                      SECURE NFS VIA SSH TUNNELLING
                  John Bowman <bowman@math.ualberta.ca>
                 http://www.math.ualberta.ca/imaging/snfs
                              7 November 2002

                  Troubleshooting/Frequently Asked Questions

This troubleshooting guide assumes that one is mounting the directory /DIR from
the remote computer REMOTE on the local computer LOCAL.DOMAIN as /REMOTE/DIR. 
The exact text of the error messages below may vary between operating systems.

1. mount: LOCAL.DOMAIN:/DIR failed, reason given by server: Permission denied
Reread Step 1 of README.NFS, in particular:

Ensure that conventional NFS is up and running: verify that you can mount
the exported directories on the same machine (on REMOTE; not on localhost).

Also check that /DIR after LOCAL.DOMAIN: in /etc/fstab agrees with the
exported filesystem name; be sure to re-export with exportfs -r

2. mount: RPC: Unable to receive; errno = Connection refused
On LOCAL, use the command sumountall (or sumountall -f) to clear any old
rpc_psrv processes. Make sure that no ssh connection remains: issue the command
ps -awux | grep 'ssh[[:space:]].*[[:space:]]rpc_pcl'
and kill the corresponding processes.
Check that no old pid file exists in /var/run/snfs, in user
subdirectories of /var/run/snfs, and in .snfs-LOCAL directories in user home
directories. 

Also be sure that LOCAL isn't improperly associated with 127.0.0.1 in
/etc/hosts; only localhost.localdomain and localhost should be associated
with this IP address. The correct IP address of LOCAL (as reported by
/sbin/ifconfig) should appear in /etc/hosts.

If you modify the TEMPLATE file, or a REMOTE.tmpl file, be sure
to delete (or recreate) the rpc_psrv configuration files for REMOTE, in the
etc/snfs directory, in the user subdirectories of etc/snfs and in .snfs-LOCAL
directories in  user home directories; otherwise, your changes won't take
effect. 

3. mount: RPC: Port mapper failure - RPC: Unable to receive
Reread Step 4 of README.NFS. Make sure that the /etc/fstab entry for
/REMOTE/DIR refers to the local host LOCAL, not REMOTE. (If you have a
firewall, this must be the local machine name or IP number as seen from
within the firewall.)

LOCAL.DOMAIN:/DIR /REMOTE/DIR nfs user,noauto,hard,intr,rsize=8192,wsize=8192,mountprog=MOUNTPROG,nfsprog=NFSPROG 0 0

4. mount: RPC: Program not registered
Verify that the correct IP number for LOCAL.DOMAIN is in /etc/portmap:
portmap: nnn.nnn.nnn.nnn

5. mount: RPC: Authentication error; why = Client credential too weak
First, be sure to mkdir the mountpoint /REMOTE/DIR on LOCAL.
If the problem persists, kill any old rpc_pcl processes on REMOTE. 
If you still receive this message, either rpc_psrv or rpc_pcl is blocking
a request. Check the UdpForward options in the rpc_psrv configuration file
(e.g. etc/snfs/REMOTE).
To disable all security checks in rpc_psrv (LOCAL side) set
Insecure yes
in the rpc_psrv conf file.
To disable security checks in rpc_pcl (REMOTE side), set
TrustedId *
in the rpc_pcl configuration file (etc/rpc_pcl.conf) on REMOTE. (Normally,
it should not be necessary to touch these security settings.)

6. mount: RPC: Timed out
Kill any old rpc_pcl processes on REMOTE.
Make sure that the NFS server is running on REMOTE and that its version
agrees with that specified in the rpc_psrv configuration file
(etc/snfs/REMOTE).

7. mount: wrong fs type, bad option, bad superblock on LOCAL.DOMAIN:/DIR,
       or too many mounted file systems
Be sure that the nfsprog specified in /etc/fstab agrees with that
specified in the rpc_psrv configuration file (etc/snfs/REMOTE).

8. mount hangs indefinitely.
Ensure that REMOTE can access its own nfs port 2049 via udp (i.e. that it
is not being blocked by a packet filter like ipchains).

9. Cannot register service: RPC: Unable to receive; errno = Connection refused
Either portmap is not running, or another rpc_psrv is running and using
the same MOUNTPROG. Use a unique MOUNTPROG for each host.

10. /usr/local/bin/snfsmount: rpc_psrv failed
Reread Step 6 of README.NFS and verify that your passwordless ssh
connection is working. If the message "fatal can't bind local address with
privileged port" appears in syslog on REMOTE, you forgot to install rpc_pcl
on REMOTE with setuid privileges. Also try restarting the nfs subsystem.

11. /usr/local/bin/snfsmount: Could not determine host
Be sure that the mountprog specified in /etc/fstab agrees with that
specified in the rpc_psrv configuration file (etc/snfs/REMOTE).

12. If all else fails, read the file README.NFS more carefully, following each
step explicitly. If your mount command doesn't support the nfsprog and
mountprog options, see the file README.Solaris in the NFS directory.

13. If you are using POSIX Access Control Lists on your server, you
can avoid permission denied messages (e.g. from /bin/ls -l) by mounting the
filesystem with the noacl option. For more information on ACLs under Linux, see
http://www.suse.de/~agruen/acl/linux-acls/.

You may redistribute it and/or modify this file under the terms of the GNU
General Public License (see the file LICENSE).
