wildcard matching not working properly?
Brought to you by:
warnes
Menu
▾
▴
#13 wildcard matching not working properly?
Environment:
RedHat 7.2
rpm -i --force clusternfs-3.0rc2.redhat-0.i386.rpm
/etc/exports:
/shared *()
(and of course start the new rpc.nfsd and rpc.mountd)
When a client tries connecting, the result is a
permission denied error.
On the server side, from rpc.mountd in debug mode, the
result is:
./rpc.mountd -F -d auth -d call
mountd[1598] 01/21/02 15:39 clnt * exports:
mountd[1598] 01/21/02 15:39 /shared
mountd[1598] 01/21/02 15:39 options: rw
noroot portck
mountd[1598] 01/21/02 15:39 flushed host access cache
mountd[1598] 01/21/02 15:39 translate_mnt [1 2/1/21
15:39:10 dorsai.yada.com
0.0+0,1,2,3,4,6,10,12,7,4,9,6,5,3,2,8]
mountd[1598] 01/21/02 15:39 /shared
mountd[1598] 01/21/02 15:39 NFS mount of /shared
attempted from 10.11.4.5
mountd[1598] 01/21/02 15:39 check unknown clnt addr
10.11.4.5
mountd[1598] 01/21/02 15:39
auth_reverse_lookup(10.11.4.5) dorsai.yada.com
mountd[1598] 01/21/02 15:39 client name is
dorsai.yada.com
mountd[1598] 01/21/02 15:39 match dorsai.yada.com ~
*
mountd[1598] 01/21/02 15:39 Unauthorized access by NFS
client 10.11.4.5.
mountd[1598] 01/21/02 15:39 Blocked attempt of
10.11.4.5 to mount /shared
mountd[1598] 01/21/02 15:39 mount res = 13
If I change /etc/exports to read:
/shared *.yada.com()
And then restart the server processes, clients work
fine.
Any ideas?
Thanks,
Brad Silva
Logged In: YES
user_id=416918
try /shared (rw) in /etc/exports.
Should work.
Logged In: YES
user_id=270799
No that does not work. Actually, that's what I want to
work.
Furthermore, I've done some more testing. WIldcards using
IP addresses don't work either, i.e: "/shared 10.*(rw)"
Also, if you configure a machine using NIS as the name
service, it doesn't work. Even if you explicitly put the
machine in the exports file. I.e: "/shared dorsai(rw)",
does not work if the name service is NIS.
We found this when we tried installing it on a different
machine and couldn't get it to work until we realized that
this machine used both NIS and DNS name services. Once we
removed NIS from the nsswitch.conf hosts entry it worked
fine.
Looking at the debug output from mountd, it appears that the
problem is that it only matches correctly if you use fully
qualified DNS in the exports line.
Wierd.
BTW, I'm a senior Unix admin at an Engineering firm. 18
years Unix admin experience.