freebsd with NFSv4

[yhq_34]

Hi guys;

I am trying to setup NFS share to another freebsd client. but I don't know why it always show

kernel: mount_nfs: nmount: /data: Permission denied

if I use

mount freebsd1:/data /data

and it will show

freebsd1:/data on /data (nfs)

But I want nfsv4acls feature on. What't the problem?
server conf;
rc.conf

nfs_server_enable="YES"
nfsv4_server_enable="YES"
nfsuserd_enable="YES"

client conf;
rc.conf

zfs_enable="YES"
nfs_client_enable="YES"
nfs_client_flags="-n 4"
rpc_lockd_enable="YES"
rpc_statd_enable="YES"

fstab

freebsd16:/data3   /data3  nfs rw,bg,late,failok,nfsv4  0 0

 

[mark_j]

What's your /etc/exports file look like?

Unfortunately, this is one area where the handbook is lacking information.

 

[yhq_34]

/etc/exports

V4: / -sec=sys:krb5:krb5i:krb5p
/data    -alldirs -maproot=root -network=192.168.0.0/24

 

[mark_j]

And the ownership/permissions of /data is correct?
set sysctl vfs.nfsd.debuglevel on the server to something other than 0, restart nfsd and look in the logs. Does it give any other information?
Have you updated your /etc/krb5.keytab?

Edit: Look at this: https://wiki.freebsd.org/KerberizedNFS

 

[yhq_34]

The permission should change to root:wheel? Currently a user was it's owner.
I just want to setup ACLs, whatever v4 or v3.
When I use "setfacl -R -a 0 g:"Domain\Unix Admins":full_set:fd:allow /data" to change the nfs share it will show. Does this related to NFSv4?

acl_get_link_np() failed: Operation not supported

 

[yhq_34]

After I add "nfsuserd_enable="YES"" to the rc.conf. and It's mounted. but in the client why the permission was nobody?

total 33
drwxr-xr-x   3 nobody  nogroup   3 Jul 29 14:30 nfsshare/

 

[mark_j]

Are you using kerberos for authentication? If so then what have you done.
Your options for NFSv4 are to use sys security as the first instance. It will use that if it's available, which it is.

Your acl issue looks like the acl was not set when NFS wants to get it. Are you using a custom kernel without UFS_ACL? Are you using UFS or ZFS?

What does getfacl of the directory show?

I do recall NFS ACLs don't work/didn't work on FreeBSD's UFS. Perhaps someone else can clarify?

 

[yhq_34]

The client was using UFS, server was ZFS, after add

nfsuserd_flags=" -manage-gids"

to the rc.conf. now the permission seems OK.