4 NFSv4 support in Debian is rather new, and not fully supported yet. If you want
5 to experiment, make sure you have:
7 - a recent 2.6 kernel on both client and server; newer is better. You might even
8 want to use CITI's patch set from http://www.citi.umich.edu/projects/nfsv4/linux/
9 on the server, and/or Trond Myklebust's patch set from http://client.linux-nfs.org/ .
10 - a recent enough version of nfs-utils on both client and server (you probably
11 have on at least one of them, since you're reading this file!).
12 - enabled idmapd on both sides (see /etc/default/nfs-common).
13 - The following lines in /etc/services on the client (if not, you will receive
14 the message "broken /etc/services" when starting rpc.gssd; this will usually
15 only happen if you upgrade netbase without letting it replace /etc/services
16 with the new version):
18 nfs 2049/tcp # Network File System
19 nfs 2049/udp # Network File System
21 The export structure might be a bit confusing if you're already familiar with
22 NFSv2 or NFSv3. The biggest difference is that you will need to export an explicit
23 root of your pseudofilesystem, like this /etc/exports fragment:
25 /nfs4 hostname(rw,sync,fsid=0,crossmnt)
27 (It doesn't need to be named "nfs4".) Then you can mount other volumes under that,
30 /nfs4/music hostname(rw,sync)
31 /nfs4/movies hostname(rw,sync)
33 Then your client can mount shares like this:
35 mount -t nfs4 server:/music /mnt/music
37 Since you might not have everything under one root, you might want /nfs4/* on the
38 server to be bind mounts, ie.:
40 mount --bind /srv/music /nfs4/music
44 /srv/music /nfs4/music none bind 0 0
46 Note that this special export structure might be handled transparently by
47 rpc.mountd at some time in the future, in which case you will probably get the
48 traditional (NFSv3-style) behaviour if and only if you have no share with
51 If you do not wish to use host-based authentication, you can specify "gss/krb5"
52 instead of a hostname to get Kerberos-based authentication instead. For this,
53 you will need an "nfs/hostname@REALM" entry in /etc/krb5.keytab, as well as
54 rpc.gssd running on both client and rpc.svcgssd on the server (enable them
55 manually in /etc/default/nfs-common and /etc/default/nfs-kernel-server if the
58 If you use "gss/krb5i", you will also get integrity (ie. authentication), and
59 with "gss/krb5p", you'll also get privacy (ie. encryption). Make sure your
60 kernel supports this; not all kernels do.
62 -- Steinar H. Gunderson <sesse@debian.org>, Wed, 11 Oct 2006 15:18:03 +0200