NFS4 on Debian

The client

With NFS4 the idmap daemon is needed - on nfs4 users and groups are identified (mapped) by their name and domain and not by their number (uid/gid) as is the case with nfs3. The idmap daemon maps the users from the server to the client and vice versa. The downside is that you need these usernames/groupnames to exist on both machines. I haven't yet seen an option to manually map a username to some other username except the mapping for unkown user. It's best to have NIS/LDAP on both machines to avoid this problem.

To activate idmapd, edit /etc/default/nfs-common and set the IDMAPD key to yes. Statd is not required but it's nice to have and doesn't cause much overhead.

To configure idmapd, edit /etc/idmapd.conf and set the domain to your domain (should match the server domain).

Mount the volume and your done... see mounting below.

The server

NFS4 requires a shared directory that is the root of all other shared directories. Conceptually, you are exporting a single filesystem tree and volumes are "mounted" onto it. So the first order of business is to export that root:

vi /etc/exports
=============
/srv/nfs4/    *(sec=sys,fsid=0,sync,crossmnt,no_subtree_check)
/srv/nfs4/somedir 192.168.1.0/24(sec=sys,sync,ro,no_subtree_check)

Note the fsid=0 options, this identifies the directory as the root of the exported tree (can also be fsid=root, remember that fsid must be unique so you can only have one root.

The exported root directory is exported as with all it's subdirectories, so you should use mount --bind or mountpoints if you want to export additional filesystems via NFS4. The whole tree is exported, so /etc/exports entries for child directories are only necessary if you want to override some export options. This also means you should be very restrictive with the export options of the root export

Mounting

The showmount command shows you the exported directories in the old NFS3 style. The actual mount command usually differs from the output of showmount because NFS4 is mounting directories relative to the NFS4 root and not the server filesystem root. E.g. if the root of the exported filesystem is /srv/nfs the showmount command will show /srv/nfs and /srv/nfs/somedir as exported, but the mount commands will be: NFS3:

mount -t nfs filer:/srv/nfs/somedir /mnt/somedir

and in NFS4 the mount command is:

mount -t nfs4 filer:/somedir /mnt/somedir

and for the root filesystem:

mount -t nfs4 filer:/ /mnt/root_nfs

Bugs

• With recent kernels (2.6.31+) there appears to be an incompatibility with clients using older kernels manifesting as unwarranted read-only mounts.

-- AvishaiIshShalom - 28 Aug 2009