How To
Summary
EXPORT NFS SHARE FROM SERVER VIA NFSv4 AND MOUNT IT IN NFS CLIENT.
Objective
Steps
NFSv4 server setup
Set up domain name for nfsv4:
NFSv4 is the "domain" concept. Before NFSv4, it will allow access to a file based on the user id, it will first check to see if the NFS domains are the same between the client and server. If the configured domains differ between client and server, NFS will deny access. Here “test.com” is a example as domain name.
The chnfsdom command changes the local NFS domain of the system. The local NFS domain is stored in the /etc/nfs/local_domain file. If no argument is specified, the command displays the current local NFS domain.
Ex: #chnfsdom test.com
Or we can use smitty tool to create local NFS domain.
#smitty chnfsdom
Configure NFS Local Domain > Change NFS Local Domain > NFS Local Domain [test.com]
Check the domain name for nfsv4 server and you can change the domain name by "Change NFS Local Domain" option.
Note : The NFS server and client domain name should be the same.
Check nfsv4 domain name in nfs server by "chnfsdom" command:
# chnfsdom
Current local domain: test.com
Start the nfs daemons that are required for nfsv4 at nfs server side”
# startsrc -s nfsd # Services client requests for file system operations.
# startsrc -s nfsrgyd # Services translation requests between names and ids from servers and clients using NFS V4
Note: If no nfsv4 doamin is defined (chnfsdom shows no output) nfsrgyd will not start.
Check the required daemons are in active state:
Daemons which are in “inoperative” state are not required for nfsv4.
# lssrc -g nfs
Subsystem Group PID Status
nfsrgyd nfs 3866830 active
nfsd nfs 3735726 active
rpc.mountd nfs inoperative
biod nfs inoperative
gssd nfs inoperative
rpc.lockd nfs inoperative
rpc.statd nfs inoperative
Below is the example how to create nfs share by using “mknfsexp” command where:
-d specifies the directory that is to be or changed
-t specifies weather the directory is read-write, read-only, or read-mostly
-r specifies root users on the specifies hosts access to the directory
-v specifies nfs version. Valid values are 2, 3, or 4.
-c gives mount access to each of the clients listed. A client can either be a host or a netgroup. The default is to allow all hosts access.
#mknfsexp -d /Tech/test1 -S sys -v 4 -t rw -r 10.1.199.35 -c 10.1.199.35
Note: Please check mknfsexp command for more details.
You can also use the smitty tool to create nfs share by running ‘smitty nfs’ command. In the ‘Pathname of directory to export’ field add the directory that you want to export. In this example we are exporting "/Tech/test1".
The ‘Allow access by NFS versions’ field should be 4 for nfsv4.
In the field ‘Hosts & netgroups allowed client access’ and in ‘Hosts allowed root access’ add nfs client names or client ip.
#smitty nfs
Add a Directory to Exports List
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* Pathname of directory to export [/Tech/test1]
Allow access by NFS versions [4] <= Version
* Security method 1 [sys,krb5p,krb5i,krb5,dh] method +
* Mode to export directory read/write +
Hostname list. If exported read-mostly []
Hosts & netgroups allowed client access [x.xx.199.35] <= Client name or ip
Hosts allowed root access [x.xx.199.35] <= Client name or ip
The “/etc/exports” file contains an entry for each directory that can be exported to NFS clients. This file is read automatically by the “exportfs” command. If you change this file, you must run the “exportfs” command to update the export list.
Check /etc/exports file to see "/Tech/test1" has been created and ready to export.
# cat /etc/exports
/Tech/test1 -vers=4,sec=sys:krb5p:krb5i:krb5:dh,rw,access=10.1.199.35,root=10.1.199.35
Exportfs command can export and un-export directories to NFS clients. To export “/Tech/test1” to "10.1.199.35" use "exportfs -a"command.
# exportfs
/Tech/test1 -vers=4,sec=sys:krb5p:krb5i:krb5:dh,rw,access=10.1.199.35,root=10.1.199.35
Now "/Tech/test1" has exported and the nfs client "10.1.199.35" and you will be able to mount it.
NFSv4 client mount setup
Create a mount point in NFS client to mount the exported nfs share from nfs server. For this example, we'll use the name “tech_test_doc” as the mount point name.
#mkdir /tech_test_doc
Configure the nfsv4 domain in nfsv4 client:
#chnfsdom test.com
Or we can create domain by using smitty .
#smitty chnfsdom
Configure NFS Local Domain > Change NFS Local Domain > NFS Local Domain [test.com]
Check the nfsv4 domain name:
# chnfsdom
test.com
Start "nfsrgyd" daemon which does services translation requests between user/group names and ids from servers and clients using NFS V4. NFSv4 is String based and not ID based.
NFSv2 and NFSv3 protocol has been limited to the use of the UNIX-centric user identification mechanism of numeric user id (uid and gid). However, for NFS to move beyond the limits of large work groups, the NFS v4 protocol changed the user identification to be string based.
# startsrc -s nfsrgyd
Check the "nfsrgyd" daemon is active:
# lssrc -g nfs
Subsystem Group PID Status
nfsrgyd nfs 8323238 active
biod nfs inoperative
nfsd nfs inoperative
rpc.mountd nfs inoperative
gssd nfs inoperative
rpc.lockd nfs inoperative
rpc.statd nfs inoperative
Use mount command to mount "/Tech/test1" from nfs server on "/tech_test_doc" in nfs client:
mount -o vers=4 10.99.4.26:/Tech/test1 /tech_test_doc
Check if NFSV4 "/Tech/test1" has mounted now in NFS client.
# mount | grep nfs
10.99.4.26 /Tech/test1 /tech_test_doc nfs4 29 May 04:33 vers=4
Additional Information
If additional assistance is required after completing all of the instructions provided in this document, please follow the step-by-step instructions below to contact IBM to open a case for software under warranty or with an active and valid support contract. The technical support specialist assigned to your case will confirm that you have completed these steps.
a. Document and/or take screen shots of all symptoms, errors, and/or messages that might have occurred
b. Capture any logs or data relevant to the situation.
c. Contact IBM to open a case:
-For electronic support, please visit the IBM Support Community:
https://www.ibm.com/mysupport
-If you require telephone support, please visit the web page:
https://www.ibm.com/planetwide/
d. Provide a good description of your issue and reference this technote
e. Upload all of the details and data to your case
-You can attach files to your case in the IBM Support Community
-Or Upload data to IBM testcase server analysis:
http://www.ibm.com/support/docview.wss?uid=ibm10733581
Related Information
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
23 July 2020
UID
ibm10886087