Broken NFS server (or client?)

ME dugan at passwall.com
Thu Aug 9 18:02:11 PDT 2001 

(Sorry, going to be a little scattered as I am kind of rushed.)
(Comments included until you get to my sig at the very bottom.)

On Thu, 9 Aug 2001, Lincoln Peters wrote:
> There is only one line in /etc/exports:
> / (rw)	# Root filesystem (for diskless clients)

For the kernel running on the client and the disk based test machine, are
you able to 
# cat /proc/filesystems 
and see what you have? if nfs does not show up on the client, see if there
is a module and install it. Check on server, and also may want to install
all nfs modules if they are not installed but available for that kernel.

> There is no firewalling set up on the NFS server (I use a different computer 
> as a firewall).  However, I tried mounting the NFS filesystem on my other 
> test client (the one with a hard disk), and got a "Connection refused" 
> error.
> 
> Perhaps the server is malfunctioning rather than the client.

Yes, more and more is point in this general direction.

Let's focus on this point with your disk based linux box and the server.

What rpc based services are running on the server?
Mark Street <jet at sonic.net> asked the question about running portmap, is
it running?
nfsiod?
rpc.nfsd?
rpc.mountd?

(You mentioned that you were using the kernel based nfs service which
would suggest that you are *not* using nfsd.) Are you on a 2.2 or 2.4
series kernel? If you compiled your own kernel and enabled kernel based
nfs (experimental in 2.2) did you leave nfsd running?

Also, could you do some other tests for me?
Find the IP address for the disk based test NFS client
add an entry in the /etc/hosts file on the NFS server for that station and
call it something uniqe like "test1.netboot.yourcomain.com"
Next, copy and backup the /etc/exports file to something like
/etc/exports.orig (assuming you dont have a /etc/exports.orig) and then
edit the /etc/exports on the system to change this:
/ (rw)	# Root filesystem (for diskless clients)
to something like:
#Root fs for diskless clients:
/ 	*.netboot.yourdomain.com(rw,insecure)

Now can try one of these:
# exportfs -ar
(Above should work for you, but if you cant find it/get it to work,
then...)

*or*

shutdown and restart your nfs service and related services in the
right order, and then restart them in the right order for that box. (Or
you can just reboot the whole dang box if you would prefer.)


After the nfs server comes back with the new exports info, take a look at
your open service ports:
# rpcinfo -p
and/or
# netstat -an | less
Look for ports like:
 nfsd:   2049/udp, 2049tcp
 sunrpc: 111/udp,  111/tcp

and probably some numbered ports like in the 7 hundred range or something.

Also, what version of nfs-utils and mout do you have installed on the
client/server?

Also, as another thought, could you show me your /etc/hosts.allow and
/etc/hosts.deny?



> There are not supposed to be any IP-based authentication checks, at least 
> not yet.  Although I supopse if the server is misconfigured, it might be 
> trying to perform IP-based authentication using an empty list of valid 
> machines.
> 
> BTW, I can't have my test client with a hard disk bind to the address of the 
> diskless test client because I don't know what the IP address is.  I'm not 
> even sure that the test client it is getting an IP address because I can't 
> see any DHCP activity on the DHCP server when the client boots.

This is good to know. dhcpd (from isc) logs and also maintains a leases
file to see who has what and for how long. We can cover that after you
have NFS working from the other client.

> It gives me the NFS error I described earlier, then asks me to insert a 
> floppy disk with a root filesystem.

OK. Thanks.

> This server probably does not have enough disk space to hold two operating 
> system as you described.  I see why it would be a good idea to use a 
> different filesystem than the root filesystem, but I doubt that any of the 
> users of this system would know anything about cracking Linux (although I 
> recognize the possibility).

Anyone able to mount your "/" can have rw permission to modify files. You
mention below that you are aware of the security concerns, so I'll drop
that for now, but will probably review it with you in look at your
/etc/hosts.[deny||allow] and suggestions for hostnames listed in the
/etc/exports and /etc/hosts

> Since nobody else is using either the client or the server at the moment, 
> I'll worry about security once I have them working in some manner.

> The error I described appeared on the client's monitor.  I could not find 
> any records that refer to the test client on the DHCP server or the NFS 
> server.  Although I would expect that if neither was working, the DHCP error 
> would stop the system before the NFS error would come up.

ok

-ME

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t at -(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
     Systems Department Operating Systems Analyst for the SSU Library

More information about the talk mailing list