On Fri, Apr 17, 2009 at 6:15 AM, erik.ableson <eable...@mac.com> wrote:
> Hi there, > > I'm working on a new OS 2008.11 setup here and running into a few issues > with the nfs integration. Notably, it appears that subnet values attributed > to sharenfs are ignored and gives back a permission denied for all > connection attempts. I have another environment where permission is assigned > by FQDN which works fine, but I don't want to have to manage individual > connections for server farms. > > Currently the server is running in a dedicated subnet (192.168.100.0/24) > and the machines that will require access are running in two other subnets ( > 192.168.0.0/24 & 192.168.254.0/24-ESX). The client machines are ESX > Server, Mac OS X, & Linux. From what I've been able to gather, I should be > able to set specific permissions in CIDR syntax with the @ prefix) in the > sharenfs value. I've tried a dozen different variants with no success. > > The one that I think should work is : > > sharenfs=...@192.168.0.0/24:@192.168.254.0/24,ro...@192.168.254.0/24 > > giving access to the client machines as well as giving root access to the > ESX servers. Every connection attempt returns permission denied to the > client. Trying with just a single subnet returns the same error. > > sharenfs=...@192.168.254.0/24,ro...@192.168.254.0/24 > > I've tried all of the following variants (and many others) with no success > : > > sharenfs=on > sharenfs=rw > sharenfs=rw,anon=0 > sharenfs=...@192.168.0.0/16 > > I did check tp make sure that the nfs server is running, :-) > > Everything looks fine from the sharemgr perspective: > sharemgr show -vx zfs > <?xml version="1.0"?> > <sharecfg> > <group name="zfs" state="enabled" zfs="true"> > <group name="n01p01/nfs01" state="enabled" zfs="true" changed="true"> > <optionset type="nfs"/> > <security type="nfs" sectype="sys"> > <option type="rw" value="@192.168.0.0/24:@192.168.254.0/24"/> > <option type="root" value="@192.168.254.0/24"/> > </security> > <share path="/n01p01/nfs01" type="transient" shared="true" > shareopts-nfs="sec=sys,rw=@ > 192.168.0.0/24:@192.168.254.0/24,ro...@192.168.254.0/24"/> > </group> > </group> > </sharecfg> > > From the client side of the house it looks fine: > showmount -e 192.168.100.113 > Exports list on 192.168.100.113: > /n01p01/nfs01 @192.168.254.0/24 @192.168.0.0/24 > > Time to file a bug report? Or is there already one for this issue? > Searching "nfs subnet" on defect.opensolaris.org returns nothing. > > Any ideas appreciated, > > Cheers, > > Erik > Looking at the docs, I believe you have the syntax wrong. It should be either @192.168.254 or @192.168.254/24. Then again, I'm no subnetting genius so I could be completely wrong ;) --Tim
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
