NFSv4 in Debian =============== NFSv4 support in Debian is rather new, and not fully supported yet. If you want to experiment, make sure you have: - a recent 2.6 kernel on both client and server; newer is better. You might even want to use CITI's patch set from http://www.citi.umich.edu/projects/nfsv4/linux/ . - a recent enough version of nfs-utils on both client and server (you probably have on at least one of them, since you're reading this file!). - a patched mount, which will hopefully enter the archive soon at the time of writing -- otherwise, you'll have to enable the patch in the Debian package yourself and rebuild it. (It is not enabled by default, since the current version of the patch breaks mounting against NFSv2-only servers, such as nfs-user-server.) The export structure might be a bit confusing if you're already familiar with NFSv2 or NFSv3. The biggest difference is that you will need to export an explicit root of your pseudofilesystem, like this /etc/exports fragment: /nfs4 hostname(rw,sync,fsid=0,crossmnt) (It doesn't need to be named "nfs4".) Then you can mount other volumes under that, like: /nfs4/music hostname(rw,sync) /nfs4/movies hostname(rw,sync) Then your client can mount shares like this: mount -t nfs4 server:/music /mnt/music Since you might not have everything under one root, you might want /nfs4/* on the server to be bind mounts, ie.: mount --bind /srv/music /nfs4/music or in /etc/fstab: /srv/music /nfs4/music none bind 0 0 If you do not wish to use host-based authentication, you can specify "gss/krb5" instead of a hostname to get Kerberos-based authentication instead. For this, you will need an "nfs/hostname@REALM" entry in /etc/krb5.keytab, as well as rpc.gssd running on the client (enable it manually in /etc/default/nfs-common) and rpc.svcgssd running on the server (it should be autodetected once you put Kerberos mounts in /etc/exports). If you use "gss/krb5i", you will also get integrity (ie. authentication), and with "gss/krb5p", you'll also get privacy (ie. encryption). Make sure your kernel supports this; not all kernels do. -- Steinar H. Gunderson , Wed, 05 Apr 2006 18:09:47 +0200