X-Git-Url: https://git.decadent.org.uk/gitweb/?p=nfs-utils.git;a=blobdiff_plain;f=debian%2FREADME.Debian.nfsv4;h=25cb0e1dc6920933dd5059f0b9a19e0de1e5842f;hp=9d3adc8a5148428448911ddade6cf20cabcec1bd;hb=ad7dd95f8e6b93b2db436e3131ca42e4a623d306;hpb=f067460b9a6be8c0890f6c9bbdd5a2fbf940121b diff --git a/debian/README.Debian.nfsv4 b/debian/README.Debian.nfsv4 index 9d3adc8..25cb0e1 100644 --- a/debian/README.Debian.nfsv4 +++ b/debian/README.Debian.nfsv4 @@ -5,13 +5,18 @@ NFSv4 support in Debian is rather new, and not fully supported yet. If you want to experiment, make sure you have: - a recent 2.6 kernel on both client and server; newer is better. You might even - want to use CITI's patch set from http://www.citi.umich.edu/projects/nfsv4/linux/ . + want to use CITI's patch set from http://www.citi.umich.edu/projects/nfsv4/linux/ + on the server, and/or Trond Myklebust's patch set from http://client.linux-nfs.org/ . - a recent enough version of nfs-utils on both client and server (you probably have on at least one of them, since you're reading this file!). - - a patched mount, which will hopefully enter the archive soon at the time of - writing -- otherwise, you'll have to enable the patch in the Debian package - yourself and rebuild it. (It is not enabled by default, since the current version - of the patch breaks mounting against NFSv2-only servers, such as nfs-user-server.) + - enabled idmapd on both sides (see /etc/default/nfs-common). + - The following lines in /etc/services on the client (if not, you will receive + the message "broken /etc/services" when starting rpc.gssd; this will usually + only happen if you upgrade netbase without letting it replace /etc/services + with the new version): + + nfs 2049/tcp # Network File System + nfs 2049/udp # Network File System The export structure might be a bit confusing if you're already familiar with NFSv2 or NFSv3. The biggest difference is that you will need to export an explicit @@ -37,15 +42,21 @@ server to be bind mounts, ie.: or in /etc/fstab: /srv/music /nfs4/music none bind 0 0 - + +Note that this special export structure might be handled transparently by +rpc.mountd at some time in the future, in which case you will probably get the +traditional (NFSv3-style) behaviour if and only if you have no share with +fsid=0. + If you do not wish to use host-based authentication, you can specify "gss/krb5" instead of a hostname to get Kerberos-based authentication instead. For this, you will need an "nfs/hostname@REALM" entry in /etc/krb5.keytab, as well as -rpc.gssd running on both the client and the server (enable it manually in -/etc/default/nfs-common if the autodetection fails). +rpc.gssd running on both client and rpc.svcgssd on the server (enable them +manually in /etc/default/nfs-common and /etc/default/nfs-kernel-server if the +autodetection fails). If you use "gss/krb5i", you will also get integrity (ie. authentication), and -with "gss/krb5p", you'll also get privacy (ie. encryption). Make sure your +with "gss/krb5p", you'll also get privacy (ie. encryption). Make sure your kernel supports this; not all kernels do. - -- Steinar H. Gunderson , Wed, 05 Apr 2006 18:09:47 +0200 + -- Steinar H. Gunderson , Wed, 11 Oct 2006 15:18:03 +0200