Date: Wed, 7 May 2014 17:57:47 +0000 From: "Marty J. Sullivan" <marty.sullivan@cornell.edu> To: "freebsd-fs@freebsd.org" <freebsd-fs@freebsd.org> Subject: nfsv4 server with ACL's for RHEL clients Message-ID: <89bb0dc035824b8f9c05da1615b030aa@BY2PR04MB096.namprd04.prod.outlook.com>
next in thread | raw e-mail | index | archive | help
I am testing FreeBSD 10.0 for use as a ZFS storage server. Currently I am t= esting Active Directory integration and serving files via AFP, SMB/CIFS, an= d NFSv4. My current production environment contains mostly Linux (CentOS/RH= EL) and OSX machines all bound to the same Active Directory domain. So far, I have gotten the Active Directory authentication set up via Samba4= .1+Winbind and it is working nicely as are the related CIFS shares. I also = have AFP set up via afpd and it is also working great. ACL's a treated the = same way as they are on other systems in my production environment. Where I am having trouble is getting NFSv4 to work with ACL's. First off, I= am very used to NFS on Linux and so the /etc/exports syntax is almost cert= ainly what is causing my troubles. On RHEL, here is what my /etc/exports mi= ght look like: /data mycomputer.mydomain.com(rw,no_root_squash) And I start mountd with the option "--manage-gids" so that gid's are not ma= naged by the client (since they would then be limited to 16 groups). This w= orks great and ACL's work fine across all of my Linux systems. On FreeBSD, this is what I have for my /etc/exports at the current time: V4: / mycomputer.mydomain.com /data -maproot=3Droot -network xxx.xxx.xxx.xxx -mask xxx.xxx.xxx.xxx Now, I've read many posts about this syntax and I can't seem to find a stra= ight answer as to whether the "/data" entry below the "V4:" entry applies t= o NFSv4 or NFSv3. Either way, it doesn't really work. I've tried tinkering = with these exports in many permutations and I just can't get it to work. Mo= st of the time the machine will be denied access (due to bad exports file).= Other times, it will mount but will just say "Input/Output error" when I t= ry to read from the share. And finally, sometimes I can mount the share on = an RHEL system, but when I use nfs4_getfacl, it says that the operation is = not supported by the server. My other concern is, even if I get the ACL's to work, mountd on the FreeBSD= server doesn't have a similar option to --manage-gids so the NFS group lim= itation will apply to the RHEL clients. I've read about gssd and kerberizin= g, but I don't feel like that's possible on the RHEL clients. So how do I s= olve this problem?? Any help with this is appreciated.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?89bb0dc035824b8f9c05da1615b030aa>