FSx for NetApp - mount.nfs: access denied by server while mounting

Question

Cannot figure out what export-policy I should configure via ONTAP CLI to test mounting an FSx for NetApp NFS Volume from a Linux VM.

I did try many combinations of export policies but there is something which is still blocking the VM from mounting the NFS, can you assist with a sample policy that would work for all attempts or maybe point me to some log files I can check to find reason?

https://docs.netapp.com/us-en/ontap/nfs-config/add-rule-export-policy-task.html

Answer

Here is an example export policy that should allow mounting an FSx for NetApp ONTAP NFS volume from a Linux VM:

```
export-policy policy_name 
{
  rules 
  {
    nfs_rule_1 
    {
      clients {0.0.0.0/0;} 
      ro_rule {sys; }
      rw_rule {sys;}
    }
  }
}

vserver vserver_name 
nfs modify -vserver vserver_name -export-policy policy_name /fsx_volume
```

This export policy allows read-write access from all IP addresses (0.0.0.0/0) to the /fsx_volume path.

Some things to check:

* Make sure the security group for the FSx ONTAP file system allows inbound NFS traffic from the VM's security group
* Confirm the mount command on the VM is using the correct FSx DNS name and path
* Check export-policy rule show on ONTAP for any deny rules blocking access
* Check ONTAP logs at /mroot/etc/log/ for any relevant entries
* Try mounting first using IP address instead of DNS name
* Verify NFSv3 or NFSv4 is enabled on the volume in ONTAP

Start with a permissive export policy allowing full access, then tighten it down once basic mounting is working. The ONTAP logs and export-policy commands should help identify any specific policies blocking access.

FSx for NetApp - mount.nfs: access denied by server while mounting

Relevant content