FreeBSD[edit | edit source]

To set a FreeBSD machine up as a NFS server, add the following lines to /etc/rc.conf

mountd_enable="YES"
nfs_server_enable="YES"
rpcbind_enable="YES"
rpc_lockd_enable="YES"
rpc_statd_enable="YES"
mountd_flags="-r"

Since /storage is a single mount, you will need to define the same directories exactly the same for all the different permissions you want to define in /etc/exports. For example:

/storage/downloads /storage/backups/esxi -ro -network 10.1.1.0 -mask 255.255.255.0
/storage/downloads /storage/backups/esxi -maproot=root -network 10.1.1.2 -mask 255.255.255.255

It would be invalid if the second line had only /storage/downloads as it will cause the first entry to be ignored by the parser.

To apply your changes, restart mountd.

# service mountd restart

showmount should show both exports:

# showmount -e
Exports list on localhost:
/storage/downloads                 10.1.1.0 10.1.1.2
/storage/backups/esxi              10.1.1.0 10.1.1.2

Linux[edit | edit source]

Firewall[edit | edit source]

To use NFS, ensure the firewall is configured so that NFS, mountd, and RPC Bind can communicate.

# firewall-cmd --permanent --add-service=nfs
# firewall-cmd --permanent --add-service=mountd
# firewall-cmd --permanent --add-service=rpc-bind
# firewall-cmd --reload

NFSv4 ID Mapping[edit | edit source]

NFSv4 introduces a ID mapping feature that solves the problem of having users with different UID/GIDs on different systems. On NFS v2/v3 systems using the AUTH_SYS/AUTH_UNIX(sec=sys) security mechanism, security was implemented based on UID/GID between the server and the client. With NFS v4, the RPC ID Mapper is able to use user principal names rather than the numeric identifiers.

To use ID Mapping with NFS v4, you must either:

  1. Use sec=krb which involves using Kerberos both server and client, or
  2. Enforce ID Mapping with AUTH_SYS/AUTH_UNIX by setting a NFS parameter on both server and client.

The simple approach is the second option and can be done easily with the steps below.

  1. On the Server:
    # echo "N" > /sys/module/nfsd/parameters/nfs4_disable_idmapping
    
  2. On the Client:
    # echo "N" > /sys/module/nfs/parameters/nfs4_disable_idmapping
    
  3. Ensure the ID Mapper is running on the server. You may also want to set the Domain in the /etc/idmapd.conf file.
  4. Configure the client ID Mapper. Set the Method to include static if that's what you're using. Additional static translations can be added in the [Static] section.
[Static]
lleung@REMOTESITE.COM = leo
  1. Mount the NFS export on the client using NFSv4.

By changing the nfs4_disable_idmapping value on the NFS server, any other clients are mounting from this server using NFSv4 that was relying on UID/GIDs will be affected. You can either make these clients use NFSv4 or ensure that all clients are using idmapd.

See Also:

Troubleshooting[edit | edit source]

writing fd to kernel failed: errno 111[edit | edit source]

If you get kernel errors similar to:

rpc.nfsd: writing fd to kernel failed: errno 111 (Connection refused)

You need to start the rpc.bind service.

# /etc/init.d/rpcbind start

fcntl() failed - No locks available[edit | edit source]

While attempting to get Dovecot with LDAP authentication working, I've ran into the following error:

dovecot: Feb 22 22:43:02 Error: IMAP(leo): fcntl() failed with file /home/leo/Maildir/dovecot.index.log: No locks available
dovecot: Feb 22 22:43:02 Error: IMAP(leo): mail_index_wait_lock_fd() failed with file /home/leo/Maildir/dovecot.index.log: No locks available

The /home directory is a automounted NFS share from a remote server.

To resolve this issue, ensure that nfslock is running on both the server and client machine.

# service nfslock start
## or 
# systemctl start nfs-lock