NFSv4 support in Dapper.

Lea Gris lea.gris at noiraude.net
Mon May 8 00:40:32 UTC 2006 

Hello,

I am working on centralizing authentification, homedirs, netork shares
and accounts on my home LAN.

Initial plans where:
Deploy
- Kerberos authentification
- NFSv4 network filesystem
- LDAP directory service.

Last week I'v set up a Kerberos kdc. I had to override libpam-krb5 with
debian version because of bug 39582:
<https://launchpad.net/distros/ubuntu/+source/libpam-krb5/+bug/39582>

So, now kerberos authentification work just fine, next stage is
providing authenticated mounted homedirs and network shares to users on
the LAN.

Currently I use NFSv3 but it seriously lack on the authentification
side. Anyone plugging a laptop at home can access the NFSv3 exported
homes. All he has to do is provide an authorized IP and corresponding
userID. NFSv3 is inappropriate in a desktop/laptop LAN environment.

So I turned to trying to setup NFSv4 with krb5 security.
Adding the missing mount points not configured with nfs packages :
proc            /proc           proc    defaults        0       0
rpc_pipefs      /var/lib/nfs/rpc_pipefs rpc_pipefs      defaults
0       0
nfsd    /proc/fs/nfsd   nfsd    defaults        0       0

Enabling the forgotten kernel module not enabled by installing nfs
packages either.
modprobe rpcsec_gss_krb5

Adding the corresponding princpal/keying from NFSv4 server to NFSv4 clients.

To discover I can't mount NFSv4 because there is no mount.nfs4 provided
with Dapper.
The general mount command can't mount nfs4 filesystem.
mount -t nfs4 -o sec=krb5 nfsserver.lan:/ /mnt/nfsv4
mount: wrong fs type, bad option, bad superblock on nfsserver.lan:/,
       missing codepage or other error
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

Digging with strace reveal a dead call to /sbin/mount.nfs4

stat64("/sbin/mount.nfs4", 0xbfd8015c)  = -1 ENOENT (No such file or
directory)
rt_sigprocmask(SIG_BLOCK, ~[TRAP SEGV RTMIN RT_1], NULL, 8) = 0
mount("nfsserver.lan:/", "/mnt/nfsv4", "nfs4",
MS_POSIXACL|MS_ACTIVE|MS_NOUSER|0xec0000, 0x805ac98) = -1 EINVAL
(Invalid argument)



Yes I know Dapper is beta, but I guess Breezy can't mont nfs4 either.

So what?

What network filesystem should I use instead of NFSv4 or is there any
hope NFSv4 will work when Dapper final comes out?

Regards.

-- 
     Léa Gris - http://www.noiraude.net/
()   Campagne du ruban texte brut contre les courriels en HTML,
/\   contre les pièces jointes dans un format propriétaire.

More information about the ubuntu-users mailing list