hello,
I'm trying to create an access list of specific servers that are allowed to NFS mount our filer, but it seems im not doing something right. I know you can use ip netblocks with the exportfs command, but I need more granular security than that.
this is what i tried in /etc/exports: /vol/vol0 -anon=0,access=all_clusters
all_clusters refers to a netgroup I created in /etc/netgroup with the following entries: mail (mail1.mydomain.com,,) (mail2.mydomain.com,,) dns (dns1.mydomain.com,,) (dns2.mydomain.com,,)
After setting up these two files I ran exportfs -a to load the /etc/exports, the result was that nothing could mount the filer, even the machines listed in netgroups. The mounting error was "permission denied"
Currently I "exportfs /vol/vol0" as the current config, obviously I need to tighten this.
Reading further about exportfs i see that there is a "rw" option, but it does not accept netgroups..
Im sure somebody else has done this before a million times, what am I missing?
thanks a lot, -jc