NFSv4 questions and possible bugs
I set up NFSv4, did some performance tests, setup looks like this: Server rc.conf: nfs_server_enable=YES nfsv4_server_enable=YES nfsuserd_enable=YES exports: /share -mapall=nobody 10.10.14.2 10.10.14.3 V4: / -sec=sys Client(s) fstab mount: srv:/share /mnt nfs nfsv4,rsize=32768,wsize=32768,rw 0 0 Server is in a different vlan than the clients, there's a Juniper SRX between them. As far as I understand this means a NFSv4 only setup. 1. I had to use rsize and wsize mount options, without them performance is horrible, 1 MBps from the same vlan, when in different vlans it would start fast than drop to a standstill, compared to around 100MBps with sizes. Not sure why. 32K is the best I found, 16K and 64K were slightly worse, but I assume this is due to our network setup. 2. Only port 2049 is open in the firewall, as it should be enough for NFSv4, but umount tries to send 3 UDP packets to port 111. This causes it to hang for some time while waiting for the packets to time out and exit with an error. The unmount is executed correctly, but the exit status could cause problems in scripts, see 4. 3. bonnie++ exits uncleanly, http://lists.freebsd.org/pipermail/freebsd-current/2010-September/019820.html I guess this is a known bug, but I just wanted to point out that it's still there in up to date 9.1-RELEASE. Since it's been around for a long time, I suppose it's not likely to cause problems in production, is it? 4. After bonnie++'s failure I tried iozone, but iozone wants to unmount before each test and hits #2. Performance is excellent as far as I can see, after setting raise and wsize, transfers hit the network cap, so I guess my main question is if #2 is likely to cause issues down the road. It will have mostly perl scripts reading and moving files around and syslog, rm -rf seemed to do the job without problems. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NFSv4 mounts succeed on 8.2, but fail on 8.3
hi, i'm trying to mount some NFSv4 shares served by a Solaris 10 server on our FreeBSD boxes. On FreeBSD 8.2, the mounts succeeded after explicitly specifying the resvport mount option (the Solaris NFSd refuses requests from unprivileged ports). On 8.3, mount requests are denied no matter what option i specify. The server always complains about the client issuing requests from an unprivileged port. is mount_nfs no longer honoring the resvport option in 8.3? anything else i might be missing? tia, tom. -- Thomas Duke Hager d...@sigsegv.at GPG: 2048R/791C5EB1http://www.sigsegv.at/gpg/duke.gpg = Never Underestimate the Power of Stupid People in Large Groups. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: NFSv4 ACL permissions setting
Wiadomość napisana przez Doug Sampson w dniu 31 sie 2012, o godz. 01:42: [..] group:DSP-production:rwxpDdaARWcCos:fd:allow - group:DSP-production:rwxpDdaARWcCos:fd:allow - This itself looks like a bug in setfacl(1). I'll look into it. However... [..] #!/bin/sh # run this script where you wish to effect the changes # reset perms to default find . -type d -print0 | xargs -0 setfacl -b * Why the asterisk? Also, using -m with NFSv4 ACLs is not a very good idea - it's supposed to work, but with NFSv4 ACLs the ordering does matter, and -m simply modifies the ACL entry in place, while the effect of the entry might depend e.g. on deny entries before it. Use -a instead. Forgive me- I am not particularly strong when it comes to shell scripting. I will modify so that the -a parameter is used instead of -m when setting new entries. What would you use in place of the asterisk when you want to apply the setfacl -b command to either all files or all directories? The period? ~Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4 ACL permissions setting
Wiadomość napisana przez Doug Sampson w dniu 6 wrz 2012, o godz. 01:13: Wiadomość napisana przez Doug Sampson w dniu 31 sie 2012, o godz. 01:42: [..] group:DSP-production:rwxpDdaARWcCos:fd:allow - group:DSP-production:rwxpDdaARWcCos:fd:allow - This itself looks like a bug in setfacl(1). I'll look into it. However... [..] #!/bin/sh # run this script where you wish to effect the changes # reset perms to default find . -type d -print0 | xargs -0 setfacl -b * Why the asterisk? Also, using -m with NFSv4 ACLs is not a very good idea - it's supposed to work, but with NFSv4 ACLs the ordering does matter, and -m simply modifies the ACL entry in place, while the effect of the entry might depend e.g. on deny entries before it. Use -a instead. Forgive me- I am not particularly strong when it comes to shell scripting. I will modify so that the -a parameter is used instead of -m when setting new entries. Ok. It's simply a matter of replacing '-m' with '-a0'. Btw, the bug in setfacl(1) command has been fixed in HEAD and will be merged into STABLE in a month from now. What would you use in place of the asterisk when you want to apply the setfacl -b command to either all files or all directories? The period? Directories: find . -type d -print0 | xargs -0 setfacl -b Files: find . -type f -print0 | xargs -0 setfacl -b The whole point of xargs here is to take the list of files it gets from find and turn it into a series of arguments for setfacl. So, in the example above, the actual invocation of setfacl would read setfacl -b first-file second-file etc. With the asterisk, it would be setfacl -b * first-file second-file; this means setfacl would modify not only the files passed by find, but also all the files in the current directory. -- If you cut off my head, what would I say? Me and my head, or me and my body? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4 ACL permissions setting
On Thu, 6 Sep 2012 01:20:38 +0200, Edward Tomasz Napierała wrote:
Wiadomość napisana przez Doug Sampson w dniu 6 wrz 2012, o godz. 01:13:
Wiadomość napisana przez Doug Sampson w dniu 31 sie 2012, o godz. 01:42:
[..]
group:DSP-production:rwxpDdaARWcCos:fd:allow
-
group:DSP-production:rwxpDdaARWcCos:fd:allow
-
This itself looks like a bug in setfacl(1). I'll look into it.
However...
[..]
#!/bin/sh
# run this script where you wish to effect the changes
# reset perms to default
find . -type d -print0 | xargs -0 setfacl -b *
Why the asterisk? Also, using -m with NFSv4 ACLs is not a very good
idea - it's supposed to work, but with NFSv4 ACLs the ordering does
matter,
and -m simply modifies the ACL entry in place, while the effect of the
entry might depend e.g. on deny entries before it. Use -a instead.
Forgive me- I am not particularly strong when it comes to shell scripting.
I will modify so that the -a parameter is used instead of -m when setting
new entries.
Ok. It's simply a matter of replacing '-m' with '-a0'.
Btw, the bug in setfacl(1) command has been fixed in HEAD and will
be merged into STABLE in a month from now.
What would you use in place of the asterisk when you want to apply the
setfacl -b command to either all files or all directories? The period?
Directories:
find . -type d -print0 | xargs -0 setfacl -b
Files:
find . -type f -print0 | xargs -0 setfacl -b
The whole point of xargs here is to take the list of files it gets from find
and turn it into a series of arguments for setfacl. So, in the example above,
the actual invocation of setfacl would read setfacl -b first-file
second-file
etc. With the asterisk, it would be setfacl -b * first-file second-file;
this means setfacl would modify not only the files passed by find, but also
all the files in the current directory.
Note that the parameter lists constructed by xargs and passed
to setfacl might grow quite long and possibly exceed the
respective buffer. In that case, you could modify the command
to process one result at a time:
# find . -type f -exec /bin/setfacl -b {} \;
for all files, and
# find . -type d -exec /bin/setfacl -b {} \;
for all directories. Not tested. :-)
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: NFSv4 ACL permissions setting
#!/bin/sh # run this script where you wish to effect the changes # reset perms to default find . -type d -print0 | xargs -0 setfacl -b * Why the asterisk? Also, using -m with NFSv4 ACLs is not a very good idea - it's supposed to work, but with NFSv4 ACLs the ordering does matter, and -m simply modifies the ACL entry in place, while the effect of the entry might depend e.g. on deny entries before it. Use -a instead. Forgive me- I am not particularly strong when it comes to shell scripting. I will modify so that the -a parameter is used instead of -m when setting new entries. Ok. It's simply a matter of replacing '-m' with '-a0'. I did not realize that one could add a numeral to the -a parameter to indicate the desired order. I just did a 'man setfacl' and indeed it is described as such. Good to know! Is there a preferred way of ordering? I.e. owner@ at line 0 followed by group@ at line 1 followed by everyone@ at line 2 then followed by the two groups described in my original mail (e.g. dsp-production dsp-marketing)? Or is that totally dependent on how I want to structure the permissions so that the desired effect is achieved? For example like this: dougs@dorado:/data# getfacl ADS-New/ # file: ADS-New/ # owner: root # group: DSP-production group:DSP-production:rwxpDdaARWcCos:fd:allow group:DSP-marketing:rwxpDdaARWcCos:fd:allow owner@:rwxpDdaARWcCos:fd:allow group@:rwxpDdaARWcCos:fd:allow everyone@:--a-R-c--s:--:allow dougs@dorado:/data# where anyone who is a member of the dsp-production group will ALWAYS have full_set permissions simply because that is indicated at line 0 and thus meets the test of line 0? Processing stops at line 0 as long as the user is a member of that group, right? Does a user who does not belong to any of the groups indicated above and isn't an owner have the ability to modify the directory? I assume that would be the everyone@ group... Btw, the bug in setfacl(1) command has been fixed in HEAD and will be merged into STABLE in a month from now. What exactly was the bug? Did I uncover it inadvertently? What would you use in place of the asterisk when you want to apply the setfacl -b command to either all files or all directories? The period? Directories: find . -type d -print0 | xargs -0 setfacl -b Files: find . -type f -print0 | xargs -0 setfacl -b The whole point of xargs here is to take the list of files it gets from find and turn it into a series of arguments for setfacl. So, in the example above, the actual invocation of setfacl would read setfacl -b first-file second- file etc. With the asterisk, it would be setfacl -b * first-file second- file; this means setfacl would modify not only the files passed by find, but also all the files in the current directory. Ah, interesting. I'm going to test the changes to the scripts. Thanks for the feedback. ~Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4 ACL permissions setting
Wiadomość napisana przez Doug Sampson w dniu 31 sie 2012, o godz. 01:42: [..] group:DSP-production:rwxpDdaARWcCos:fd:allow - group:DSP-production:rwxpDdaARWcCos:fd:allow - This itself looks like a bug in setfacl(1). I'll look into it. However... [..] #!/bin/sh # run this script where you wish to effect the changes # reset perms to default find . -type d -print0 | xargs -0 setfacl -b * Why the asterisk? Also, using -m with NFSv4 ACLs is not a very good idea - it's supposed to work, but with NFSv4 ACLs the ordering does matter, and -m simply modifies the ACL entry in place, while the effect of the entry might depend e.g. on deny entries before it. Use -a instead. -- If you cut off my head, what would I say? Me and my head, or me and my body? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NFSv4 ACL permissions setting
Hello all- I've set up ZFS on a FreeBSD 9.0 64-bit server recently. One of the things I've had to learn relates to NFSv4 ACLs. I've developed two scripts to reset permissions- one for files and the other for folders. I've run into an issue with executing a script to set permissions on a bunch of folders. The root filesystem is /data. There are a bunch of subfolders followed by more subfolders. Allow me to demonstrate as follows: dougs@dorado:/# getfacl ./data # file: ./data # owner: root # group: DSP-production group:DSP-production:rwxpDdaARWcCos:fd:allow group:DSP-marketing:rwxpDdaARWcCos:fd:allow owner@:rwxpDdaARWcCos:fd:allow group@:rwxpDdaARWcCos:fd:allow everyone@:r-x---a-R-c--s:--:allow dougs@dorado:/# cd data dougs@dorado:/data# ll total 45 drwxrwx---+ 5 root DSP-production 5 Aug 28 10:27 ADS-New drwxrwx---+ 60 root DSP-production 118 Aug 27 14:17 ADS-OLD [ .. snip .. ] drwxrwx---+ 12 root DSP-production12 Aug 27 14:16 WorkinProgress dougs@dorado:/data# getfacl ./ADS-New/ # file: ./ADS-New/ # owner: root # group: DSP-production group:DSP-production:rwxpDdaARWcCos:fd:allow group:DSP-marketing:rwxpDdaARWcCos:fd:allow owner@:rwxpDdaARWcCos:fd:allow group@:rwxpDdaARWcCos:fd:allow everyone@:--a-R-c--s:--:allow dougs@dorado:/data# cd ./ADS-New/ dougs@dorado:/data/ADS-New# ll total 9 drwxrwx---+ 5 root nobody 7 Aug 27 14:20 Artworks drwxrwx---+ 4 root nobody 4 Jul 17 12:12 ForDSP drwxrwx---+ 78 root nobody 78 Jul 23 13:17 ForMarketing dougs@dorado:/data/ADS-New# /root/bin/reset-perms-prod-mkt-dirs.sh dougs@dorado:/data/ADS-New# getfacl ./Artworks/ # file: ./Artworks/ # owner: root # group: nobody group:DSP-production:rwxpDdaARWcCos:fd:allow - group:DSP-production:rwxpDdaARWcCos:fd:allow - group:DSP-marketing:rwxpDdaARWcCos:fd:allow owner@:rwxpDdaARWcCos:fd:allow group@:rwxpDdaARWcCos:fd:allow everyone@:--a-R-c--s:--:allow dougs@dorado:/data/ADS-New# cd Artworks/ dougs@dorado:/data/ADS-New/Artworks# ll total 4234 drwxrwx---+ 2 root nobody2 Jul 17 12:08 Ask JoeS drwxrwx---+ 2 root nobody 10 Jul 17 12:12 Cool - AD d-w-rwx---+ 2 DSP-alfredo nobody2 Aug 27 14:20 Jaye Additional Art -rwxrwx---+ 1 root DSP-production 3770445 Mar 11 2010 comingsoonIntNepal.pdf -rwxrwx---+ 1 root DSP-production 415338 Mar 11 2010 previewcopy.pdf dougs@dorado:/data/ADS-New/Artworks# cd Ask\ JoeS/ dougs@dorado:/data/ADS-New/Artworks/Ask JoeS# cd .. dougs@dorado:/data/ADS-New/Artworks# getfacl Ask\ JoeS/ # file: Ask JoeS/ # owner: root # group: nobody group:DSP-production:rwxpDdaARWcCos:fd:allow - group:DSP-marketing:rwxpDdaARWcCos:fd:allow owner@:rwxpDdaARWcCos:fd:allow group@:rwxpDdaARWcCos:fd:allow everyone@:--a-R-c--s:--:allow dougs@dorado:/data/ADS-New/Artworks# As you can see, the ADS-New folder where I executed the script shows duplicate entries of the DSP-production group whereas the Ask Joe subfolder underneath the ADS-New folder shows only one DSP-production group. If I run this script on the ADS-OLD folder, I see the same effect- only the first level of subfolders get duplicate DSP-production entries while the rest of the subfolders only contain one entry of the DSP-production group. Why is this happening? The contents of the /root/bin/reset-perms-prod-mkt-dirs.sh is as follows: #!/bin/sh # run this script where you wish to effect the changes # reset perms to default find . -type d -print0 | xargs -0 setfacl -b * # apply perms to files find . -type d -print0 | xargs -0 setfacl -m group@:full_set:fd:allow * find . -type d -print0 | xargs -0 setfacl -m owner@:full_set:fd:allow * find . -type d -print0 | xargs -0 setfacl -m g:dsp-marketing:full_set:fd:allow * find . -type d -print0 | xargs -0 setfacl -m g:dsp-production:full_set:fd:allow * Um? Am I missing something? ~Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4 and file locking
On Thu, Jan 12, 2012 at 05:37:57PM +0100, Leon Meßner wrote: Hi, Does anyone know what you have to do to get locking working under NFSv4? I tried the following: # mount_nfs -o nfsv4,sec=sys ip.nfsv4:/nfstest /mnt/test # mount | grep ip.nfsv4 ip.nfsv4:/nfstest on /mnt/test (newnfs) # kldstat | grep nfs 62 0x8103f000 1015fnfscommon.ko 91 0x81054000 3008fnfscl.ko # cd /mnt/test # lockf testlockfile ls lockf: cannot open testlockfile: Operation not supported Looks like lockf is the wrong tool for this job. I tried the NFSv4 lock testing suite from [1] and this worked flawlessly. I don't know if this test actually does what it claims to do but as i couldn't find any freebsd specific testing tool this will probably suffice. Thanks, Leon [1] http://nfsv4.bullopensource.org/tools/tests_index.php (see locks robustness) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NFSv4 and file locking
Hi, Does anyone know what you have to do to get locking working under NFSv4? I tried the following: # mount_nfs -o nfsv4,sec=sys ip.nfsv4:/nfstest /mnt/test # mount | grep ip.nfsv4 ip.nfsv4:/nfstest on /mnt/test (newnfs) # kldstat | grep nfs 62 0x8103f000 1015fnfscommon.ko 91 0x81054000 3008fnfscl.ko # cd /mnt/test # lockf testlockfile ls lockf: cannot open testlockfile: Operation not supported Client runs 8.2-RELEASE-p6, Server runs 8-STABLE from about a month ago. cherio, Leon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NFSv4 stronger authentication required error
I've run into a strange problem while trying to mount from FreeBSD 9.0-RC3 to anything I can find using NFSv4. The command I'm using is: #mount -v gorkon:/dustbin /tmp/test This returns the following immediate information on a Debian 6 Linux box: mount: no type was given - I'll assume nfs because of the colon mount.nfs: timeout set for Thu Jan 5 17:37:40 2012 mount.nfs: trying text-based options 'vers=4,addr=[serverip],clientaddr=[cllientaddr]' mount.nfs: mount(2): Permission denied mount.nfs: access denied by server while mounting gorkon:/dustbin There's no log entry that I can find on the server (gorkon), and the following log entry is in my syslog for the debian box: [30082.224612] RPC: server gorkon requires stronger authentication. The NFS server has nfsuserd running, rpcbind running. I've tried to set the share in /etc/exports to use sec=sys (and connect the same way). I don't have Kerberos set up on this network, and I'm not about to start. The Debian NFSv4 servers do connect to a Solaris 10 NFSv4 server, and the FreeBSD box can't mount its own shares over NFS if I force use of nfsv4 (error is mount_nfs: /tmp/test, : Permission denied). A FreeBSD 8.2-RELEASE box won't mount either, same error. The Solaris 10 box also cannot mount the FreeBSD box's mount. The error for this machine is : genunix: [ID 664466 kern.notice] NFS compound failed for server gorkon: error 7 genunix: [ID 532867 kern.warning] WARNING: NFS server initial call to gorkon failed: permission denied. NFSv3 mounts work fine. Anyone know what's going on? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: ZFSv28+NFSv4 poor file creation performance, sync=disabled has no effect
On 31/08/2011 23:45, David Brodbeck wrote: I'm testing FreeBSD 9.0-BETA with an eye toward eventually using FreeBSD 9.0 to replace some existing OpenSolaris 2008.11 installations. I've found NFS file creation performance (as measured by Bonnie++) is equally slow for both with default settings. However, on OpenSolaris I disable the ZIL to improve file creation performance. This tuning parameter was removed from FreeBSD 9.0; its replacement is supposed to be the per-filesystem flag sync, but setting this flag seems to have no effect. I did recompile the FreeBSD kernel without debugging features before doing the tests, so I don't think this is a case of debugging code slowing things down. Here's the relevant data; these are all from bonnie++'s sequential create benchmark. OpenSolaris 2008.11, default settings: 58/second OpenSolaris 2008.11, with zil_disable=1: 1258/second FreeBSD 9.0-BETA, default settings: 107/second FreeBSD 9.0-BETA, with sync=disabled: 106/second It appears the sync ZFS parameter has no effect in FreeBSD. Has anyone else seen this? Is there a way to improve NFS file creation performance now that zil_disable has been removed? Please report this to the freebsd-fs mailing list! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
ZFSv28+NFSv4 poor file creation performance, sync=disabled has no effect
I'm testing FreeBSD 9.0-BETA with an eye toward eventually using FreeBSD 9.0 to replace some existing OpenSolaris 2008.11 installations. I've found NFS file creation performance (as measured by Bonnie++) is equally slow for both with default settings. However, on OpenSolaris I disable the ZIL to improve file creation performance. This tuning parameter was removed from FreeBSD 9.0; its replacement is supposed to be the per-filesystem flag sync, but setting this flag seems to have no effect. I did recompile the FreeBSD kernel without debugging features before doing the tests, so I don't think this is a case of debugging code slowing things down. Here's the relevant data; these are all from bonnie++'s sequential create benchmark. OpenSolaris 2008.11, default settings: 58/second OpenSolaris 2008.11, with zil_disable=1: 1258/second FreeBSD 9.0-BETA, default settings: 107/second FreeBSD 9.0-BETA, with sync=disabled: 106/second It appears the sync ZFS parameter has no effect in FreeBSD. Has anyone else seen this? Is there a way to improve NFS file creation performance now that zil_disable has been removed? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4 directory listing issues.
On Tue, Aug 23, 2011 at 01:11:52AM +0200, Leon Meßner wrote: Hi, i'm just testing a kerberized NFSv4 export of a ZFS-Filesystem. Both client and server are FreeBSD at the moment. I tried Linux clients, but could not mount with sec=krb5. If i mount an exported directory with -o sec=krb5(i|p)i, directory listings with ls do sometimes take a very long time (about 20times). Example output below. time ls -la total 8 drwxr-xr-x+ 3 rootwheel 4 Aug 16 13:27 . drwxr-xr-x 3 locadm locadm 512 Aug 22 23:46 .. drwxr-xr-x+ 2 rootwheel 2 Aug 16 13:27 testdir -rw-r--r-- 1 rootwheel 0 Aug 16 13:27 testfile 0.003u 0.003s 0:00.23 0.0% 0+0k 0+0io 0pf+0w time ls -la total 8 drwxr-xr-x+ 3 rootwheel 4 Aug 16 13:27 . drwxr-xr-x 3 locadm locadm 512 Aug 22 23:46 .. drwxr-xr-x+ 2 rootwheel 2 Aug 16 13:27 testdir -rw-r--r-- 1 rootwheel 0 Aug 16 13:27 testfile 0.000u 0.007s 0:04.27 0.0% 0+0k 0+0io 0pf+0w The share is mounted by a local user with a kerberos ticket by mount -t nfs -o nfsv4,sec=krb5 130.149.58.249:/home mount. Mounting with sec=sys does not produce this problem. Has anyone experienced similar issues ? It looks like this could be related to kern/158432 [1] although i'm using IPv4 and amd64. I can't test it at the moment because the testmachine is temp. out of service but i got the same error messages in my kdc's log file. Greetings, Leon [1] http://www.freebsd.org/cgi/query-pr.cgi?pr=158432cat=kern ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NFSv4 directory listing issues.
Hi, i'm just testing a kerberized NFSv4 export of a ZFS-Filesystem. Both client and server are FreeBSD at the moment. I tried Linux clients, but could not mount with sec=krb5. If i mount an exported directory with -o sec=krb5(i|p)i, directory listings with ls do sometimes take a very long time (about 20times). Example output below. time ls -la total 8 drwxr-xr-x+ 3 rootwheel 4 Aug 16 13:27 . drwxr-xr-x 3 locadm locadm 512 Aug 22 23:46 .. drwxr-xr-x+ 2 rootwheel 2 Aug 16 13:27 testdir -rw-r--r-- 1 rootwheel 0 Aug 16 13:27 testfile 0.003u 0.003s 0:00.23 0.0% 0+0k 0+0io 0pf+0w time ls -la total 8 drwxr-xr-x+ 3 rootwheel 4 Aug 16 13:27 . drwxr-xr-x 3 locadm locadm 512 Aug 22 23:46 .. drwxr-xr-x+ 2 rootwheel 2 Aug 16 13:27 testdir -rw-r--r-- 1 rootwheel 0 Aug 16 13:27 testfile 0.000u 0.007s 0:04.27 0.0% 0+0k 0+0io 0pf+0w The share is mounted by a local user with a kerberos ticket by mount -t nfs -o nfsv4,sec=krb5 130.149.58.249:/home mount. Mounting with sec=sys does not produce this problem. Has anyone experienced similar issues ? cherio, Leon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Weird Linux - FreeBSD/ZFS NFSv4 interoperability problem
On 09/02/10 21:25, David Brodbeck wrote: While doing some interoperability testing between Linux and FreeBSD, I came up with this unusual issue. I could use some help figuring out if this is a bug, and if so, where to file it. Here's the scenario: - FreeBSD 8.1-RELEASE server, sharing a ZFS filesystem via NFSv4. I think that this is the beginning of your problems - even the developer who is working on NFSv4 says it's too experimental to be used in real world. - Linux client (I've tested with RHEL 5.4 and Debian Lenny) mounting said filesystem with NFSv4. - A user on the Linux client does a Subversion checkout onto the mounted filesystem. At the end of the checkout, access to the filesystem hangs. nfsd on the FreeBSD server and rpciod on the Linux client seem to be in a tight loop, and there's lots of network traffic between them. I can reproduce this every time. The problem does not occur if the backing filesystem is UFS instead of ZFS, if NFSv3 is used instead of NFSv4, or if the client is FreeBSD instead of Linux. ... but you may have stumbled on something specific. I recommend you repeat this same post (and others you have on the similar topic) on the freebsd-fs at freebsd.org mailing list, the developer (Rick Macklem) reads it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Weird Linux - FreeBSD/ZFS NFSv4 interoperability problem
Thanks, Ivan. I'll pursue it there. If it's not ready for prime time yet, I understand, but I'd also like to help nudge it in that direction. :) On Fri, Sep 3, 2010 at 2:57 AM, Ivan Voras ivo...@freebsd.org wrote: On 09/02/10 21:25, David Brodbeck wrote: While doing some interoperability testing between Linux and FreeBSD, I came up with this unusual issue. I could use some help figuring out if this is a bug, and if so, where to file it. Here's the scenario: - FreeBSD 8.1-RELEASE server, sharing a ZFS filesystem via NFSv4. I think that this is the beginning of your problems - even the developer who is working on NFSv4 says it's too experimental to be used in real world. - Linux client (I've tested with RHEL 5.4 and Debian Lenny) mounting said filesystem with NFSv4. - A user on the Linux client does a Subversion checkout onto the mounted filesystem. At the end of the checkout, access to the filesystem hangs. nfsd on the FreeBSD server and rpciod on the Linux client seem to be in a tight loop, and there's lots of network traffic between them. I can reproduce this every time. The problem does not occur if the backing filesystem is UFS instead of ZFS, if NFSv3 is used instead of NFSv4, or if the client is FreeBSD instead of Linux. ... but you may have stumbled on something specific. I recommend you repeat this same post (and others you have on the similar topic) on the freebsd-fs at freebsd.org mailing list, the developer (Rick Macklem) reads it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Weird Linux - FreeBSD/ZFS NFSv4 interoperability problem
While doing some interoperability testing between Linux and FreeBSD, I came up with this unusual issue. I could use some help figuring out if this is a bug, and if so, where to file it. Here's the scenario: - FreeBSD 8.1-RELEASE server, sharing a ZFS filesystem via NFSv4. - Linux client (I've tested with RHEL 5.4 and Debian Lenny) mounting said filesystem with NFSv4. - A user on the Linux client does a Subversion checkout onto the mounted filesystem. At the end of the checkout, access to the filesystem hangs. nfsd on the FreeBSD server and rpciod on the Linux client seem to be in a tight loop, and there's lots of network traffic between them. I can reproduce this every time. The problem does not occur if the backing filesystem is UFS instead of ZFS, if NFSv3 is used instead of NFSv4, or if the client is FreeBSD instead of Linux. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Mirror mounts not available on FreeBSD? (was: Re: NFSv4 shows all ZFS filesystems as being owned by root)
On Tue, Aug 31, 2010 at 12:20 PM, David Brodbeck g...@gull.us wrote: On Tue, Aug 31, 2010 at 11:52 AM, David Brodbeck g...@gull.us wrote: When a ZFS filesystem mountpoint is owned by someone other than root, this is not depicted properly on NFSv4 clients: After playing around a bit more, it appears the problem is that ZFS filesystems under an NFSv4 mountpoint are not auto-mounted by Linux clients of a FreeBSD server the way they are when they're clients of an OpenSolaris server; if I mount them manually, the ownership is correct. I think OpenSolaris calls this functionality mirror mounts. Is there a way to get mirror mounts to work on FreeBSD, or is it necessary to mount every sub-filesystem manually? The answer is I didn't RTFM carefully enough, and forgot to specify 'nfsd_flags=-e' and 'mountd_flags=-e' in my /etc/rc.conf. It's working now. Sorry for the unnecessary thread, but hopefully it'll help someone else searching for the same info in the future. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NFSv4 shows all ZFS filesystems as being owned by root
When a ZFS filesystem mountpoint is owned by someone other than root, this is not depicted properly on NFSv4 clients: On the server (FreeBSD 8.1-RELEASE): temp-nfs# zfs create tank/test/testfs temp-nfs# chown brodbd:brodbd /tank/test/testfs temp-nfs# touch /tank/test/testfile temp-nfs# chown brodbd:brodbd /tank/test/testfile temp-nfs# ls -l /tank/test total 2 -rw-r--r-- 1 brodbd brodbd 0 Aug 31 04:48 testfile drwxr-xr-x 2 brodbd brodbd 2 Aug 31 04:48 testfs On the client (RedHat Linux 5.4): r...@dryas:~# mount temp-nfs:/tank/test /test r...@dryas:~# ls -l /test total 2 -rw-r--r-- 1 brodbd brodbd 0 Aug 31 04:48 testfile drwxr-xr-x 2 root root 2 Aug 31 04:48 testfs The same sequence works as expected when the server runs OpenSolaris. Am I missing something? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Mirror mounts not available on FreeBSD? (was: Re: NFSv4 shows all ZFS filesystems as being owned by root)
On Tue, Aug 31, 2010 at 11:52 AM, David Brodbeck g...@gull.us wrote: When a ZFS filesystem mountpoint is owned by someone other than root, this is not depicted properly on NFSv4 clients: After playing around a bit more, it appears the problem is that ZFS filesystems under an NFSv4 mountpoint are not auto-mounted by Linux clients of a FreeBSD server the way they are when they're clients of an OpenSolaris server; if I mount them manually, the ownership is correct. I think OpenSolaris calls this functionality mirror mounts. Is there a way to get mirror mounts to work on FreeBSD, or is it necessary to mount every sub-filesystem manually? The intended application here is a server hosting user home directories, where each user has their own ZFS filesystem. Having to list every user in /etc/fstab on every client is not really workable. With an OpenSolaris server, I can have the Linux clients mount /tank/home, and all the filesystems under /tank/home come along for the ride; I'm trying to duplicate this with a FreeBSD server. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4 status
Anybody? Joe Auty wrote: Hello, I'm a little confused as to where NFSv4 is at... Is the client stable and considered ready for production use? If so, as of what OS version? The man page for nfsv4 listed here: http://www.freebsd.org/cgi/man.cgi?query=nfsv4sektion=4 still lists this as experimental, however the bottom of this page has a signature for FBSD 7.2 Can somebody kindly clarify as to where NFSv4 support is at, whether it is still considered experimental, what the roadmap for it is (if applicable), etc.? Thanks in advance! -- Joe Auty, NetMusician NetMusician helps musicians, bands and artists create beautiful, professional, custom designed, career-essential websites that are easy to maintain and to integrate with popular social networks. www.netmusician.org http://www.netmusician.org j...@netmusician.org mailto:j...@netmusician.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NFSv4 status
Hello, I'm a little confused as to where NFSv4 is at... Is the client stable and considered ready for production use? If so, as of what OS version? The man page for nfsv4 listed here: http://www.freebsd.org/cgi/man.cgi?query=nfsv4sektion=4 still lists this as experimental, however the bottom of this page has a signature for FBSD 7.2 Can somebody kindly clarify as to where NFSv4 support is at, whether it is still considered experimental, what the roadmap for it is (if applicable), etc.? Thanks in advance! -- Joe Auty, NetMusician NetMusician helps musicians, bands and artists create beautiful, professional, custom designed, career-essential websites that are easy to maintain and to integrate with popular social networks. www.netmusician.org http://www.netmusician.org j...@netmusician.org mailto:j...@netmusician.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NFSv4 and setfacl?
I managed to get NFSv4 working this weekend. Then I went to try to try setting and ACL with setfacl and it wouldn't work. ACL's were the reason I was interested in NFSv4. And I can't google the problem as I keep getting pages refering to NFSv4 style ACL's. So does NFSv4 on freebsd support ACL's or not yet? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4: mount -t nsf4 not the same as mount_newnfs?
On 02/08/10 22:37, Rick Macklem wrote: On Mon, 8 Feb 2010, O. Hartmann wrote: So I guess the above one is the more 'transparent' one with respect to the future, when NFSv4 gets mature and its way as matured into the kernel? Yea, I'd only use mount -t newnfs if for some reason you want to test/use the experimental client for nfsv2,3 instead of the regular one. I tried the above and it works. But it seems, that only UFS2 filesystems can be mounted by the client. When trying mounting a filesystem residing on ZFS, it fails. Mounting works, but when try to access or doing a simple 'ls', I get ls: /backup: Permission denied On server side, /etc/exports looks like -- V4: / -sec=sys:krb5 #IPv4# /backup #IPv4# -- Is there still an issue with ZFS? For ZFS, everything from the root specified by the V4: line must be exported at this time. So, if / isn't exported, the above won't work for ZFS. You can either export / or move the NFSv4 root down to backup. For example, you could try: V4:/backup -sec=sys:krb5 /backup (assuming /backup is the ZFS volume) and then a mount like: mount -t nfs -o nfsv4 server:/ /mnt will mount /backup on /mnt rick ps: ZFS also has its own export stuff, but it is my understanding that putting a line in /etc/exports is sufficient. I've never used ZFS, so others will know more than I. Well, I guess I havn't uderstood everything of NFSv4. The 'concept' of the 'root' is new to me, maybe there are some deeper explanation of the purpose? Are there supposed to be more than one 'root' enries or only one? At this very moment mounting seems to work, but I always get a 'permission denied' error on every ZFS exported filesystem. Doing the same with UFS2 filesystems, everything works as expected. Is there a way to inspect the exports and mounts for the used NFS-protocol? When issuing 'mount', the 'backup' mount is repoted to be 'newnfs', I assume this reflects NFSv4 being used, now I need to figure out what's going wrong with the ZFS export. NFS export of the ZFS filesystem is enabled, but as far as I know, this feature is not used in FreeBSD since ZFS in FreeBSD lacks of the capabilities of autonomously exporting its via NFS - well, I'm not an expert in this matter. Thanks a lot, Oliver ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4: mount -t nsf4 not the same as mount_newnfs?
On Tue, 9 Feb 2010, O. Hartmann wrote: Well, I guess I havn't uderstood everything of NFSv4. The 'concept' of the 'root' is new to me, maybe there are some deeper explanation of the purpose? Are there supposed to be more than one 'root' enries or only one? Only to specify different security flavours for different client host IP#s. There is only one root location in the file system tree. This was done for NFSv4 to avoid any need for the mount protocol. See below. At this very moment mounting seems to work, but I always get a 'permission denied' error on every ZFS exported filesystem. Doing the same with UFS2 filesystems, everything works as expected. In NFSv4 mount does very little, since it does not use the mount protocol. It basically passes a pathname from the NFSv4 root into the kernel for later use. (Since UFS doesn't actually check exports, the experimental server checks them, but cheats and allows a minimal set of NFSv4 Operations on non-exported volumes, so that this pathname can be traversed to the exported volume. At this time ZFS checks exports. As such everything in the tree from the root specified by the V4: line must be exported for ZFS to work. I believe others have gotten a ZFS export to work, but I have no experience with it at this time. Is there a way to inspect the exports and mounts for the used NFS-protocol? Not that I am aware. (Excluding ZFS, which I don't know anything about, the /etc/exports file specifies the exports.) When issuing 'mount', the 'backup' mount is repoted to be 'newnfs', I assume this reflects NFSv4 being used, now I need to figure out what's going wrong with the ZFS export. NFS export of the ZFS filesystem is enabled, but as far as I know, this feature is not used in FreeBSD since ZFS in FreeBSD lacks of the capabilities of autonomously exporting its via NFS - well, I'm not an expert in this matter. I'm definitely not a ZFS expert either:-) I think the mount command is showing you that the mount point was created (newnfs refers to the experimental client), but as noted above, that doesn't indicate that it is accessible. (If you haven't tried moving the V4: /backup ... that moves the NFSv4 root to /backup, you should do that and see how it goes.) Good luck with it, rick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
NFSv4: mount -t nsf4 not the same as mount_newnfs?
Hello. I set up a NFSv4 server located on a FreeBSD 8.0/amd64 box (most recent world). It seems I successfully set up the NFSv4 service and this results in a successful mount of a file system by another FreeBSD 8.0 box. But their is a weirdnes I do not understand. Mounting the filessystem via mount_newnfs host:/path /path works fine, but not mount -t nfs4 host:/path /path. When doing the latter, I always get the error : Operation not supported by device What I'm doing wrong? Regards, Oliver P.S. Kernel has both NFSSERVER and NFSD, NFSCL and NFSCLIENT, /etc/rc.conf has nfsv4_server_enable=YES nfsuserd_enable=YES rpcbind_enable=YES on serverside, on clientside, it's nfsuserd_enable=YES nfscbd_enable=YES ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4: mount -t nsf4 not the same as mount_newnfs?
On Mon, 8 Feb 2010, O. Hartmann wrote: Mounting the filessystem via mount_newnfs host:/path /path Oh, and you should set: sysctl vfs.newnfs.locallocks_enable=0 in the server, since I haven't fixed the local locking yet. (This implies that apps/daemons running locally on the server won't see byte range locks performed by NFSv4 clients.) However, byte range locking between NFSv4 clients should work ok. rick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4: mount -t nsf4 not the same as mount_newnfs?
On Mon, 8 Feb 2010, O. Hartmann wrote: Mounting the filessystem via mount_newnfs host:/path /path works fine, but not mount -t nfs4 host:/path /path. The mount command can be either: mount -t nfs -o nfsv4 host:/path /path or mount -t newnfs -o nfsv4 host:/path /path (The above was what the old now removed nfs4 used.) Have fun with it, rick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4: mount -t nsf4 not the same as mount_newnfs?
On 02/08/10 15:08, Rick Macklem wrote: On Mon, 8 Feb 2010, O. Hartmann wrote: Mounting the filessystem via mount_newnfs host:/path /path Oh, and you should set: sysctl vfs.newnfs.locallocks_enable=0 in the server, since I haven't fixed the local locking yet. (This implies that apps/daemons running locally on the server won't see byte range locks performed by NFSv4 clients.) However, byte range locking between NFSv4 clients should work ok. rick ___ freebsd-sta...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org Interesting, I see a lot of vfs.newfs-stuff on server-side, but not this specific OID. Do I miss something here? Regards, Oliver ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4: mount -t nsf4 not the same as mount_newnfs?
On 02/08/10 15:01, Rick Macklem wrote: On Mon, 8 Feb 2010, O. Hartmann wrote: Mounting the filessystem via mount_newnfs host:/path /path works fine, but not mount -t nfs4 host:/path /path. The mount command can be either: mount -t nfs -o nfsv4 host:/path /path or mount -t newnfs -o nfsv4 host:/path /path (The above was what the old now removed nfs4 used.) Have fun with it, rick So I guess the above one is the more 'transparent' one with respect to the future, when NFSv4 gets mature and its way as matured into the kernel? I tried the above and it works. But it seems, that only UFS2 filesystems can be mounted by the client. When trying mounting a filesystem residing on ZFS, it fails. Mounting works, but when try to access or doing a simple 'ls', I get ls: /backup: Permission denied On server side, /etc/exports looks like -- V4: / -sec=sys:krb5 #IPv4# /backup #IPv4# -- Is there still an issue with ZFS? Regards, Oliver ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4: mount -t nsf4 not the same as mount_newnfs?
On Mon, 8 Feb 2010, O. Hartmann wrote: Oh, and you should set: sysctl vfs.newnfs.locallocks_enable=0 in the server, since I haven't fixed the local locking yet. (This implies that apps/daemons running locally on the server won't see byte range locks performed by NFSv4 clients.) However, byte range locking between NFSv4 clients should work ok. Interesting, I see a lot of vfs.newfs-stuff on server-side, but not this specific OID. Do I miss something here? Oops, make that vfs.newnfs.enable_locallocks=0 rick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4: mount -t nsf4 not the same as mount_newnfs?
On Mon, 8 Feb 2010, O. Hartmann wrote: So I guess the above one is the more 'transparent' one with respect to the future, when NFSv4 gets mature and its way as matured into the kernel? Yea, I'd only use mount -t newnfs if for some reason you want to test/use the experimental client for nfsv2,3 instead of the regular one. I tried the above and it works. But it seems, that only UFS2 filesystems can be mounted by the client. When trying mounting a filesystem residing on ZFS, it fails. Mounting works, but when try to access or doing a simple 'ls', I get ls: /backup: Permission denied On server side, /etc/exports looks like -- V4: / -sec=sys:krb5 #IPv4# /backup #IPv4# -- Is there still an issue with ZFS? For ZFS, everything from the root specified by the V4: line must be exported at this time. So, if / isn't exported, the above won't work for ZFS. You can either export / or move the NFSv4 root down to backup. For example, you could try: V4: /backup -sec=sys:krb5 /backup (assuming /backup is the ZFS volume) and then a mount like: mount -t nfs -o nfsv4 server:/ /mnt will mount /backup on /mnt rick ps: ZFS also has its own export stuff, but it is my understanding that putting a line in /etc/exports is sufficient. I've never used ZFS, so others will know more than I. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: NFSv4: mount -t nsf4 not the same as mount_newnfs?
On Mon, Feb 8, 2010 at 2:37 PM, Rick Macklem rmack...@uoguelph.ca wrote: ps: ZFS also has its own export stuff, but it is my understanding that putting a line in /etc/exports is sufficient. I've never used ZFS, so others will know more than I. My understanding (from having used NFS and ZFS, haven't looked at the code) is that: The sharenfs property for a ZFS dataset gets written out to /etc/zfs/exports, which gets appended to the mountd command-line by default. Thus, you can use /etc/exports or sharenfs property, whichever is easier. # zfs get sharenfs storage/backup NAMEPROPERTY VALUE SOURCE storage/backup sharenfs -maproot=root 192.168.0.12 local # cat /etc/exports # cat /etc/zfs/exports # !!! DO NOT EDIT THIS FILE MANUALLY !!! /storage/backup -maproot=root 192.168.0.12 # pgrep -lf exports 1381 /usr/sbin/mountd -r -p 32000 /etc/exports /etc/zfs/exports -- Freddie Cash fjwc...@gmail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Cannot write to nfsv4 share
I am running 8.0-RELEASE. I am able to mount an nfsv4 share on a Debian GNU/Linux server, but I cannot write to it. I realise that nfsv4 is experimental on FreeBSD, but I am tantalisingly close to getting it working and thought that someone here could advise, or point me to some (web) reference. I have googled but have not found anything relevant to this problem. I have enabled the following in /etc/rc.conf: nfs_client_enable=YES nfsuserd_enable=YES nfsuserd_flags=-domain localdomain nfscbd_enable=YES I have passed the domain localdomain to nfsuserd via nfsuserd_flags because that is what it is set to (by default) via /etc/idmapd.conf on the Linux server. I mount the remote location using: # mount -t nfs -o nfsv4,rw 192.168.x.x:/freeagent /mnt which succeeds (either with or without the rw option) # mount /dev/ad2s1a on / (ufs, local) devfs on /dev (devfs, local, multilabel) /dev/ad2s1e on /tmp (ufs, local, soft-updates) /dev/ad2s1f on /usr (ufs, local, soft-updates) /dev/ad2s1d on /var (ufs, local, soft-updates) 192.168.x.x:/freeagent on /mnt (newnfs) When I execute an ls -al on /mnt all the directories have the correct permissions, except for one (NOTE THE GROUP -- 32767) drwx--2 root 32767 16384 Jul 5 12:28 lost+found If I try, either as root, or as my regular user account, to write to the drive I get $ cd /mnt $ touch junk touch: junk: Permission denied I have checked the directory permissions for my user and they are correct. I use the same username (and group) on both the FreeBSD desktop and the Linux (NFS4) server and, according to the permissions, I own and should be able to write to the share: $ cd /mnt $ ls -ald . drwxr-xr-x 7 username username 4096 Dec 11 13:37 . I can successfully read from the nfs4 mounted drive, but I cannot write to it. Has anyone got any idea where I have gone wrong. (If I boot to Linux on the same client I can successfully mount and read/write, so I'm reasonably certain the server side is set up correctly.) -Richard ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: PAM/ldap_pam/NFSv4: How let users of a speicific group log into a specific box?
O. Hartmann schrieb am 27.04.2009 09:48 (localtime): ... This is what I wish to get and need: A simple capability of selecting users into a specific group. Members of such a group should then log into a set of specific hosts. Infrastructure is FreeBSD 8.0-CURRENT/amd64 and some 7.2-STABLE boxes (acting as server) as well as OpenLDAP backend. I've done something similar with specifying allowed hosts per user with pam_ldap required for account. Let me know if this was an option for you. Regards, -Harry signature.asc Description: OpenPGP digital signature
Re: PAM/ldap_pam/NFSv4: How let users of a speicific group log into a specific box?
[dropping -current from CC] O. Hartmann wrote: A simple capability of selecting users into a specific group. Members of such a group should then log into a set of specific hosts. Infrastructure is FreeBSD 8.0-CURRENT/amd64 and some 7.2-STABLE boxes (acting as server) as well as OpenLDAP backend. [...] Can anybody help or do have hints? Please remember I do not belon g to the 'questions' list, so please put me into your mail-cc. I use the pam_require module from ports for this purpose. | account sufficient /usr/local/lib/pam_require.so root @mygroup | account required/usr/local/lib/pam_ldap.so This allows the user root and members of mygroup to have accounts on the box. Control falls through to pam_ldap, which is configured with pam_check_host_attr yes, which also grants accounts to any user with a matching Host: attribute in their entry. If I have a machine mybox.example.com, and uid=ccowart,ou=People,dc=example,dc=com has the attribute: Host: mybox.example.com Then the user ccowart can login to the box without being in mygroup. Regardless of the host attributes, mygroup members can login. -- Chris Cowart Network Technical Lead Network Infrastructure Services, RSSP-IT UC Berkeley pgpul6JU4wA7f.pgp Description: PGP signature
PAM/ldap_pam/NFSv4: How let users of a speicific group log into a specific box?
Hello. I run into a specific problem and for several months of experiments I havn't found a solution, yet. This is what I wish to get and need: A simple capability of selecting users into a specific group. Members of such a group should then log into a set of specific hosts. Infrastructure is FreeBSD 8.0-CURRENT/amd64 and some 7.2-STABLE boxes (acting as server) as well as OpenLDAP backend. Authentication on boxes is done via PAM/ldap_pam. But it is on FreeBSD's side a vanilla configuration, not very sophisticated. Users autheticate and authorize against an OpenLDAP server residing on another box. pam_ldap in its most recent ports-version offers, as the manpage claims, a facility enabling group logins (resides in /usr/local/etc/ldap.conf): # Group to enforce membership of pam_groupdn cn=mygroup,ou=groups,dc=foo,dc=org?sub # Group member attribute #pam_member_attribute uniqueMember pam_member_attribute memberUid Within the DIT of the OpenLDAP server ou=groups exists and contains also a group called 'mygroup' with a multi-value attribute (as required), in this case memberUid. Using pam_ldap.so as a 'required' module is not appreciated, so there seems a problem to me with the stack order - should say: I need a LDAP solution. pam_group doesn't work for me: authrequired/requisite pam_group.sono_warn group=mygroup Can anybody help or do have hints? Please remember I do not belon g to the 'questions' list, so please put me into your mail-cc. Regards, Oliver ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD and NFSv4
Konrad Heuer wrote: are there any experiences with FreeBSD being an NFSv4 client out there? And furthermore, is there any further development of NFSv4 functionality within FreeBSD to come closer to RFC 3530? As far as I know (not 100% sure, though), the NFSv4 client is under active development. You might have better luck getting a useful answer on the -fs and/or -hackers lists. Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd Can the denizens of this group enlighten me about what the advantages of Python are, versus Perl ? python is more likely to pass unharmed through your spelling checker than perl. -- An unknown poster and Fredrik Lundh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
FreeBSD and NFSv4
Hello everyone, are there any experiences with FreeBSD being an NFSv4 client out there? And furthermore, is there any further development of NFSv4 functionality within FreeBSD to come closer to RFC 3530? Thanks for any reply and best regards Konrad Heuer GWDG, Am Fassberg, 37077 Goettingen, Germany, [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
nfsv4: strange things happen
Hi we have a Solaris 10 NFS server and a FreebSD 7.0 NFS client. We have a couple of NFSv4 mounted filesystem on the client. nest.ifom-ieo-campus.it:/data/exports/obj/bsd7.ifom-ieo-campus.it/obj /mnt/nest nfs rw,-r=16384,-w=16384,tcp,-4 2 0 nest.ifom-ieo-campus.it:/data/exports/jails/bsd7.ifom-ieo-campus.it/jails /jails nfs rw,-r=16384,-w=16384,tcp,-4 2 0 We are having strange issues: for example - we cannot execute binaries on the mounted filesystems - if we umount one of the two filesystem from the client, the other filesystem must be remounted, otherwise a process the is writing on it exit with errors. For example we have a iozone running on /mnt/nest and we umount /jails, the iozoine exits with: Can not open temp file: iozone.tmp open: Unknown error: 10011 [EMAIL PROTECTED]:/mnt/nest/iozone/nfs4 Is anybody using nfsv4 between a Solaris 10 server and a FreebSD 7.0 client? Are you having problems on it? This is our FreeBSD version: [EMAIL PROTECTED]:~ uname -a FreeBSD bsd7.ifom-ieo-campus.it 7.0-RC1 FreeBSD 7.0-RC1 #0: Fri Jan 11 19:22:50 CET 2008 [EMAIL PROTECTED]:/mnt/nest/usr/src/sys/BSD7 i386 (everything si running fine on nfsv3). Bye and thanks for your help Valerio Daelli ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
NFSv4 server
Hi all! I've been running my home file server on Linux for quite a number of years, but ever since I started running FreeBSD on my laptop, I've been itching a bit to start looking into reinstalling the file server with FreeBSD as well. There's just one show-stopper: There seems not to be any Kerberized NFS server for FreeBSD. Does anyone know if there's one in the works or just hidden from my sight somewhere out there? I've noticed that FreeBSD's errno(3) man page includes error codes that seem to be for authenticated NFS access, but grepping through /usr/src for them yields no hits outside of errno.h. I'm just wondering if there are any plans. Fredrik Tolf ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
nfsv4 server
Hi all Any idea when the a nfsv4 server working on FreeBSD ? Regards. -- Albert SHIH Universite de Paris 7 (Denis DIDEROT) U.F.R. de Mathematiques. 7 ième étage, plateau D, bureau 10 Heure local/Local time: Tue Feb 28 02:12:16 CET 2006 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: nfsv4 server
On Tue, Feb 28, 2006 at 02:13:12AM +0100, Albert Shih wrote: Hi all Any idea when the a nfsv4 server working on FreeBSD ? See the freebsd-fs archives. Kris pgpqr6sH6FTZI.pgp Description: PGP signature
NFSV4
Hi all. Anyone known the quality of mount_nfs4 ? And where can I find a nfsv4 server ? Of course I prefer on my FreeBSD box ;-)) Regards. -- Albert SHIH Universite de Paris 7 (Denis DIDEROT) U.F.R. de Mathematiques. Heure local/Local time: Mon Jan 16 22:42:07 CET 2006 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
5.3RC1 - /etc/defaults/rc.conf - netfs_types nfsv4
I ran into this problem while mounting a netapp with nfsv4 during a reboot. Should /etc/defaults/rc.conf have nfs4 in the netfs_types list? I know I can add it to the extra_netfs_types variable under /etc/rc.conf, but if it's stable code, then it might be wise to add it into the defaults before -RELEASE comes out. Thanks, Pete Wieckowski ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: 5.3RC1 - /etc/defaults/rc.conf - netfs_types nfsv4
Let me explain this a little better. I know that I shouldn't need to edit edit /etc/defaults/rc.conf because /etc/rc.conf overrides the default. My question is should this be added into the CVS tree so people don't run into this problem while putting an 'nfs4' in /etc/fstab. If I were to have this in my /etc/fstab: nfstestclient-1# cat /etc/fstab # DeviceMountpoint FStype Options DumpPass# /dev/ad0s1b noneswapsw 0 0 /dev/ad0s1a / ufs rw 1 1 /dev/ad0s1e /tmpufs rw 2 2 /dev/ad0s1f /usrufs rw 2 2 /dev/ad0s1d /varufs rw 2 2 /dev/acd0 /cdrom cd9660 ro,noauto 0 0 10.10.10.252:/vol/vol1 /vol/vol1 nfs4 rw,noatime,-s,-i,-b 0 0 nfstestclient-1# and I reboot the box, during bootup, my machine would errorout: ...dmesg... Timecounters tick every 10.000 msec acpi_cpu: throttling enabled, 2 steps (100% to 50.0%), currently 100.0% ad0: 76319MB MDT MD800BB-00BSA0/12.08C12 [155061/16/63] at ata0-master UDMA100 acd0: CDROM COMPAQ CDR-8435/0013 at ata1-master PIO4 Mounting root from ufs:/dev/ad0s1a Pre-seeding PRNG: kickstart. Loading configuration files. Entropy harvesting: interrupts ethernet point_to_point kickstart. swapon: adding /dev/ad0s1b as swap device Starting file system checks: /dev/ad0s1a: FILE SYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1a: clean, 236182 free (1390 frags, 29349 blocks, 0.5% fragmentation) /dev/ad0s1e: FILE SYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1e: clean, 506276 free (28 frags, 63281 blocks, 0.0% fragmentation) /dev/ad0s1f: FILE SYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1f: clean, 34574399 free (36079 frags, 4317290 blocks, 0.1% fragmentat) /dev/ad0s1d: FILE SYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1d: clean, 1012721 free (97 frags, 126578 blocks, 0.0% fragmentation) nfs4: /vol/vol1: Can't assign requested address Mounting /etc/fstab filesystems failed, startup aborted Boot interrupted Enter full pathname of shell or RETURN for /bin/sh: .. This is due to the fact that the system is trying to mount the NFSv4 filesystem before the network stack is up (as per /etc/rc.d/mountcritlocal). If NFSv4 is stable code under the 5.3-tree, then it may be wise to add 'nfs4' to '/etc/defaults/rc.conf' under the 'netfs_types' option. Now I'm not exactly sure if NFSv4 client support is fully stable because I believe it might be issuing a MNT_IGNORE flag, I'll look at the source to verify. If I add: extra_netfs_types=nfs4, the system boots up happily and I can see the filesystem is mounted: nfstestclient-1# mount /dev/ad0s1a on / (ufs, local) devfs on /dev (devfs, local) /dev/ad0s1e on /tmp (ufs, local, soft-updates) /dev/ad0s1f on /usr (ufs, local, soft-updates) /dev/ad0s1d on /var (ufs, local, soft-updates) 10.10.10.252:/vol/vol1 on /vol/vol1 (nfs4, noatime) nfstestclient-1# Thanks, Pete Wieckowski On Thursday 28 October 2004 16:00, Pete - Jupiterhosting wrote: I ran into this problem while mounting a netapp with nfsv4 during a reboot. Should /etc/defaults/rc.conf have nfs4 in the netfs_types list? I know I can add it to the extra_netfs_types variable under /etc/rc.conf, but if it's stable code, then it might be wise to add it into the defaults before -RELEASE comes out. Thanks, Pete Wieckowski ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
