When trying to mount a NFS share on my Dreambox satellite receiver, I got an error:
root@dreambox:~# mount /media/server/ mount.nfs: access denied by server while mounting 192.168.3.3:/data/dreambox/media
I was pretty sure that the client's IP was allowed on the server:
root@myserver:~# exportfs -v /data/dreambox/media dreambox(sync,[...])
Debugging the server
At first NFS debugging must be enabled, then the NFS server restarted:
root@myserver:~# rpcdebug -m nfsd -s all nfsd sock fh export svc proc fileop auth repcache xdr lockd root@myserver:~# systemctl restart nfs-mountd.service root@myserver:~# journalctl -ef kernel: NFSD: Using nfsdcld client tracking operations. kernel: NFSD: starting 90-second grace period (net f0000000) systemd[1]: Finished nfs-server.service - NFS server and services. rpc.mountd[2116307]: connect from 192.168.3.42 denied: request from unauthorized host
This did not help me at the time. I disabled NFS debugging again:
root@myserver:~# rpcdebug -m nfsd -c all root@myserver:~# systemctl restart nfs-mountd.service
Debugging the client
The mount program has a --verbose option:
root@dreambox:~# mount -vvv /media/server/ mount.nfs: timeout set for Sun Dec 7 11:35:02 2025 mount.nfs: trying text-based options 'udp,retrans=1,tcp,wsize=8192,retry=0,nolock,timeo=2,rsize=8192,soft,nofail,vers=4.2,addr=192.168.3.3,clientaddr=192.168.3.42' mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'udp,retrans=1,tcp,wsize=8192,retry=0,nolock,timeo=2,rsize=8192,soft,nofail,vers=4.1,addr=192.168.3.3,clientaddr=192.168.3.42' mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'udp,retrans=1,tcp,wsize=8192,retry=0,nolock,timeo=2,rsize=8192,soft,nofail,vers=4.0,addr=192.168.3.3,clientaddr=192.168.3.42' mount.nfs: mount(2): Invalid argument mount.nfs: trying text-based options 'udp,retrans=1,tcp,wsize=8192,retry=0,nolock,timeo=2,rsize=8192,soft,nofail,addr=192.168.3.3' mount.nfs: prog 100003, trying vers=3, prot=6 mount.nfs: trying 192.168.3.3 prog 100003 vers 3 prot TCP port 2049 mount.nfs: prog 100005, trying vers=3, prot=6 mount.nfs: trying 192.168.3.3 prog 100005 vers 3 prot TCP port 33963 mount.nfs: portmap query failed: RPC: Authentication error mount.nfs: access denied by server while mounting 192.168.3.3:/data/dreambox/media
The client tries to use NFS v4.2 first, gets an error and falls back to lower NFS versions until it reaches NFS v3. NFSv3 then gets an "access denied".
I then tried listing the available mounts:
root@dreambox:~# showmount -e myserver rpc mount export: RPC: Authentication error; why = Failed (unspecified error)
This was when I remembered that I disabled the public listing of NFS shares! mountd is not available on the server, and is not needed for NFS v4.
Why no NFSv4?
Now I only had to find out which of the options were not compatible with NFS v4. When hard-coding the NFS version to 4 in /etc/fstab I got a slightly more detailled - but still unhelpful - error message:
root@dreambox:~# mount -vvv /media/server/ mount.nfs: timeout set for Sun Dec 7 11:56:21 2025 mount.nfs: trying text-based options 'udp,retrans=1,tcp,wsize=8192,retry=0,nolock,timeo=2,rsize=8192,soft,nofail,vers=4,addr=192.168.3.3,clientaddr=192.168.3.42' mount.nfs: mount(2): Invalid argument mount.nfs: an incorrect mount option was specified
Now I converted the fstab entry into a mount arguments and removed them one by one:
root@dreambox:~# mount -vvv -o nfsvers=4,x-systemd.automount,retrans=1,noauto,wsize=8192,x-systemd.idle-timeout=60,retry=0,nolock,rw,x-systemd.device-timeout=15,timeo=2,x-systemd.mount-timeout=15,rsize=8192,soft,nofail 192.168.3.3:/data/dreambox/media /media/server
nofail, the last option, was the one that was not usable for NFS v4. It had been added by the enigma2 network browser.