NFSv4 lessons_

March 19, 2012 @20:27
This post has been restored from an archived copy. Links may have changed or be broken.

I recently have been re-architecting my network at home and one of the big transitions has been back to NFS home directories across my Linux systems. I previously used NFSv3 shares to provide this functionality years ago but now that modern Linux systems (I am running mostly Debian 6.0 (squeeze)) support the more secure, performant and robust NFS version 4 I standardized on that. Thanks to my use of nss_ldap for user authentication it has been pretty straightforward but there have been a couple of interesting gotchas.

I have a NetApp FAS2020 which I am currently using to re-arrange my VM server's RAID array and have been syncing data to it using rsync(8) to a NFSv4 share on the filer. One of the interesting things is that NFSv4 no longer uses numeric UIDs/GIDs and instead transmits the textual strings and relies on the host's getpwnam() functions to translate it into a numeric value for the underlying file system. Thankfully Data ONTAP has the ability to use LDAP in a similar fashion to modern Linux hosts[1].

I am running Data ONTAP 7.3.6 and my LDAP configuration looks like this:

toaster*> options ldap
ldap.ADdomain
ldap.base                    dc=ub3rgeek,dc=net
ldap.base.group              ou=groups,dc=ub3rgeek,dc=net
ldap.base.netgroup
ldap.base.passwd             ou=users,dc=ub3rgeek,dc=net
ldap.enable                  on
ldap.minimum_bind_level      anonymous
ldap.name                    xxxxxx
ldap.nssmap.attribute.gecos  gecos
ldap.nssmap.attribute.gidNumber gidNumber
ldap.nssmap.attribute.groupname cn
ldap.nssmap.attribute.homeDirectory homeDirectory
ldap.nssmap.attribute.loginShell loginShell
ldap.nssmap.attribute.memberNisNetgroup memberNisNetgroup
ldap.nssmap.attribute.memberUid memberUid
ldap.nssmap.attribute.netgroupname cn
ldap.nssmap.attribute.nisNetgroupTriple nisNetgroupTriple
ldap.nssmap.attribute.uid    uid
ldap.nssmap.attribute.uidNumber uidNumber
ldap.nssmap.attribute.userPassword userPassword
ldap.nssmap.objectClass.nisNetgroup nisNetgroup
ldap.nssmap.objectClass.posixAccount posixAccount
ldap.nssmap.objectClass.posixGroup posixGroup
ldap.passwd                  ******
ldap.port                    389
ldap.servers                 ldap.internal.ub3rgeek.net
ldap.servers.preferred
ldap.ssl.enable              off
ldap.timeout                 20
ldap.usermap.attribute.unixaccount unixaccount
ldap.usermap.attribute.windowsaccount windowsaccount
ldap.usermap.base ldap.usermap.enable          on

This basically mirrors my nss_ldap configuration and has allowed me to easily copy my RAID array over to the filer so I can wipe and rebuild the underlying RAID layer.

NFSv4 Reference: * RFC-3530 * NetApp TR-3085

Subscribe via RSS. Send me a comment.