Take a look at /etc/nsswitch.conf on the filer and be sure you have the line
netgroup: files
If you've got this, then look for syntax errors in /etc/netgroup.
Another possible problem, is reverse DNS lookup. When you export to hostnames (rather than a network block) then when the mount request comes in from the NFS client, the filer takes the IP address of the client (included in the mount request packet) and looks up the hostname with it. Then it checks the export list to be sure the hostname is listed.
Use nslookup to see what your DNS server returns when presented with the NFS client's IP address. Is that the same hostname you are exporting to? If not, then the mount request will fail. Sometimes DNS is not even configured to do reverse lookups, so that will certainly prevent exports to hostnames from working.
If your DNS server is the problem and you can't fix it, then you can always use a local /etc/hosts file on the filer. Put in entries for all your NFS clients and put this line in /etc/nsswitch.conf:
hosts: files dns
But you really ought to fix your DNS server if it's broken.
I forgot to paste the last line of my netgroup file in the previous email, it should be:
mail (mail1.mydomain.com,,) (mail2.mydomain.com,,) dns (dns1.mydomain.com,,) (dns2.mydomain.com,,) all_clusters mail dns
I'm trying to create an access list of specific servers that are allowed
to
NFS mount our filer, but it seems im not doing something right. I know you can use ip netblocks with the exportfs command, but I need more granular security than that.
this is what i tried in /etc/exports: /vol/vol0 -anon=0,access=all_clusters
all_clusters refers to a netgroup I created in /etc/netgroup with the following entries: mail (mail1.mydomain.com,,) (mail2.mydomain.com,,) dns (dns1.mydomain.com,,) (dns2.mydomain.com,,)
After setting up these two files I ran exportfs -a to load the
/etc/exports,
the result was that nothing could mount the filer, even the machines
listed
in netgroups. The mounting error was "permission denied"
Currently I "exportfs /vol/vol0" as the current config, obviously I need
to
tighten this.
Reading further about exportfs i see that there is a "rw" option, but it does not accept netgroups..
Im sure somebody else has done this before a million times, what am I missing?
thanks a lot, -jc
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support