I had just set up a content source and ran a full crawl of one of my sites. However, this is what I got in the crawl log:
Access is denied. Verify that either the Default Content Access Account has access to this repository, or add a crawl rule to crawl this repository. If the repository being crawled is a SharePoint repository, verify that the account you are using has "Full Read" permissions on the SharePoint Web Application being crawled
I doublechecked that my Default Content Access Account indeed has rights to the entire site by logging in from the server as that account and browsing around. I also had DisableLoopbackCheck set (don't worry, this is not a production machine).
So, I looked at the IIS logs to see what is going on. However, there were no access attempts recorded. Given that the machine is accessible I concluded that this was an authentication issue.
Then I came across this Crawl Rule configuration. If you go into Crawl Rules under your search service application's management screen you can set Crawl Configuration to "Include all items in this path". Then, the Specify Authentication section will become available. Pick "Specify a different content access account" and you can specify different login credentials, but can also uncheck "Do not allow Basic Authentication" (which was my problem).
(Oh, and if you go back to reading the error message, it does suggest creating a crawl rule).