NFSv4 Connection Issues

[reasonsandreasons]

Picking up from my last post, I'm working on setting up NFSv4 sharing between my server and a Linux box to share some media files. I'm having a bear of a time getting this to work, though, even following this guide. I'm able to mount the pseudo-root on the guest with doas mount -t nfs4 -o sec=sys,ro 10.10.1.5:/ /ds9 but am unable to mount the actual share with doas mount -t nfs4 -o sec=sys,ro 10.10.1.5:/main/media /ds9. Any help anyone can provide would be greatly appreciated. NFSv3 would be a potential fallback here but I'd really like to keep the firewall setup easer and every client involved should be able to handle it fine. More details below.

# FreeBSD Host
## /etc/rc.conf
nfs_server_enable="YES"
nfsv4_server_enable="YES"
nfsv4_server_only="YES"
nfs_server_flags="-t"
nfsuserd_enable="YES"
nfsuserd_flags="-domain ar558.net"

# /etc/sysctl.conf
vfs.nfs.enable_uidtostring=1
vfs.nfsd.enable_stringtouid=1

## /etc/exports
V4: /

## /etc/zfs/exports
/main/media    -network 10.10.1.0/24 -mapall=media -ro -alldirs
/main/media/Dropbox    -network 10.10.1.0/24 -mapall=media -ro -alldirs

## ls -la /media
total 145
drwxrwx--x   7 main         main             9 Apr 12 22:20 ./
drwxr-xr-x  22 root         wheel           25 Apr 23 00:21 ../
drwxrwx--x  17 media        media           21 Apr 21 22:34 media/

## /etc/passwd
media:*:10001:10001:Media dataset owner:/nonexistent:/usr/sbin/nologin

## /etc/pf.conf
pass in on $main_if proto tcp from any to port 2049

# Linux Client
## Mount error message
promenade:~$ doas mount -t nfs4 -o sec=sys,ro 10.10.1.5:/main/media /ds9
mount.nfs4: access denied by server while mounting 10.10.1.5:/main/media
mount: mounting 10.10.1.5:/main/media on /ds9 failed: Permission denied

## /etc/passwd
media:x:10001:10001::/home/media:/nonexistent

 

[T-Daemon]

This looks good on the FreeBSD host side. I've tested the setup with a Linux Mint client (all in bhyve(8) guests) but couldn't reproduce the error.

My setup has no firewall enabled., have you tried without the firewall?

By the way, exporting /main/media/Dropbox to the same subnet and options as /main/media separately doesn't make much sense. The client can access Dropbox via /main/media share.

It would make sense if the Dropbox dataset is exported to a different subnet and/or with different options.

I'm able to mount the pseudo-root on the guest with doas mount -t nfs4 -o sec=sys,ro 10.10.1.5:/ /ds9

Are you able to list directory contents (ls(1))?

In my test setup it's possible to mount the "/" NFSv4 tree root but listing directory contents produces a input/output error. This might be related to the Linux Mint distribution (v21.2), I haven't tried with other distributions.