[CentOS] Unable to mount Centos 5.6 Server via nfs4 - Operation Not Permitted - MADNESS!

Fri Jun 3 09:23:13 UTC 2011
Ljubomir Ljubojevic <office at plnet.rs>

RILINDO FOSTER wrote:
> I did that. It didn't help. :(
> 
> 
> On Jun 2, 2011, at 6:07 PM, Tom H wrote:
> 
>> On Thu, Jun 2, 2011 at 2:01 PM, RILINDO FOSTER <rilindo at me.com> wrote:
>>> On Jun 2, 2011, at 11:56 AM, Tom H wrote:
>>>> I was asking about "Domain" in "idmapd.conf" because there might be a
>>>> difference between CentOS 5 and SL 6.
>>> It is actually commented out in SL6.
>> There you go. Comment it out on CentOS and restart idmapd - and cross
>> your fingers.

As far as I know, that needs to be there. And hostname must be 
recognizable via DNS by NFS server. If NFS server can not verify your 
fqdn (hostname + domain from /etc/idmapd.conf) server will deny your 
requests. NFS via ssh is one of the options.

Here are my notes on NFS4 for CentOS:

NFS4 on CentOS 5.x:


SERVER SIDE:

• Create /nfs4exports with subfolders:
extra and home.
•  In /etc/fstab put :
/extra		/nfs4exports/extra      bind    bind            0 0
/home           /nfs4exports/home     bind    bind            0 0

• A u /etc/exports staviti:
/nfs4exports 
A.B.C.D/255.255.255.W(rw,fsid=0,sync,no_root_squash,no_subtree_check)
/nfs4exports/extra 
A.B.C.D/255.255.255.W(rw,no_subtree_check,nohide,sync,no_root_squash)
/nfs4exports/home 
A.B.C.D/255.255.255.W(rw,no_subtree_check,nohide,sync,no_root_squash)


• In /etc/sysconfig/nfs put:
LOCKD_TCPPORT=32803
# UDP port rpc.lockd should listen on.
LOCKD_UDPPORT=32769
RPCNFSDARGS="-N 2 -N 3"
MOUNTD_PORT=892
STATD_PORT=662
# Outgoing port statd should used. The default is port
# is random
STATD_OUTGOING_PORT=2020
# Specify callout program

Never remove root squashing, it lowers root to nfsnobody level. There is 
also an all_squash option.

/etc/idmapd.conf:
[General]

Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = <domaninname, mydomain.com>

[Mapping]

Nobody-User = drlove73
Nobody-Group = drlove73

[Translation]
Method = nsswitch

idmapd.conf must be the same on the client


CLIENT SIDE - autofs:

/etc/auto.<servername>:
/autofsmounts/<servername>  /etc/auto.<servername> --timeout=10

/etc/auto.<servername>:
extra	-fstype=nfs4,rw,proto=tcp	<server IP or fqdn>:/extra
home	-fstype=nfs4,rw,proto=tcp	<server IP or fqdn>:/home

/etc/idmapd.conf:
[General]

Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = <domaninname, mydomain.com>

[Mapping]

Nobody-User = drlove73
Nobody-Group = drlove73

[Translation]
Method = nsswitch

Create /autofsmounts/vmaster

test : showmount -e <ipaddress or fqdn>


Create /vmaster and, once they show, create inside symlinks from :
  /autofsmounts/vmaster/extra
  /autofsmounts/vmaster/home

Ljubomir