Help: error 7 (RPC: Authentication error) mounting FreeBSD 12.1-RELEASE NFS export

I have a FreeBSD 12.1-RELEASE machine, hostname DellOptiPlex390. I would like to export the folders /usr/home/jdrch/KeePass and /usr/home/jdrch/Sync and mount them via NFS on an OpenIndiana Hipster GUI machine with IP address 192.168.0.71. My username, jdrch, is the same on both machines. I therefore have the following:

My /etc/rc.conf:

Code:
hostname="DellOptiPlex390"
zfs_enable="YES"
kld_list="sysctlinfo"
ifconfig_re0="DHCP"
linux_enable="YES"
dbus_enable="YES"
dsbdriverd_enable="YES"
sddm_enable="YES"
sshd_enable="YES"
nfs_client_enable="YES"
webmin_enable="YES"
smartd_enable="YES"
ntpd_enable=YES
ntpd_sync_on_start=YES
rpcbind_enable="YES"
nfs_server_enable="YES"
nfsv4_server_enable="YES"
mountd_flags="-r"
mountd_enable="YES"
rpc_lockd_enable="YES"
rpc_statd_enable="YES"

My /etc/exports:

Code:
# Export /usr/home as read-write to OpenIndiana
/usr/home -alldirs -rw -mapall=MyFreeBSDUsername 192.168.0.71

I'm exporting /usr/home because the exports(5) man page seems to imply that's necessary. FTA:

All ZFS file systems in the subtree below the NFSv4 tree root must be exported

After any update to either of those files I restart both nfsd & mountd on the FreeBSD server.

Unfortunately, I haven't had any luck getting the export to mount.

Trying to mount one of the subfolders fails:

Code:
# mount DellOptiPlex390:/usr/home/jdrch/KeePass /export/home/jdrch/KeePass
Password:
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
nfs mount: mount: /export/home/jdrch/KeePass: Permission denied

Trying to mount the exported filesystem also fails:

Code:
# mount DellOptiPlex390:/usr/home/ /export/home/jdrch/KeePass        
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
nfs mount: mount: /export/home/jdrch/KeePass: Permission denied

Using sec=sys in the mount command doesn't work, either:

Code:
# mount -F nfs -o vers=4,sec=sys DellOptiPlex390:/usr/home/jdrch/KeePass /export/home/jdrch/KeePass
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
NFS compound failed for server DellOptiPlex390: error 7 (RPC: Authentication error)
nfs mount: mount: /export/home/jdrch/KeePass: Permission denied

Substituting the FreeBSD server's IP address for its hostname has no effect.

Any ideas about anything being wrong with the server-side setup?
 
Last edited by a moderator:
  • The UIDs of your user on both machines should be the same?
    EDIT: Else you need to set up a UID mapping.
  • Try using the kernel-based NFS server instead?
    zfs set sharenfs='your options' dataset
    zfs share dataset
 
With NFSv4 you don't need to match the UIDs, nfsuserd(8) will take care of matching usernames to UIDs. You do need to make sure it's running, on both sides.

Remove the -mapall=MyFreeBSDUsername from your exports. This causes everything to be mapped to that user account. Usually not what you want.

Regarding the authentication error, that's usually because the client is or isn't using reserved ports. Another reason could be that the client is trying to mount as a non-root user.

Code:
nfs_reserved_port_only="NO"     # Provide NFS only on secure port (or NO).

weak_mountd_authentication="NO" # Allow non-root mount requests to be served.
 
Code:
nfs_reserved_port_only="NO"     # Provide NFS only on secure port (or NO).

weak_mountd_authentication="NO" # Allow non-root mount requests to be served.

I'm assuming these would be set in /etc/rc.conf?

Is the part you're referring to?

For Kerberized NFSv4 mounts, it must be running on both client(s) and server for correct operation. For non-Kerberized NFSv4 mounts, this daemon must be running unless all client(s) plus the server are configured to put uid/gid numbers in the owner and owner_group strings.
 
Yes to both. Use e.g. sysrc nfs_reserved_port_only=NO to edit rc.conf(5) safely. It keeps track of duplicates, surrounding "" and such.
EDIT: Once you succeed, set the thread solved: In the 1st post click: "..."->edit thread->prefix
Good luck!
 
mjollnir SirDice I edited /etc/rc.conf as directed and ran # service nfsd restart and # service mountd reload, and am still getting the same error. Any other ideas?
 
From nfsv4(4): On ther server, you have
sysrc nfs_server_enable=YES
sysrc nfsv4_server_enable=YES
sysrc nfsuserd_enable=YES
On the client:
sysrc nfsuserd_enable=YES
sysrc hostid_enable=YES
You will also need to add at least one "V4:'' line to the exports(5) file for NFSv4 to work.
User/group names are consistent (equal) on client & server. All correct?
 
Please use [CMD][/CMD] for single commands. Use [code][/code] for system output and/or whole lists of commands.
 
Back
Top