Yeah, we really need it to be shared but it did seem to work when I briefly tried it. I’m cautiously optimistic.
As I said, I won’t be back in the office for a while, but it was something along the lines of:
- Join the client to the realm with
realmd
. - Allow TCP/UDP 111,2049 on server firewall. Other ports not needed for v4.
yum install nfs-utils
on both.- Add lines below to
/etc/exports
on server. Can possibly be simplified, needs further investigation. - Correctly set
domain
in/etc/idmapd.conf
on both. systemctl start nfs-idmap
on both.systemctl start nfs-server
on server.net -u administrator ads keytab add nfs
on server.systemctl start nfs-utils
on client.mount -t nfs4 -o sec=krb5p neth.example.com:/foo /mnt/foo
on client.
/etc/exports
/var/lib/nethserver/ibays *(rw,sec=sys:krb5:krb5i:krb5p,fsid=0)
/var/lib/nethserver/ibays/foo *(rw,sec=sys:krb5:krb5i:krb5p,fsid=1)
I now wonder whether idmap is actually needed when the client has joined the domain via sssd. A quick search just now reveals there is some crossover here. I’ll look into it.