Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
refused mount request - forward lookup doesn't match reverse
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dfelicia
Apprentice
Apprentice


Joined: 11 May 2005
Posts: 281
Location: Southwestern Connecticut

PostPosted: Fri May 20, 2005 6:10 pm    Post subject: refused mount request - forward lookup doesn't match reverse Reply with quote

Code:

/etc/exports:

/export/home        *(rw,insecure,sync,insecure_locks,all_squash,anonuid=1026,anongid=1001)


Short version of problem: Reverse DNS gets messed up frequently on our network, which causes:
Code:

May 20 12:45:56 mynfsserver rpc.mountd: refused mount request from x.x.x.x (nfsclient.domain.com) for /export/home (/export/home): DNS forward lookup does't match with reverse

(Client can be any Linux/UNIX box.)

Short version of question: Is there any way to disable this security check on the Linux NFS host?

Long version of problem:

Our network is Windows based - Active Directory 2003, using Microsoft WINS and Microsoft DNS. Windows machines that are members of the Active Directory domain register their IPs directly with DNS using Microsoft's DDNS (dynamic DNS) mechanism. Windows machines not part of the AD domain get their IPs registered in DNS by way of Microsoft's WINS --> DNS bridge (WINS DB pushes its DB into DNS). Likewise, UNIX/Linux machines that get DHCP assigned addresses get in DNS by registering with WINS by way of Samba. This setup works pretty well, with one exception: Remote access client machines (machines that access network via VPN solution), do not "detach" from the network in an "expected" way... so DNS & WINS does not know to wipe their entries. I'm not an IT person, so I may have oversimplified or misstated some of that...

Anyway, what ends up happening is that we get "stale" reverse lookup entries in DNS, left there by VPN client machines. Now, if a UNIX or Linux client on the network boots up and grabs an IP from DHCP, there is a chance that the IP it grabs is one of those "stale" entries in the reverse lookup zone. The result is an inability to mount NFS shares.

It seems like this would be a rare occurrence, but it actually happens regularly - Engineering runs various Linux distros on VMWare to develop and test code. These images are started on an as-needed basis, so on any given day we could have a bunch of people cold booting Linux.

Long version of question:
What I'm hoping for is a simple server-side workaround, whereby I can make NFS allow mounts from machines that have an invalid reverse lookup entry. Is this possible?

Since VMWare images are often used, abused, and discarded, static IPs are not an ideal solution - Also, since people run VMWare on their laptops, we have no way of knowing what network they are attached to.

Sorry for the long winded post... thank you to anyone who made it this far :D
Back to top
View user's profile Send private message
rouben
Apprentice
Apprentice


Joined: 07 Feb 2005
Posts: 159
Location: Thornhill, ON, Canada

PostPosted: Fri May 20, 2005 8:46 pm    Post subject: Reply with quote

I don't know of a way to bypass DNS check with NFS, however why haven't you considered SAMBA? Do like the Romans to when in Rome (you do have a Windows network)... i.e. use SAMBA instead of NFS. ;)

Also, if your DNS gets broken every once in a while, perhaps using dynamic DNS is not such a good idea? Why not assign static IPs based on MAC address and have a small pool of dynamic IPs for unknown MAC addresses or computers that don't need a static address?

Furthermore, you could set up your own private subnet (192.168.x.y) and run NFS over that.
Back to top
View user's profile Send private message
dfelicia
Apprentice
Apprentice


Joined: 11 May 2005
Posts: 281
Location: Southwestern Connecticut

PostPosted: Fri May 20, 2005 9:03 pm    Post subject: Reply with quote

Samba, ftp, and ssh utils are all possibilities... problem is I have created a kickstart install for RHEL4 that does quite a bit of customization, some of it during the %post section of the install itself (where Samba et al is not available). The customization relies on nfs to copy a bunch of stuff (including an rc.local that runs during the first boot and copies more files via nfs, changes hostname, changes root password, registers with RHN, applies errata, etc.)

I can, of course, change my kickstart stuff to use http & wget to pull down needed files, and maybe that's what I'll have to do. I was just hoping for an easier solution.

As for the network infrastructure, I'm a QE in our Dev. organization, so have no control over it.

Anyway, thank you for your reply! If I find an NFS solution I'll post it.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum