nfs - bunnyamin/bunnix GitHub Wiki

NFS (Network File System)

Version supported by server and client

  • cat /proc/fs/nfsd/versions -> -2 +3 +4 +4.1 +4.2.
  • rpcinfo -p localhost -> lists program, vers, proto, port, service.

Source

Reference Comment
RFC7530 (Network File System (NFS) Version 4 Protocol, 201503, PROPOSED STANDARD) Updated by RFC7931
RFC5661 (Network File System (NFS) Version 4 Minor Version 1 Protocol, 201001, PROPOSED STANDARD) Updated by RFC8178
RFC7862 (Network File System (NFS) Version 4 Minor Version 2 Protocol, 201001, PROPOSED STANDARD) Updated by RFC8178 -- which refers back to RFC5661.

Client

Mount remote point # mount -t nfs4 <SERVER IP>:/<SOURCE PATH> <TARGET PATH>.

Server

Configuration

exports

  1. Add path to directories to share in /etc/exports.
  2. Enable systemctl status nfs-server.
  3. Ensure port 2049 is open for NFS server.
    # exportfs -v
    /srv        <IP/CIDR>(rw,sync,wdelay,hide,no_subtree_check,sec=sys,secure,no_root_squash,no_all_squash,fsid=0)
    /srv/dir_1  <IP/CIDR>(rw,sync,wdelay,hide,no_subtree_check,sec=sys,secure,no_root_squash,no_all_squash)
    /srv/dir_2  <IP/CIDR>(rw,sync,wdelay,hide,no_subtree_check,sec=sys,secure,no_root_squash,no_all_squash)

    $ showmount -e <IP>
    Export list for <IP>:
    /srv/os_y              <IP/CIDR>
    /srv/os_x              <IP/CIDR>
    /srv                   <IP/CIDR>

Debug

  • Verify that the paths are being exported exportfs -v.
  • Verify open ports rpcinfo -p.
  • Verify that the server port is open nc -vz <ip> 2049 or ss -aln.
  • Verify domain on client and server nfsidmap -d, however, not necessary if idmapping is disabled.
  • Boot up another technical environment that has showmount and other necessary programs installed. For example, the installed client or an OS on USB.
    • Verify that the paths are being exported and are reachable from remote computer showmount -e <SERVER IP>.
    • Verify that the share can be mounted mount.nfs4 -v <SERVER IP>:/path /mnt.
    • Verify that the client has established a connection to the server ss -alp | grep :nfs or ss -ntp | grep 2049.
    • If error Network is unreachable, ensure that the network devices are up, NFTables allows connection to the NFS port, and the client IP is assigned in /etc/exports and server IP is assigned as mount address.
    • If error No such file or directory, ensure that the export paths are correctly requested.

idmapd

Configuration file idmapd.conf.

Enable or disable

Disable if running AUTH_UNIX (AUTH_SYS), or enable if running other security than sec=sys, for example Kerberos.

role modprobe.d kernel parameter verify
server /etc/modprobe.d/nfsd.conf options nfsd.nfs4_disable_idmapping=<0, 1> cat /sys/module/nfsd/parameters/nfs4_disable_idmapping -> <N, Y, "No such file or directory">
client /etc/modprobe.d/nfs.conf options nfs.nfs4_disable_idmapping=<0, 1> cat /sys/module/nfs/parameters/nfs4_disable_idmapping -> <N, Y, "No such file or directory">

Debug

archlinux netboot diskless node/system, systemd on NFS (v4) fails, rpc.idmapd -- user212827 -- asked Dec 8 at 16:21

Show all NFS shares: nmap -p 2049 <SERVER IP>

Test Example
What is communicated between the server and client? Run rpc.idmapd -fvvv on a separate tty to capture to the foreground in the terminal all communications from a client with the server rpc.idmapd.
Has the client establish a connection to the server? ss -ntp | grep 2049
What are all the keys currently in the keyring used to cache ID mapping results? # nfsidmap -l -> nfsidmap: '.id_resolver' keyring was not found.
What directories are exported? # showmount -e 192.168.0.101 -> Export list for 192.168.0.101: ...
What is the UID for username? $ id -u root -> 0
What is the username for UID? $ id -un 0 -> root or getent passwd 0 -> root:x:0:0:root:/root:/bin/bash
What is the system's effective NFSv4 domain name? # nfsidmap -d -> localdomain

Error, problem, troubleshooting

Error Cause Remedy
exportfs[1092]: exportfs: Failed to resolve [hostname] Add hostname to /etc/hosts, for example, 192.168.1.2 localhost.localdomain hostname.
Failed to start GSSAPI Proxy Daemon. Define /etc/idmapd.conf.
mount.nfs: Protocol not supported Attempting to mount NFS exports in the path of the NFS root, for example, if export "/srv" and export "/srv/x" then mount <IP>:/srv/x. Mount the relative path mount <IP>:/x.
NFS4ERR_BADOWNER (Error Code 10039) This error is returned when an owner or owner_group attribute value or the who field of an ACE within an ACL attribute value cannot be translated to a local representation. RFC7530, RFC5661, RFC7862.
NFS4ERR_SYMLINK (Error Code 10029) The current filehandle designates a symbolic link when the current operation does not allow a symbolic link as the target. RFC7530, RFC5661, RFC7862.
NFS4ERR_NOENT (Error Code 2) This indicates no such file or directory. The file system object referenced by the name specified does not exist. The error could be expected. The current filehandle is assumed to refer to a regular directory a named attribute directory. LOOKUPP assigns the filehandle for its parent directory to be the current filehandle. If there is no parent directory, an NFS4ERR_NOENT error must be returned. Therefore, NFS4ERR_NOENT will be returned by the server when the current filehandle is at the root or top of the server's file tree. RFC7530, RFC5661, RFC7862.
rpc.idmapd: Skipping configuration file "/etc/idmapd.conf": No such file or directory. Define /etc/idmapd.conf.
clnt_create: RPC: Program not registered Reboot.
nss_getpwnam: name '0' does not map into domain 'localdomain' Disable idmapping.
name_lookup: nfs4_uid_to_name: for 4294967294 failed: Unknown error -2
name_lookup: nfs4_gid_to_name: for 4294967294 failed: Unknown error -2 		Disable idmapping.
Failed to mount Huge Page File System.
Failed to mount POSIX Message Queue File System.
Failed to mount Kernel Debug File System.
Failed to mount Kernel Trace File System.
Failed to mount Temporary Directory (/tmp).
Failed to mount Kernel Configuration File System.
Failed to start Remount Root and Kernel Files Systems.
 Disable idmapping.

Enable and disable RPC debugging.

rpcdebug -m rpc  -s all   # Set all debug flags for RPC.
rpcdebug -m nfsd -s all   # Set all debug flags for NFS Server.
rpcdebug -m nfs  -s all   # Set all debug flags for NFS client.

rpcdebug -m rpc  -c all   # Clear all debug flags for PRC.
rpcdebug -m nfsd -c all   # Clear all debug flags for NFS Server.
rpcdebug -m nfs  -c all   # Clear all debug flags for NFS client.

Use journalctl -f to view log.

Capture and output error:

  • rpc.mountd -d all -F
  • rpc.nfsd -d

rpc.idmapd -fvvv

Error Cause Remedy
nss_getpwnam: name '0' does not map into domain
nss_getpwnam: name '[email protected]' does not map into domain 'localdomain' The username is known to the client but not known to the server, or the idmapd domain name is set differently on the client than it is on the server. Ensure that username and /etc/idmapd.conf Domain = are the same on server and client.
nss_getpwnam: name '[email protected]' does not map into domain 'localdomain' The username is known to the client but not known to the server, or the idmapd domain name is set differently on the client than it is on the server. Disable idmapping.
rpc.idmapd: nss_getpwnam: name '0' domain 'localdomain': resulting localname '(null)' The DNS is not set or is returning NULL, or the /etc/idmapd.conf Domain = variable is not set.
Server : (group) id "190" -> name "nobody" The idmapping domain is not the same for the server and client.

tcpdump -i enp0s0 port 2049 -vv

Error Cause Remedy
Err 20 Auth bogus credentials (seal broken) Disable idmapping.

[back to top]

⚠️ **GitHub.com Fallback** ⚠️