Hi,
After a lot of sweat and tears (luckily, no blood was shed) I managed to get kerberized NFSv4 working on my FreeNAS. For the record, this worked despite having the "127.0.0.1 " lines in "/etc/hosts" mentioned in bug #7775. My main troubles were an LDAP misconfiguration (my bad) and the fact that I could not mount a subdirectory of my dataset, so, I could mount:
Anyway, I really wanted to mount the subdirectory "/mnt/storage/family" directly, without first having to mount "/mnt/storage". Also, from a security perspective, I don't like the idea of people being able to mount any directory on the server, even if they have no permissions there.
Trying to mount "/mnt/storage/family", despite playing with settings, kept failing with a "Permission error", which can mean many things, so I've learned. I assume it has to do with this issue (tl;dr: "NFS exports cannot cross filesystem boundries.") There's no way to change the NFSv4 root in the Web UI, and even directly trying to change it in /etc/exports didn't help, so I gave up on NFSv4 and just wanted to use kerberized NFSv3...
... which is impossible with the Web UI, unless you enable NFSv4! And if you enable NFSv4, clients will try that first and fail (due to aforementioned issue), even if NFSv3 does work. This is not a big problem, it's possible to use the option "-o vers=3" on the clients.
The point being, I would like to ask to make "just" kerberized NFSv3 possible through the Web UI, unless someone knows a way to fix the issue I have with NFSv4; in that case I would be very grateful.
After a lot of sweat and tears (luckily, no blood was shed) I managed to get kerberized NFSv4 working on my FreeNAS. For the record, this worked despite having the "127.0.0.1 " lines in "/etc/hosts" mentioned in bug #7775. My main troubles were an LDAP misconfiguration (my bad) and the fact that I could not mount a subdirectory of my dataset, so, I could mount:
- /
- /mnt/
- /mnt/storage/ (a ZFS dataset)
- /etc/
- ... any other directory besides subdirectories of /mnt/storage/
Anyway, I really wanted to mount the subdirectory "/mnt/storage/family" directly, without first having to mount "/mnt/storage". Also, from a security perspective, I don't like the idea of people being able to mount any directory on the server, even if they have no permissions there.
Trying to mount "/mnt/storage/family", despite playing with settings, kept failing with a "Permission error", which can mean many things, so I've learned. I assume it has to do with this issue (tl;dr: "NFS exports cannot cross filesystem boundries.") There's no way to change the NFSv4 root in the Web UI, and even directly trying to change it in /etc/exports didn't help, so I gave up on NFSv4 and just wanted to use kerberized NFSv3...
... which is impossible with the Web UI, unless you enable NFSv4! And if you enable NFSv4, clients will try that first and fail (due to aforementioned issue), even if NFSv3 does work. This is not a big problem, it's possible to use the option "-o vers=3" on the clients.
The point being, I would like to ask to make "just" kerberized NFSv3 possible through the Web UI, unless someone knows a way to fix the issue I have with NFSv4; in that case I would be very grateful.
