From nobody Thu Jun 2 19:42:56 2022 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 60E2C1B5149F for ; Thu, 2 Jun 2022 19:43:05 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-qb1can01on2060.outbound.protection.outlook.com [40.107.66.60]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LDbyv5QL1z4RfN for ; Thu, 2 Jun 2022 19:43:03 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dv5YX2c3GctGVwodJ4LSZMnZXNmcbmwUr22omubUls0IuzvfweN+OS4VtJPIHmMVfQLuEpcM5xTbY5ltGBpYvMNGEH97RYBHesBIkYrtLruW8nPJmMgMFLZlWklLTk9XQbhIHOFfXQTJSmmJtDJFedKrsIYUgJrskt0X8U4HYkzbkxPYHzJaE1Avh6XpEOrylY+jn6cK/J17sN5udbWsXr4T0P4bHnnPHg9YG37gTk1o+MSjUEtCS9CVswXcsbOXVDHMnUH8CFbbzB3QrGFfJlZdNcIykHLsW5vhhqf21iJ2+WY1HVrpim7ahAthg0FAebD4mpjV8f5FxNBc7I15Hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zvud33b49Fs65xbSRX224HGSTO2/+WtBWbGWe6zp94Q=; b=KgW/lqLoZJHCzL2gSxRViQnzeRErlqZHoiAFgE0s6wk662zFO9HYXKHaQvb6XDq/dBYyu6mk5q2MvQq+Ovw1hHVoFeM0UFirdfpv05QjwbiS6elciqWm/aWRHWd8pXESyB8wfW6wLotDMcRfZnjhZAD59t5RisRiLVtEtoJpQ5RhCFmxxGrHC3v7HbbnwveDU5WJVTjhZP0DALbVlJAPEtgh5x6tFU/hwkO4ZvLsm6oCxiTT95xH9GVWTpdCKDB3zAJkCBoUblrQUZ43DDDOqNFRoEVpMCMzcnfaCZD34zLn2S7GAJmbdIFS3OQ9R7+g6phdey6hdYSdn0PQG9MAiA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zvud33b49Fs65xbSRX224HGSTO2/+WtBWbGWe6zp94Q=; b=ZFWjLv7BCtZT1UirjUgl3fOLu2+pkcNp4VkeukaBPHF+xeM+y3K59I7PRLvFfn33Cx4K6QXqBUdoctJ29Q7xCoWXa2IOhIavsNRBLah0DcZ6tN4VomyKE11xYCh8ShfrljMLFmSyE09h7HMSjBdwdoPFVsYtOFuX4cm6PtBMsL1Q8LC0fl8P3mnd1Gj9qTrzsTGcGreaa3dhcg42qwq6EFTWqFDb8eFzFG+9gs93aFS6bRJuFN7n0z0Ym7XS8YpxWWeAcdi/0Z12twAfFNy9lWsdnL06KQvoj2fthOz1FStoTOaW7ZHOsK9T9csuPfyLollPLp668IKP7zL8EgefRw== Received: from YQBPR0101MB9742.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c01:81::14) by YT2PR01MB5288.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:53::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5314.12; Thu, 2 Jun 2022 19:42:56 +0000 Received: from YQBPR0101MB9742.CANPRD01.PROD.OUTLOOK.COM ([fe80::b921:251e:4a0b:54fc]) by YQBPR0101MB9742.CANPRD01.PROD.OUTLOOK.COM ([fe80::b921:251e:4a0b:54fc%5]) with mapi id 15.20.5314.013; Thu, 2 Jun 2022 19:42:56 +0000 From: Rick Macklem To: Adonis Peralta , "freebsd-net@freebsd.org" Subject: Re: NFSv4 on MacOS Monterey Thread-Topic: NFSv4 on MacOS Monterey Thread-Index: AQHYdrUFMEphcQAz5kqZ5qUoTw61Oa08fW63 Date: Thu, 2 Jun 2022 19:42:56 +0000 Message-ID: References: <5B070ACE-9ECD-4FAA-A975-C77BE87CEFAA@gmail.com> In-Reply-To: <5B070ACE-9ECD-4FAA-A975-C77BE87CEFAA@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: suggested_attachment_session_id: 9f3d4b28-d57c-9c97-5718-aa7a5074710c x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 46ee03c0-9deb-4365-efc2-08da44d0176d x-ms-traffictypediagnostic: YT2PR01MB5288:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: YPRjwRMl8AGnpGAlFd2a5AiZg4ab141uxy2smell7dFlgGTAJ1SgpgZkI8cm+R5oFJkIcS0QoF4KEb+PwsV27ScmvxmwSV/QDgh1R6jMfSLILTL7otAhK3i/4JdyxiD/kgt9ZH+oxpNi6cDbifx3kaLbgGJGqBlKRyHYzhjIqhMcb7ZFAjSy6CALFWjMwCOZh9iSyscpOefmIMsLMJ4YrPBq4NsuMfSMVyE8TE1F18ykcHYB3af52vw0mnBK7Li+aqX4O955P943J09IcmqK5SHTkXQ2kAGwVGozD3mvo2fDHhBKZj2HbyYsAjvoYT3+d6j083ExjFT2gI6NMuizekC/XibsGfkyRlfb+CDZkZOhiTy+TqBREZgOPGXIAnAYsuLStmAzHP0lhPCsDj8yiA2QdYeCV1T+D5hPUE4utltfonkcdT3BVdX6QkUJ5lyPOJtnxmy8cQ64VCpOs+8XSs4lzGfmGRg87KRYe6kzaiXKsMKyO4z09n3O9Rgfq5CEO8rOUBoThlrTm1PlADlzZVJKAUF6FWCbzTnV8RUa23PKMNnthiLvgORB3GyK0T0xqhTia5fSdVh573o+7Y+WLluEdDC08W2rd7o0l8aWr4wvz16jnOueM7mcLg5ADKk4gzNmiB/Cn0gGiWXOxuWjOBkTeW6eg/GaDdLe7NE+2vTYHngXV2ZfmF8Uoav/e+31bRojbputRx2okkJPW/JW9kHMMfGVSUJkWXYvXAi27biXuPSP5OWWFt1cN4zh93NdYcbDjrgDhKj3mb78eLO59V6qR+pffVDf+OeZ3zhtaxs= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:YQBPR0101MB9742.CANPRD01.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230001)(4636009)(366004)(508600001)(186003)(55016003)(86362001)(9686003)(33656002)(66946007)(8936002)(76116006)(66556008)(66476007)(91956017)(66446008)(8676002)(64756008)(316002)(83380400001)(52536014)(5660300002)(786003)(7696005)(110136005)(122000001)(71200400001)(6506007)(38070700005)(966005)(2906002)(16799955002)(38100700002);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 2 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?9nu+iV/4q3DB2jvB8McBwdMvIa52A4VZ8c43ITaSkC2tZrpf1Q1GNwtZ2f?= =?iso-8859-1?Q?QSRboXgXmuOk9zkZJAu5f3b6mkdPQ11nanGypzOTIWJUlRptBFapl+uBpx?= =?iso-8859-1?Q?M6xhqAn7N3vPEAE63M+651/ceY9FffXpPJEpKPjcdRWkZiL9c8AVrabSig?= =?iso-8859-1?Q?1/Pnaptm4ZbANFy44E/TJnQvSkRrdDoaP3Nc38hMRH2wx/0tZnDBZdPgOh?= =?iso-8859-1?Q?1VetUN0SnJUQ4IXRkWMiMrxfC/LZD04RKzh4Znzx5uEKgPrs1cNIJeXWNj?= =?iso-8859-1?Q?2Oi6UWmKTniP5rQCOaQTDZS0NorrCtJ6I6c69JAQ27lDdztK3imf3+M4kM?= =?iso-8859-1?Q?TWys+0ZcdwqFKXMrRYbBc71KhIf1+qghJo2Px7cCopyi2wUjrmdSeapJOA?= =?iso-8859-1?Q?n8aXx2D7+tc0gH3f4mVXO60LYBP/pLweKVU/DFJi5/5u4LwrWP0FEKyCPB?= =?iso-8859-1?Q?gGyyuLfXYUbUeY3X7Nza2lUF+VTegDiE9pU6YdkJuNSWE2UMJipyrqDN3j?= =?iso-8859-1?Q?zUMagwp3Ny838/p52vt/9TWkd9ZrIoAGc4lUhsD2s68H/sqcb/7LBZ0kTv?= =?iso-8859-1?Q?nvEMHhPHVCCQCWq0HYYTMWIbLLrPh1dyKyj5kmDb2QgTmknYoSC6utfaW5?= =?iso-8859-1?Q?74m4tchXP5zAg0Cz5IldMHuvinioXagG9SC7NUoB2DKWeO9q8bQbekmhPr?= =?iso-8859-1?Q?Hh4b3Ai6S1TOjdQZAZg6VjqobAm6s4xw/l0SiWMrEqEeui/t876h1zuusF?= =?iso-8859-1?Q?NktQ1KwvTUN1Ddng+taarg18O3wFVzfelQXJU9PU/V3D+kKgKupNaSV19N?= =?iso-8859-1?Q?5h+zC7ZU+3if/VrmBlrkyBcSerFT8AsfkntUD3B9O65iB8xPTi+/OXn8bK?= =?iso-8859-1?Q?QFkyjq9Hw9m1FaGfHu36vLD2WWaUEKgzbXdL2O8V9mIgNLAgF2b9lmZPu/?= =?iso-8859-1?Q?8J4TFr0KUOJZi1BrNnwhJRB4it9sGcZLDt4g5WNfQZCu8wGMB236xX5fxA?= =?iso-8859-1?Q?n7Tzp5ClTmCTnXn+hylx8XJ+ti81kYIW3HBt2bLDNbvIPXKUKCldlCcqI8?= =?iso-8859-1?Q?kMx0lR18JFA6fj8Igg8jHIB0Lw4RW5Xuz9tN5KjNPPWkoBypHOtQRr2Mya?= =?iso-8859-1?Q?alC0wkY7D0rIv+JWXROesh7QHOl7hviVsCwxcyOaEw8DFakiRctFpbwREG?= =?iso-8859-1?Q?mdct4UjmMYQ/WCuF5VwjkQ0ZI0jQQNbHHuKEFbBfuWBSSENAueCojH1YZZ?= =?iso-8859-1?Q?KzzJClEJnmMDRGLz2mkQ7HoH+DlYOM2ENjFphUx5U6y8zofyKGBRD7kbnE?= =?iso-8859-1?Q?HSxnWkFp1d/n/0cPY4eAwBfa9u2Q2g23ZswC3EJvOCqyZCBZAYYxdezZFM?= =?iso-8859-1?Q?aVnLwYlP0GxboCnDPPUUnYReqK+vqx3S+jzBWZjSCEVOwG+mTAIYng9QjN?= =?iso-8859-1?Q?mnCoRvC8EJUTWUooK4c2U04/FhJupCEvkEoJc842a2bfvo4yrGtQeCPZtv?= =?iso-8859-1?Q?caTKyIcDUJfzouUsTJ7eE123XbFc/Xu/izXm9IUclH3W2r5kH6pyPKpT/x?= =?iso-8859-1?Q?dKNHRmRdDVLogQHAkKXimy03rSLibnWKeEAduuWWC2Yy3D/bktpfUGQSg/?= =?iso-8859-1?Q?CclBg5Rg15hO1lLOx3YBj+59gE49GyjkAwDNbpIcqQpQwRyxOjNRfQyMph?= =?iso-8859-1?Q?XNEG7b98IgLnNqWAR7bzjHFeCvmCE9bWQUHPrT8hiw+lib5yIiRy6FdpJb?= =?iso-8859-1?Q?hevzUF3WFYdS4/36W+X0Fy0i2t4W4VSArD/B1gzZKpmaum3e2wFU+5xcLx?= =?iso-8859-1?Q?u0AK0lvS/tky0J40nISr8sq5WWlxd5BrzJxs4J5keXftLFETJpavKpQ5X0?= =?iso-8859-1?Q?7e?= x-ms-exchange-antispam-messagedata-1: NqLsbs2Pd1vVGQ== Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: YQBPR0101MB9742.CANPRD01.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 46ee03c0-9deb-4365-efc2-08da44d0176d X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jun 2022 19:42:56.3001 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: PjNqgNOqtoUdjiScK59ZI8BcvaBA8vlL33RvWvbZMWkkXLvSX15EVoLrYnXB15XYtWLC5FJ/al9ahJYBp3ayVA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: YT2PR01MB5288 X-Rspamd-Queue-Id: 4LDbyv5QL1z4RfN X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=uoguelph.ca header.s=selector2 header.b=ZFWjLv7B; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=pass (policy=none) header.from=uoguelph.ca; spf=pass (mx1.freebsd.org: domain of rmacklem@uoguelph.ca designates 40.107.66.60 as permitted sender) smtp.mailfrom=rmacklem@uoguelph.ca X-Spamd-Result: default: False [-5.90 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[uoguelph.ca:s=selector2]; FREEFALL_USER(0.00)[rmacklem]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; DWL_DNSWL_LOW(-1.00)[uoguelph.ca:dkim]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[uoguelph.ca:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[40.107.66.60:from]; NEURAL_HAM_SHORT(-0.90)[-0.897]; DMARC_POLICY_ALLOW(-0.50)[uoguelph.ca,none]; MLMMJ_DEST(0.00)[freebsd-net]; FREEMAIL_TO(0.00)[gmail.com,freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:8075, ipnet:40.104.0.0/14, country:US]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.107.66.60:from] X-ThisMailContainsUnwantedMimeParts: N Adonis Peralta wrote:=0A= > I have some NFSv4 (sec=3Dsys) shares on FreeBSD 13.1 which I'm trying to = connect correctly with MacOS 12.4 > Monterey.=0A= > I got the basics down but don't think I have permissions and extended att= ributes working correctly.=0A= Well, here are a few comments. Note that I haven't used Mac OSX in over a d= ecade, so I don't remember=0A= much of anything about it.=0A= =0A= > My configuration is as follows:=0A= > =0A= > SERVER CONFIGURATION=0A= >=0A= > OS: FreeBSD 13.1=0A= >=0A= > =3D=3D=3D=0A= > /etc/rc.conf=0A= > # NFS Configuration=0A= > nfs_server_enable=3D"YES"=0A= > nfs_server_flags=3D"-u -t -n 4"=0A= 4 is very small, although that will only be a performance issue.=0A= =0A= > mountd_enable=3D"YES"=0A= Since you have specified nfsv4_server_only, mountd will be configured corre= ctly (using the -R),=0A= so this line is not needed (although I don't thing it will cause trouble).= =0A= =0A= > ### mountd_flags=3D"-R"=0A= > ### rpcbind_enable=3D"YES"=0A= > ### rpc_lockd_enable=3D"YES"=0A= >### rpc_statd_enable=3D"YES"=0A= > # Enable NFSv4=0A= > nfsv4_server_enable=3D"YES"=0A= > nfsv4_server_only=3D"YES"=0A= > nfsuserd_enable=3D"YES"=0A= > nfsuserd_flags=3D"-domain rambo.lan"=0A= > =3D=3D=3D=0A= > =0A= > =3D=3D=3D=0A= > /etc/exports=0A= > # Exports Configuration=0A= > /drivepool/backups -alldirs -mapall=3Dadonis:wheel=0A= > /drivepool/media -alldirs -mapall=3Dadonis:wheel=0A= > /drivepool/home/adonis -alldirs -mapall=3Dadonis:wheel=0A= > /drivepool/public -mapall=3Dadonis:wheel=0A= These lines mean that the uid/gids in the RPC headers will be ignored and a= ll=0A= RPCs will be done as whatever uid is assigned to "adonis" in the server's p= assword database.=0A= =0A= > V4: /drivepool adonis-mbp adonis-pc=0A= > =3D=3D=3D=0A= > =0A= > =3D=3D=3D=0A= > /etc/sysctl.conf=0A= > # Asks nfsd to convert remote uids/gid encoded as numeric strings to be m= apped to an actual uid/gid=0A= > vfs.nfsd.enable_stringtouid=3D1=0A= You probably do not want this. Since you are running nfsuserd, it will be m= apping between=0A= the client uid/gid <-> the names for the Getattr/Setattr.=0A= If the Mac OSX client does not have "adonis" in its password database, that= will be a problem.=0A= (These mappings have nothing to do with the uid/gids in the RPC header. The= latter is used=0A= to set the credentials for the RPC against the server. In your case, compl= etely ignored.=0A= The name<->uid/gid mappings are used for Setattr/Getattr. Things like "chm= od", "stat"...)=0A= =0A= > # Applies to both nfs server and client. Asks client/server to send numer= ic strings for uid/gid.=0A= > ### vfs.nfs.enable_uidtostring=3D0=0A= For a server, you either set both of the above to 1 and do not run the nfsu= serd or set both of the=0A= above to 0 and set them both to 0. I do not know if Mac OSX knows how to do= the "uid/gid" in=0A= the string for Getattr/Setattr, That is what you are doing when the above a= re set to 1 and is the=0A= default for Linux, plus works for FreeBSD so long as you are not using Kerb= erized mounts.=0A= (To know, you would need to look a Setattr RPC done by the Mac OSX client i= n wireshark for=0A= either "chgrp" or "chown" and see how the Owner/Owner_Group string is form= atted. A number=0A= or a "name@domain".)=0A= =0A= > vfs.nfsd.debuglevel=3D3=0A= > =3D=3D=3D=0A= >=0A= > The directories above are hosted on ZFS and nfs4 acls support is turned o= n.=0A= >=0A= > CLIENT CONFIGURATION=0A= >=0A= > OS: MacOS 12.4 Monterey=0A= >=0A= > =3D=3D=3D=0A= > nfs.client.mount.options=3Dvers=3D4.0,intr,namedattr=0A= Named attributes are not supported by the FreeBSD server and won't work.=0A= =0A= > nfs.client.default_nfs4domain =3D rambo.lan=0A= > =3D=3D=3D=0A= >=0A= > Note: above I'm using namedattr to try to get the client to connect with = named attributes support.=0A= As above, named attributes won't work.=0A= =0A= > RESULTS=0A= >=0A= > What I see when I connect via finder is the following:=0A= > =0A= > 1. I am able to read/write to the shares since /etc/exports contains the = -mapall line, yet inspecting a packet > trace shows me:=0A= > =0A= > =3D=3D=3D=0A= > packet #1=0A= > ---=0A= > client ip -> server ip Operations (count: 3): PUTFH, ACCESS, GETATTR=0A= > Opcode: PUTFH (22)=0A= > Opcode: ACCESS (3), [Check: RD LU MD XT DL XE]=0A= > Opcode: GETATTR (9)=0A= >=0A= > packet #2=0A= > ---=0A= > server ip -> client ip Operations (count: 3)=0A= > Opcode: PUTFH (22)=0A= > Opcode: ACCESS (3), [NOT Supported: XE], [Access Denied: MD XT DL], [Allo= wed: RD LU]=0A= > Status: NFS4_OK (0)=0A= > Supported types (of requested): 0x1f=0A= > Access rights (of requested): 0x03=0A= > .... ...1 =3D 0x001 READ: allowed=0A= > .... ..1. =3D 0x002 LOOKUP: allowed=0A= > .... .0.. =3D 0x004 MODIFY: *Access Denied*=0A= > .... 0... =3D 0x008 EXTEND: *Access Denied*=0A= > ...0 .... =3D 0x010 DELETE: *Access Denied*=0A= This is saying that the uid for "adonis" on the server does not have write = access to the file.=0A= =0A= > Opcode: GETATTR (9)=0A= > =3D=3D=3D=0A= >=0A= > Why is MD, XT, DL coming up as Access Denied if I can read/write to the s= hare?=0A= Hmm, not sure. If you were to show all the reply fields for the Getattr, th= en I could probably guess.=0A= It might be Owner (is it "adonis@rambo.lan"). it could be ACLs. To check th= ose, you should be able to=0A= do whatever the Mac OSX equivalent to getfacl is.=0A= =0A= > I have a feeling this is because UID/GID mapping is not happening correct= ly. I can see in the packet trace >that FreeBSD's `nfsd` is sending some cr= edentials as `adonis@rambo.lan`, but MacOS's nfs client is sending uid 501 = and gid 20 for my user in the RPC credentials. I don't see how `nfsd` will = be able to map uid 501, gid 20 to the server's uid and gid and instead I wa= s expecting `adonis@rambo.lan` to be sent for credentials from the client s= ide.=0A= As noted above, with "-mapall" the uid/gids in the RPC header are completel= y ignored.=0A= =0A= > The link below tells me that this is an inherent issue with NFSv4?=0A= > https://dfusion.com.au/wiki/tiki-index.php?page=3DWhy+NFSv4+UID+mapping+b= reaks+with+AUTH_UNIX=0A= >=0A= > 2. Extended attributes don't work at all. Here is the result:=0A= > =3D=3D=3D=0A= > $ cd /Volumes/media=0A= > $ touch test.txt=0A= > $ xattr -w com.example.color blue test.txt=0A= >=0A= > # Result: xattr: [Errno 1] Operation not permitted: 'test.txt' #=0A= > =3D=3D=3D=0A= Yep, as noted above, they aren't supported and will not work. FreeBSD uses = the Linux style extended=0A= attribute model, not the resource fork/subfile one that Mac OSX and Solaris= use.=0A= =0A= rick=0A= =0A= --=0A= Adonis=0A= =0A= =0A=