Setting up NFS4 on CentOS

First: install server software and start it

yum install nfs-utils nfs-utils-lib system-config-nfs
yum install nfs-utils nfs4-acl-tools portmap
chkconfig nfs on
chkconfig portmap on
service nfs start
echo 'portmap:ALL' >> /etc/hosts.deny
echo 'portmap:192.168.1.0/24' >> /etc/hosts.allow
service portmap start

run the firewall gui and turn on NFS4 (2049)

Second: export the directories to be shared

system-config-nfs #will launch the gui
  • can use 192.168.4.0/24 for all of subtree
  • General options
    ☒ Disable subtree checking
    ☒ Sync on request
    ☒ Hide filesytems beneath
    Set FSID to 0 (1,2,3 etc for each share) for NFS4
  • User Access:
    ☒ Treat remote root user as local root (reduces security, but needed if home directories are mounted)
  • or alternatively you can edit the files by hand:
    • note that the second line is for a filesystem that is mounted under the first and must be ‘unhidden’
vi /etc/exports
/home           192.168.1.0/24(rw,sync,no_subtree_check,fsid=0)
/home/submount  192.168.1.0/24(rw,sync,no_subtree_check,nohide)

exportfs -a #or service nfs reload ?

Install Client

apt-get install -y nfs-common
echo '192.168.4.120  sv  sv.isnew.org' >> /etc/hosts
//sudo apt-get install sysv-rc-conf //netfs not needed on Ubuntu
//sysv-rc-conf
  • Test with
mount -t nfs4 sv:/ /mnt
  • Add to fstab:
sv:/    /home  nfs4   soft,intr,rsize=8192,wsize=8192,nosuid

Make sure users on client have same uid/gid as on server

  • make sure to Change UMASK to 002 in /etc/login.defs (.bashrc will have no effect)
cat /etc/group # see what they are on the server
groupadd -g 504 office
groupadd -g 505 supervisor

#now add users
useradd -g 504 -u 503 -G 505 doug
passwd doug

#for exisiting users
usermod -g 504 -u 501 andrewf
usermod -G 505 andrewf

Troubleshooting permissions

  1. Make sure a FQDN is set up on the server
  2. Check /etc/idmapd.conf is configured with proper domain = cfaw.info
    • This must be the same on clients and servers
  3. As per serverfault.com/…nd-gids-match edit the file /etc/default/nfs-common and set
    NEED_IDMAPD= yes
  • restart CentOS server with: service portmap restart; service nfs restart

Here are some useful links: