Peter_Sero
4 Beryllium

Re: How to configure NFSv4

Damal:

check out the Isilon "File Provider" for this, but be aware

that NFSv4 uses account and group *names* rather than the

numerics UIDs and GIDs. Additional confusion is created

by situation where a users are in differently named groups,

but with identical GID:

such as user root in group "root" (Linux, GID 0)

or in group "wheel" (Isilon, also GID 0).

0 Kudos
Peter_Sero
4 Beryllium

Re: How to configure NFSv4

> Do you see anything that could have caused the access denied error ?

Dynamox:

The (strange) point is that it fails already at the mounting stage...

> Is it even possible to use NFSv4 without Kerberos/LDAP authentication ?


Yes, this is what I did with ease (no Kerberos, just plain LDAP),

and assumed you would to the same,

as  you wrote you are using AUTH_SYS.


Are your cluster and/or your client configured with Kerberos?


I mean, it could be that with Kerberos active on one or on

both sides, the AUTH_SYS method might have... difficulties.


Again, I'd suggest to start with virtual/simulator nodes

as simple as possible; and then add features/complexity.

0 Kudos
dynamox
6 Thallium

Re: How to configure NFSv4

Peter,

i am using Isilon simulator and i have a brand new VM running RHEL 6.5.  This VM is not configured for LDAP, is that my issue ? Do i need to configure both Isilon and this VM to use LDAP ?

0 Kudos
Peter_Sero
4 Beryllium

Re: How to configure NFSv4

This is so weird.

Works for me with LDAP (both sides, our productions systems)

as well as right out of the box with minimal setup (fresh virtual stuff, no LDAP).

Haven't used that particular RHEL 6.5 version though.

"You're holding it wrong"

Even worse, the NFSv4 RFCs say somewhere, AUTH_SYS is not

required to work  (or whatever the exact wording is).

So maybe...? But you should be able to find at least some

combination of Isilon+client that works, and then maybe start

tracing the network packets from there.

0 Kudos
peglarr
2 Iron

Re: How to configure NFSv4

Folks,

The key difference in NFSv4 authentication - without LDAP or any other external auth source - is to match usernames.  Not UID/GID, but usernames.

So the first thing OneFS does is a user mapping - trying to match the supplied username.  For example, I also have virtual Isilon, connected to a Mac (10.9.3).  I have username 'rpeglar' defined on my Mac, so I defined a local user (system zone) named 'rpeglar' as well.

The second thing OneFS will do is ID mapping, which is not the same as user mapping.

Lastly, once ID mapping is complete, OneFS attempts to match the ID with the on-disk identity.  Out of the box, this is set to 'native' - but older clusters which have migrated from 6.5 or below have 'unix' set as the on-disk identity.

So, no, one does not need LDAP to perform NFSv4.  Assuming you have identical usernames, and have the ID and on-disk identity set correctly, it just works.

Cheers

Rob

0 Kudos
dynamox
6 Thallium

Re: How to configure NFSv4

Hello Rob,

so you created a local account on Isilon "rpeglar"  ? Did you modify permissions/owner on /ifs/<directory_being_exported>

Thank you

0 Kudos
peglarr
2 Iron

Re: How to configure NFSv4

Hi Sergey,

I did indeed create a local user named 'rpeglar'.  For the first test, I merely used the default export of /ifs, without any subdirectories.  Worked perfectly either v3 or v4 to my Mac logged in as 'rpeglar'.  Then I did subdirectories, with the appropriate permissions for user 'rpeglar'.  Again, worked perfectly.  Have not tried this with anything below 7.1, but 7.1 and above all worked as expected.

Cheers

Rob

0 Kudos
markfoster1
1 Nickel

Re: How to configure NFSv4

Dynamox, you really need to check EVERY path up the tree. Here's a script to do that, just provide the full path as an argument. i.e. perl pathcheck.pl /ifs/data/w2isilonpoc/nfs/sph

#!/usr/bin/perl -w

use strict;

my @fullpath = split("/", $ARGV[0]);
my $collector = "/";
while ($#fullpath > -1) {
my $p = shift(@fullpath);
next if ($p eq "");
$collector .= "$p/";
print `ls -led "$collector"`;
print '-' x 80;
}

0 Kudos
Peter_Sero
4 Beryllium

Re: How to configure NFSv4

> no firewalls, no typos ..NFSv4 gets disabled and mount the export without any issues. The path is different because in the first post because i changed in the post before i hit "Post",  i was too lazy to change it in the output from isi nfs exports list.


Seems the "All (sub)Dirs" export option doesn't work for NFSv4.

Which makes sense, given NFSv4's philosophy of a presenting a file system.

"All Dirs: Yes" shows up in your screenshot of the export options,

but this will not allow mounting any deeper path,

which you might have tried.


Ran across this myself today...

0 Kudos
Highlighted
MRWA
2 Iron

Re: How to configure NFSv4

Dynamox, did you get this working? If so I am really curious as to what was not correct.

0 Kudos