On Mon, 16 Nov 2009, Gerrit Kühn wrote: > On Fri, 13 Nov 2009 11:10:21 -0500 (EST) Rick Macklem > <rmacklem_at_uoguelph.ca> wrote about Re: nfsv4 FreeBSD server vs. Linux > client I/O error: > > Hello Rick, > > RM> The line "V4: /" in /etc/exports does not export the "/" file system, > RM> it simply sets where the root is for the client mount. Suppose you > RM> have a root file system and then a separate file system mounted at > RM> /export that you have exported, using a /etc/exports that looks like: > RM> > RM> /export -alldirs ha-cluster > RM> V4: / ha-cluster > RM> > RM> Now, this means that ha-cluster can mount and use /export and that the > RM> NFSv4 root starts at "/", so it "sees" this as /export at the client. > > Ah, now I finally understand this. Thank you very much! > I did not get it from the manpages that I actually need two lines in > exports to get this going. > OTOH it seems to be a quite nice idea, because then I can probably keep > zfs features for setting nfs exports, because they look just the same and > I have to add only one V4-line. > > RM> The other way to set things up would be to set the NFSv4 root > RM> at /export. For this case, the /etc/exports file might be: > RM> > RM> /export -alldirs ha-cluster > RM> V4: /export ha-cluster > RM> > RM> Then, if on ha-cluster you did: > RM> # mount -t nfs4 nfs:/ /mnt > RM> - it would work, with /export mounted at /mnt > > This is what I am doing here, and it works fine now after adding the > missing exports lines. I can access and list the dirs. > > However, I have one more problem to solve now: All uids/gids appear to be > mapped to nobody although both client and server should use sec=sys by > default: > > pt-ws1 ~ # ls -l /mnt/ > total 11 > drwxr-xr-x 4 nobody nobody 4 Nov 12 11:46 home > drwxr-xr-x 35 nobody nobody 44 Nov 11 23:01 opt > drwxr-xr-x 2 nobody nobody 2 Nov 11 15:26 system > -rw-r--r-- 1 nobody nobody 0 Oct 27 14:13 test > > > Do you know why this happens and what I can do to get uid/gid working like > with nfs3? > Yep, in NFSv4 the user/groups go on the wire as names (although for AUTH_SYS, there are still the numbers in the rpc's authentication header). They look like <name>_at_<dns.domain>, where <dns.domain> is a "user domain", which I think is still underdefined by ietf. (There was a plan to add a new resource record type to DNS, but I don't think it has happened yet.) This implies that it can be almost anything, but has to be the same on the client and server. On FreeBSD, it will be the domain part of the server's name by default (for nfsv4-server.cis.uoguelph.ca --> cis.uoguelph.ca) and this can be overridden by setting the "-domain XXX" option for nfsuserd. For linux, it is usually set in /etc/idmapd.conf and is usually set to local.domain the way most distros ship these days. To make it work, either change the Linux client to your dns domain or set nfsuserd_flags="-domain local.domain" in FreeBSD's /etc/rc.conf. > > cu > Gerrit > > P.S.: And one more question comes to my mind: How do I prevent a dir from > being mountable with nfs3? With the extra exports line it will also be > available as nfs3, won't it? > Yep, there is currently no way to say that an exported fs is for nfsv4 only. There are sysctl's that can restrict what versions of nfs the experimental server handles, but they apply to all mounts. If a lot of people need this feature, I can look at adding it, but my nfs todo list is getting pretty long and one of them is to look at a possible mountd replacement. (This might be a part of that?) Have fun with it, rick ps: I hope you didn't mind me adding freebsd-current_at_ as a cc, since I figured others will need the info someday.Received on Mon Nov 16 2009 - 14:42:28 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:58 UTC