Exporting filesystems to remote host using NFSv4.
- Requirement: ZFS, LDAP integration
User mapping
This section should be apply on server side as well as on the client side.
With NFSv4 user are identified as user@domain
and not anymore with
there numerical identifier, an external process (nfsuserd
on FreeBSD
or nfsidmap
on Linux) will perform this mapping:
1 2 |
|
If nfsuserd
is not able to map the user to the uid:gid
using the resolution mechanisms defined in
/etc/nsswitch.conf
, then the numerical value supposed to map
to nobody
:nogroup
will be used, but be
careful as not everyone agree on this numerical value (32767, 65534, …)
Server
The server is started at boot-time with (it is also necessary to have a user mapping running):
1 2 |
|
The root of the NFS tree must be specified with the V4:
prefix
in the exports
file (this entry doesn’t export file systems):
1 |
|
File systems are next exported using entries in exports
as it is done
with previous version of NFS.
If a ZFS file system is to be exported by NFS, this can be done automatically
by using the sharenfs
property, for example:
1 2 |
|
Delegation
Allows the server to issue Open Delegations to clients.
1 2 3 |
|
This can only be enabled when the file systems being exported to NFSv4 clients are not being accessed locally on the server and, if being accessed via NFS Version 2 or 3 clients, these clients cannot be using the Network Lock Manager.
Client
Once a user mapping has been applied, you only
need to call the mount
command to attach the remote
file system:
1 |
|
If nfsuserd
is not able to map the user to the uid:gid
using the resolution mechanisms defined in
/etc/nsswitch.conf
, then the numerical value supposed to map
to nobody
:nogroup
will be used, but be
careful as not everyone agree on this numerical value (32767, 65534, …)
Delegation
1 |
|
If accessing NFSv4 behind a NAT, the gateway must allow the port forwarding to the NFS server, and the gateway IP address and port must be specified as the callback address:
1 2 |
|
For NFSv4.1 the above is note necessary as it use the the same TCP connection as the mount for the callback.