Synology NFSv4 with id mapping

Posted by Markus Birth on Friday, January 5. 2018

Disclaimer: ID mapping without a Kerberos server only works halfway with NFSv4, it seems. I managed to get the correct usernames to show up on my client when listing files, but creating new files always creates them as user nobody because the Synology doesn't map anything in that case. [This bug report][1] and the [linked thread][2] suggest this is normal behaviour of idmapd when not using Kerberos for some reason. (EDIT: [More detailed explanation.][3])

However, what I did:

First, you have to enable idmapping after loading the NFS service. For that, you have to edit the file /usr/syno/etc/rc.sysv/S83nfsd.sh on the Synology. Find the line

SYNOLoadModules $KERNELMODULE

and add the following line after that:

echo "N" > /sys/module/nfsd/parameters/nfs4_disable_idmapping

Then, still on the Synology, edit the /etc/idmap.conf and set the Domain to your ITET-PHO if not already set. Disable NFS, apply and re-enable (+apply) it afterwards in the Synology's control centre to reload nfds.

On your client machine, create a file /etc/modprobe.d/nfs-idmap.conf with the following contents:

options nfs nfs4_disable_idmapping=0
options nfsd nfs4_disable_idmapping=0

Reload the nfs kernel module afterwards to apply the options.

Also make sure, idmapd is running on your client. (On Ubuntu artful, I had to run sudo systemctl start nfs-idmapd manually, I think.) And, of course, use nfsvers=4 as a mount option.

(On the Synology, you can killall idmapd and run it in foreground using idmapd -f -vvv to see if it's doing anything.)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as Linear | Threaded

John Ruiz on Monday, January 20. 2020:

Thanks for writing this up; it's exactly what I was looking for. After a reboot, however, the value of /sys/modules/nfs/parameters/nfs4_disable_idmapping is still Y. Do you suppose something has changed and now there's a new place where that echo command should be run?

Markus Birth on Monday, January 20. 2020:

Either that or the module loading takes a second and the parameter is not yet available when the echo runs. You could experiment with e.g. a sleep 2 between SYNOLoadModules and the echo.

Add Comment

Name

Homepage

Comment

In reply to

Markdown format allowed

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enter the string from the spam-prevention image above:

Form options

Remember Information?

Subscribe to this entry