NFSv4 not working on 11.2

[Peur]

Hi,

I've just upgraded to 11.2. I was using NFS4 until now with 11.2 Betas. I'm not completely sure but I think since 11.2RC2, NFS4 support is not working anymore.
I could not find much in the forums, mostly just old stuff and NFS4 support is not mentioned in the documentation either.
Also I have two NAS boxes with completely different HW but same FreeNAS release and I have the same issues, so I would rule out HW issues.
Also the storage behind the shares seems to be OK, the access over WebDAV is working flawlessly.
I haven't got much experience with FreeNAS but I have found until now the following, please let me know if you need more information:
-first and probably most important thing:

Code:

root@nas2[~]# grep 'nfsv4' /etc/defaults/rc.conf
nfsv4_server_enable="NO"    # Enable support for NFSv4

Strange, because I have it enabled in the GUI:

I'm not sure what will happen if I just change rc.conf, but I suppose it will get overwritten by the next reboot.

-dmesg:

Code:

root@nas2[~]# dmesg |grep nfs
nfsd: can't register svc name

-listening sockets for nfs4 are there (2049tcp/udp, 111tcp)

Code:

root@nas2[~]# sockstat -l|egrep "rpc|nfs"
root     rpc.statd  2211  4  udp6   *:30010               *:*
root     rpc.statd  2211  5  tcp6   *:30010               *:*
root     rpc.statd  2211  6  udp4   *:30010               *:*
root     rpc.statd  2211  7  tcp4   *:30010               *:*
root     nfsd       2207  5  tcp4   *:2049                *:*
root     nfsd       2207  6  tcp6   *:2049                *:*
root     nfsuserd   2188  3  udp4   *:884                 *:*
root     nfsuserd   2187  3  udp4   *:884                 *:*
root     nfsuserd   2186  3  udp4   *:884                 *:*
root     nfsuserd   2185  3  udp4   *:884                 *:*
root     nfsuserd   2184  3  udp4   *:884                 *:*
root     rpcbind    1982  4  udp6   *:*                   *:*
root     rpcbind    1982  5  stream /var/run/rpcbind.sock
root     rpcbind    1982  6  udp6   *:111                 *:*
root     rpcbind    1982  7  udp6   *:748                 *:*
root     rpcbind    1982  8  tcp6   *:111                 *:*
root     rpcbind    1982  9  udp4   *:111                 *:*
root     rpcbind    1982  10 udp4   *:856                 *:*
root     rpcbind    1982  11 tcp4   *:111                 *:*

Thanks!

PEUR

 

[Peur]

Hello,

seems, it's just a mistake of mine or rather something in the authorization has changed regarding nfsv4. Now after creating a mapall user and a mapall group with RW permissions, it works. Yes it's completely unsafe...
That's great, because it means, that I should try to find out how authorization really works, so that's an RTFM for me.
Still the question is for me how to find more info in the logs, can I see if the failed mount did just fail because I had the wrong permissions set up?

I have tried to grep through /var/log for the nfs keyword, or just trying to look into different log files there, but I could find nothing useful.

At least I figured out this one: ΅nfsd: can't register svc name"
https://redmine.ixsystems.com/issues/11351

"In plain language it means no Kerberos tickets are configured."

PEUR

 

[xenu]

Not sure if this is the same problem, but my krb5.conf was misconfigured after updating to 11.2. I submitted a bug report and after applying the patch mentioned here it works again: https://redmine.ixsystems.com/issues/62802

 

[KrisBee]

seems, it's just a mistake of mine or rather something in the authorization has changed regarding nfsv4. Now after creating a mapall user and a mapall group with RW permissions, it works. Yes it's completely unsafe...
That's great, because it means, that I should try to find out how authorization really works, so that's an RTFM for me.

Don't confuse authentication with authorisation. A secure connection between a FreeNAS NFSv4 server and a nfs client requires kerberos. Otherwise authentication is IP based, which is insecure but possibly acceptable on a home network. So were you using kerberos?

Even with kerberos, authorisation is still based on Unix file attributes.

 

[Peur]

Hi,
thanks for your answers! No I'm not (yet) using kerberos. Yes we are talking about a home network here. My issue was only in regard of authorisation. So that is the reason why I'm completely confused about the "can't register svc name" errors. Those by the way still are appearing in the dmesg:

Starting rpcbind.
Alarm clock
Starting nfsuserd.
Starting mountd.
Starting nfsd.
nfsd: can't register svc name
Starting statd.
Starting lockd.
NLM: local NSM state is 0
Performing sanity check on openssh configuration.

Anyway, everything is working now, so not a big issue for me anymore.

Peur

 

[KrisBee]

"nfsd: can't register svc name" According to ixsystesm, It's not a bug or an error even. It's just an informative message.
In plain language it means no Kerberos tickets are configured. ( https://redmine.ixsystems.com/issues/11351)

 

[Peur]

Thanks, KrisBee!
Peur