FreeBSD[edit | edit source]
To set a FreeBSD machine up as a NFS server, add the following lines to
mountd_enable="YES" nfs_server_enable="YES" rpcbind_enable="YES" rpc_lockd_enable="YES" rpc_statd_enable="YES" mountd_flags="-r"
/storage is a single mount, you will need to define the same directories exactly the same for all the different permissions you want to define in
/etc/exports. For example:
/storage/downloads /storage/backups/esxi -ro -network 10.1.1.0 -mask 255.255.255.0 /storage/downloads /storage/backups/esxi -maproot=root -network 10.1.1.2 -mask 255.255.255.255
It would be invalid if the second line had only
/storage/downloads as it will cause the first entry to be ignored by the parser.
To apply your changes, restart
# service mountd restart
showmount should show both exports:
# showmount -e Exports list on localhost: /storage/downloads 10.1.1.0 10.1.1.2 /storage/backups/esxi 10.1.1.0 10.1.1.2
Linux[edit | edit source]
Firewall[edit | edit source]
To use NFS, ensure the firewall is configured so that NFS, mountd, and RPC Bind can communicate.
# firewall-cmd --permanent --add-service=nfs # firewall-cmd --permanent --add-service=mountd # firewall-cmd --permanent --add-service=rpc-bind # firewall-cmd --reload
NFSv4 ID Mapping[edit | edit source]
NFSv4 introduces a ID mapping feature that solves the problem of having users with different UID/GIDs on different systems. On NFS v2/v3 systems using the AUTH_SYS/AUTH_UNIX(sec=sys) security mechanism, security was implemented based on UID/GID between the server and the client. With NFS v4, the RPC ID Mapper is able to use user principal names rather than the numeric identifiers.
To use ID Mapping with NFS v4, you must either:
- Use sec=krb which involves using Kerberos both server and client, or
- Enforce ID Mapping with AUTH_SYS/AUTH_UNIX by setting a NFS parameter on both server and client.
The simple approach is the second option and can be done easily with the steps below.
- On the Server:
# echo "N" > /sys/module/nfsd/parameters/nfs4_disable_idmapping
- On the Client:
# echo "N" > /sys/module/nfs/parameters/nfs4_disable_idmapping
- Ensure the ID Mapper is running on the server. You may also want to set the Domain in the
- Configure the client ID Mapper. Set the
staticif that's what you're using. Additional static translations can be added in the
[Static] lleung@REMOTESITE.COM = leo
- Mount the NFS export on the client using NFSv4.
By changing the
nfs4_disable_idmapping value on the NFS server, any other clients are mounting from this server using NFSv4 that was relying on UID/GIDs will be affected. You can either make these clients use NFSv4 or ensure that all clients are using idmapd.
Troubleshooting[edit | edit source]
writing fd to kernel failed: errno 111[edit | edit source]
If you get kernel errors similar to:
rpc.nfsd: writing fd to kernel failed: errno 111 (Connection refused)
You need to start the
# /etc/init.d/rpcbind start
fcntl() failed - No locks available[edit | edit source]
While attempting to get Dovecot with LDAP authentication working, I've ran into the following error:
dovecot: Feb 22 22:43:02 Error: IMAP(leo): fcntl() failed with file /home/leo/Maildir/dovecot.index.log: No locks available dovecot: Feb 22 22:43:02 Error: IMAP(leo): mail_index_wait_lock_fd() failed with file /home/leo/Maildir/dovecot.index.log: No locks available
The /home directory is a automounted NFS share from a remote server.
To resolve this issue, ensure that
nfslock is running on both the server and client machine.
# service nfslock start ## or # systemctl start nfs-lock