

这是一种更直接的方法,它将挂载隔离到这里仅涉及的目录:

$ sudo mount -v -o "vers=3" 192.168.7.1:/home/raspi/Documents/raspi/raspi /home/raspi/test
mount: no type was given - I'll assume nfs because of the colon
mount.nfs: timeout set for Fri Nov 15 07:47:38 2013
mount.nfs: rpc.statd is not running but is required for remote locking.
mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
mount.nfs: an incorrect mount option was specified

我以前遇到过这个rpc.statd is not running but is required for remote locking错误,但是世界上所有的谷歌搜索都对我没有任何帮助......

编辑

混乱要求我执行以下命令并显示结果:

首先在服务器上:

SERVER$ sudo exportfs -rv
exporting raspi1:/home/raspi/Documents/raspi/raspi
exporting raspi2:/home/raspi/Documents/raspi/raspi
exporting raspi3:/home/raspi/Documents/raspi/raspi
exporting raspi4:/home/raspi/Documents/raspi/raspi
exporting raspi5:/home/raspi/Documents/raspi/raspi
exporting raspi6:/home/raspi/Documents/raspi/raspi
exporting raspi7:/home/raspi/Documents/raspi/raspi
exporting raspi8:/home/raspi/Documents/raspi/raspi
exporting raspi9:/home/raspi/Documents/raspi/raspi
exporting raspi10:/home/raspi/Documents/raspi/raspi
exporting raspi11:/home/raspi/Documents/raspi/raspi
exporting raspi12:/home/raspi/Documents/raspi/raspi
exporting raspi13:/home/raspi/Documents/raspi/raspi
exporting raspi14:/home/raspi/Documents/raspi/raspi
exporting raspi15:/home/raspi/Documents/raspi/raspi
exporting raspi16:/home/raspi/Documents/raspi/raspi
exporting raspi17:/home/raspi/Documents/raspi/raspi
exporting raspi18:/home/raspi/Documents/raspi/raspi
exporting raspi19:/home/raspi/Documents/raspi/raspi
exporting raspi20:/home/raspi/Documents/raspi/raspi
exporting raspi21:/home/raspi/Documents/raspi/raspi
exporting raspi22:/home/raspi/Documents/raspi/raspi
exporting raspi23:/home/raspi/Documents/raspi/raspi
exporting raspi24:/home/raspi/Documents/raspi/raspi
exporting raspi25:/home/raspi/Documents/raspi/raspi
exporting raspi26:/home/raspi/Documents/raspi/raspi
exporting raspi27:/home/raspi/Documents/raspi/raspi
exporting raspi28:/home/raspi/Documents/raspi/raspi
exporting raspi29:/home/raspi/Documents/raspi/raspi
exporting raspi30:/home/raspi/Documents/raspi/raspi
exporting raspi5:/home/raspi/Downloads
exporting 192.168.7.105:/home/raspi/Documents/raspi

然后在客户端

CLIENT$ showmount -e 192.168.7.1
Export list for 192.168.7.1:
/home/raspi/Documents/raspi       192.168.7.105
/home/raspi/Documents/raspi/raspi raspi30,raspi29,raspi28,raspi27,raspi26,raspi25,raspi24,raspi23,raspi22,raspi21,raspi20,raspi19,raspi18,raspi17,raspi16,raspi15,raspi14,raspi13,raspi12,raspi11,raspi10,raspi9,raspi8,raspi7,raspi6,raspi5,raspi4,raspi3,raspi2,raspi1
/home/raspi/Downloads             raspi5

CLIENT$ sudo mount -a
mount.nfs: access denied by server while mounting 192.168.7.1:/home/raspi/Documents/raspi/raspi

CLIENT$ sudo tail -f /var/log/daemon.log 2>&1
Nov 15 21:35:55 raspi5 dhclient: bound to 192.168.7.105 -- renewal in 250 seconds.
Nov 15 21:40:05 raspi5 dhclient: DHCPREQUEST on eth0 to 192.168.7.1 port 67
Nov 15 21:40:05 raspi5 dhclient: DHCPACK from 192.168.7.1
Nov 15 21:40:05 raspi5 dhclient: bound to 192.168.7.105 -- renewal in 294 seconds.
Nov 15 21:44:59 raspi5 dhclient: DHCPREQUEST on eth0 to 192.168.7.1 port 67
Nov 15 21:44:59 raspi5 dhclient: DHCPACK from 192.168.7.1
Nov 15 21:44:59 raspi5 dhclient: bound to 192.168.7.105 -- renewal in 262 seconds.
Nov 15 21:49:21 raspi5 dhclient: DHCPREQUEST on eth0 to 192.168.7.1 port 67
Nov 15 21:49:21 raspi5 dhclient: DHCPACK from 192.168.7.1
Nov 15 21:49:21 raspi5 dhclient: bound to 192.168.7.105 -- renewal in 273 seconds.

编辑2

混乱要求我进一步执行以下命令并显示结果:

SERVER$ ping raspi5
PING raspi5 (192.168.7.105) 56(84) bytes of data.
64 bytes from raspi5 (192.168.7.105): icmp_seq=1 ttl=64 time=0.699 ms
64 bytes from raspi5 (192.168.7.105): icmp_seq=2 ttl=64 time=0.683 ms

SERVER$ sudo tail -f /var/log/daemon.log
tail: cannot open ‘/var/log/daemon.log’ for reading: No such file or directory

这是我/etc/exports在服务器上的文件。如您所见,我尝试使用 中定义的名称/etc/hosts、其 IP 地址,并且还尝试导出到不同的文件夹。我省略了所有其他行,因为它们只是最后一行的重复,只是重定向到不同的 raspi。

# /etc/exports: the access control list for filesystems which may be exported
#       to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
#

/home/raspi/Downloads raspi5(rw,sync,no_subtree_check,no_root_squash)
/home/raspi/Documents/raspi/ 192.168.7.105(rw,sync,no_subtree_check,no_root_squash,fsid=0)
/home/raspi/Documents/raspi/raspi raspi5(rw,sync,no_subtree_check,no_root_squash,fsid=0)

这是我/etc/fstab在 raspi5 客户端上的文件

proc            /proc           proc    defaults          0       0
/dev/mmcblk0p5  /boot           vfat    defaults          0       2
/dev/mmcblk0p6 /               ext4    defaults,noatime  0       1
# a swapfile is not a swap partition, so no using swapon|off from here on, use  dphys-swapfile swap[on|off]  for that

#automatically mount the shared raspi folder(s)
# Remember that NFS4 is AIDS, so use NFS3
192.168.7.1:/home/raspi/Documents/raspi/raspi /home/raspi/ nfs nfsvers=3,rsize=8192,wsize=8192,rw,auto,nolock 0 0

# Move highly used directories to RAM
tmpfs /var/tmp tmpfs nodev,nosuid,size=50M 0 0
tmpfs /var/log tmpfs nodev,nosuid,size=50M 0 0

编辑3:

遵循一些建议这里我也在insecure导出中设置了标志,但是无济于事,这里是rpcinfo -p客户端和服务器上的输出:

CLIENT$ sudo rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  53553  status
    100024    1   tcp  60026  status

SERVER$ rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  42430  status
    100024    1   tcp  49377  status
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    2   tcp   2049
    100227    3   tcp   2049
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100227    2   udp   2049
    100227    3   udp   2049
    100021    1   udp  33106  nlockmgr
    100021    3   udp  33106  nlockmgr
    100021    4   udp  33106  nlockmgr
    100021    1   tcp  47922  nlockmgr
    100021    3   tcp  47922  nlockmgr
    100021    4   tcp  47922  nlockmgr
    100005    1   udp  50875  mountd
    100005    1   tcp  53329  mountd
    100005    2   udp  53583  mountd
    100005    2   tcp  42062  mountd
    100005    3   udp  36556  mountd
    100005    3   tcp  39984  mountd

编辑4:

进一步遵循一些建议这里我得到了以下调试日志:

[ 2233.803852] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
[ 2233.803885] NFSD: starting 90-second grace period (net ffffffff81cd29c0)
[ 3261.750455] nfsd: last server has exited, flushing export cache
[ 3262.912654] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
[ 3262.912688] NFSD: starting 90-second grace period (net ffffffff81cd29c0)
[ 5231.798334] nfsd: last server has exited, flushing export cache
[ 5232.956633] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
[ 5232.956668] NFSD: starting 90-second grace period (net ffffffff81cd29c0)
[ 5350.889640] nfsd: last server has exited, flushing export cache
[ 5352.023534] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
[ 5352.023577] NFSD: starting 90-second grace period (net ffffffff81cd29c0)
[ 5517.837425] nfsd: last server has exited, flushing export cache
[ 5518.987793] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
[ 5518.987826] NFSD: starting 90-second grace period (net ffffffff81cd29c0)
[56604.080162] Netfilter messages via NETLINK v0.30.
[56707.453535] nfsd: last server has exited, flushing export cache
[56708.605020] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
[56708.605057] NFSD: starting 90-second grace period (net ffffffff81cd29c0)
[57338.926093] NFSD: laundromat service - starting
[57338.926105] NFSD: laundromat_main - sleeping for 90 seconds
[57363.216188] nfsd: freeing readahead buffers.
[57363.216244] nfsd: last server has exited, flushing export cache
[57364.351041] set_max_drc nfsd_drc_max_mem 6008832 
[57364.354764] nfsd: creating service
[57364.354771] nfsd: allocating 32 readahead buffers.
[57364.356023] nfsd4_umh_cltrack_upcall: cltrack_prog is disabled
[57364.356040] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
[57364.356072] NFSD: starting 90-second grace period (net ffffffff81cd29c0)
[57364.369688] nfsd_dispatch: vers 3 proc 0
[57372.738225] nfsd_dispatch: vers 4 proc 0
[57372.753507] nfsd_dispatch: vers 4 proc 1
[57372.753521] nfsv4 compound op #1/3: 24 (OP_PUTROOTFH)
[57372.755550] exp_export: export of invalid fs type.
[57372.755679] found domain 192.168.7.105,raspi5
[57372.755685] found fsidtype 1
[57372.755690] found fsid length 4
[57372.755695] Path seems to be <>
[57372.755722] nfsv4 compound op ffff8801a47ec080 opcnt 3 #1: 24: status 2
[57372.755731] nfsv4 compound returned 2
[57372.779429] nfsd_dispatch: vers 3 proc 0
[57372.792595] exp_export: export of invalid fs type.

编辑5:

我取得了一些进展,并得出了以下结论

  1. 这不是端口问题,因为客户端可以 telnet 到主机telnet 192.168.7.1 2049
  2. 它是大概这不是网络问题,因为服务器甚至无法自行安装
  3. 支持(现在仍然支持)挂载的旧版本正在运行nfs-kernel-server 1:1.2.4-1,而不支持挂载的新服务器正在运行nfs-kernel-server 1:1.2.8-2
  4. 该命令sudo /etc/init.d/portmap restart在旧服务器上有效,但在新服务器上无效,这告诉我新服务器上缺少端口映射。但是,当我尝试通过安装它时sudo apt-get install portmap,它告诉我Note, selecting 'rpcbind' instead of 'portmap', and thatrpcbind 已经是最新版本`

编辑6:

iptables -L这是我的服务器上的输出:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere             LOG level warning

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

并且正确的端口已打开:

CLIENT$ nmap -P0 192.168.7.1

Starting Nmap 6.00 ( http://nmap.org ) at 2013-11-16 06:44 UTC
Nmap scan report for raspiserver (192.168.7.1)
Host is up (0.0095s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
2049/tcp open  nfs

Nmap done: 1 IP address (1 host up) scanned in 1.55 seconds

答案1

我遇到了与楼主相同的问题。以前这个方法对我有用,但更新后就不行了。解决办法是添加“nfsvers=3”选项。

答案2

值得一提的是(即使这里可能不是这种情况),如果您在重命名文件夹或尝试访问新文件夹后突然收到此错误,您可能忘记了您实际上必须指定服务器端哪些文件夹是共享的,哪些不是/etc/exports——这是我的情况的问题。

修改该文件后,你还需要执行sudo service nfs-kernel-server restart

答案3

我的两个同事刚刚在 Vagrant 中解决了类似的问题。AppArmor 是罪魁祸首,可以找到解决方案这里,引用:

mount: cannot mount block device /some/path read-only

dmesg 显示:

[ 6944.194280] type=1400 audit(1385049795.420:32): apparmor="DENIED" operation="mount" info="failed type match" error=-13 parent=6631 profile="lxc-container-default" name="/some/other/path" pid=6632 comm="mount" srcname="/some/path" flags="rw, bind"

AppArmor 正在阻止 LXC 容器内的 mount -o bind。

要启用 id 添加/etc/apparmor.d/lxc/lxc-default

profile lxc-container-default flags=(attach_disconnected,mediate_deleted) {
  ...
    mount options=(rw, bind),
  ...

重新加载装甲:

# /etc/init.d/apparmor reload

答案4

如果服务器未安装在本地主机上,则问题不在于网络。

查看 /etc/hosts.deny 和 /etc/hosts.allow。

只为进一步的问题...:我玩了几天的 NFS 旧版本。我在两台主机之间有一个中间交换机,允许从 ServerIP<->ClientIP 进行所有 TCP 和 UDP 通信,telnet 在每个端口上都可以工作...但 rpcinfo -p 不行。

我们发现交换机有一项名为“检查”的功能,可以检查所有“sunrpc”数据包,如果版本不在“允许”的版本中,则丢弃数据包而不记录任何内容。它被称为“应用层协议检查”。http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm31/configuration/guide/fwsm_cfg/inspct_f.html#wp1349924

在此之后我们还发现我们必须为防火墙配置静态端口,但这是另一个问题。

相关内容