[NFS-Ganesha-Support] Re: Mounting NFS Ganesha shares on Win 10 and Mac OS

-----Original Message----- From: TomK [mailto:tomkcpr@mdevsys.com] Sent: Wednesday, March 4, 2020 3:43 PM To: support(a)lists.nfs-ganesha.org; Frank Filz <ffilzlnx(a)mindspring.com>; Kaleb S. KEITHLEY <kkeithle(a)redhat.com&gt; Subject: Mounting NFS Ganesha shares on Win 10 and Mac OS Hey All, Trying to find the best way to mount NFS Ganesha presented NFS paths on both Win 10 and Mac OS. I'm partially successful. Win 10: This laptop is not on AD. But I'm trying to mount the NFS share and access it via the AD user tom(a)mds.xyz. I can mount it this way: C:\Users\tom>mount -o nolock \\192.168.0.125\n M: M: is now successfully connected to \\192.168.0.125\n The command completed successfully. C:\Users\tom> However when I try to access /n/mds.xyz/tom, home folder of an AD user I of course get Permission denied. How do I specify an AD user from a client not on AD? Mac OS X (~2013) macOS High Sierra, 10.13.6: When trying to mount using: mount -t nfs -o resvport,rw 192.168.0.125:/n nfs I get a: mount_nfs can't mount /n from 192.168.0.125 onto /private/tmp/nfs: Permission denied I tested this to see where it's coming from and see that's it's sever generated. I turned off the server nfs ganesha and got a different error. Checking the logs on nfs-ganesha, I can see the client did reach the nfs-ganesha sever correcty. Just got permission denied. [ Ideal Situation ] How do I mount the NFS share ideally using my AD user from this Win 10 laptop and Mac OS X laptop, either of which is not on AD? I've a couple dozen machines and all work correcty with the home folders on this NFS share. NFS home folders between these kerberized machines wok well using the same NFS Ganesha. -- Thx, TK. [root@nfs03 ganesha]# cat /etc/ganesha/ganesha.conf ################################################### # # EXPORT # # To function, all that is required is an EXPORT # # Define the absolute minimal export # ################################################### # logging directives--be careful LOG { # Default_Log_Level is unknown token?? # Default_Log_Level = NIV_FULL_DEBUG; Components { # ALL = FULL_DEBUG; MEMLEAKS = FATAL; FSAL = DEBUG; NFSPROTO = FATAL; NFS_V4 = FULL_DEBUG; EXPORT = DEBUG; FILEHANDLE = FATAL; DISPATCH = DEBUG; CACHE_INODE = FULL_DEBUG; CACHE_INODE_LRU = FATAL; HASHTABLE = FATAL; HASHTABLE_CACHE = FATAL; DUPREQ = FATAL; INIT = DEBUG; MAIN = FATAL; IDMAPPER = FULL_DEBUG; NFS_READDIR = FULL_DEBUG; NFS_V4_LOCK = FULL_DEBUG; CONFIG = FULL_DEBUG; CLIENTID = FULL_DEBUG; SESSIONS = FATAL; PNFS = FATAL; RW_LOCK = FATAL; NLM = FATAL; RPC = FULL_DEBUG; NFS_CB = FATAL; THREAD = FATAL; NFS_V4_ACL = FULL_DEBUG; STATE = FULL_DEBUG; # 9P = FATAL; # 9P_DISPATCH = FATAL; FSAL_UP = FATAL; DBUS = FATAL; } Facility { name = FILE; destination = "/var/log/ganesha/ganesha-rgw.log"; enable = active; } } NFSv4 { Lease_Lifetime = 20 ; IdmapConf = "/etc/idmapd.conf" ; DomainName = "nix.mds.xyz" ; } NFS_KRB5 { PrincipalName = &quot;nfs/nfs03.nix.mds.xyz(a)NIX.MDS.XYZ&quot; ; KeytabPath = /etc/krb5.keytab ; Active_krb5 = YES ; } NFS_Core_Param { Bind_addr = 192.168.0.125; NFS_Port = 2049; MNT_Port = 20048; NLM_Port = 38468; Rquota_Port = 4501; } %include "/etc/ganesha/export.conf" # %include "/etc/ganesha/export-home.conf" [root@nfs03 ganesha]# cat /etc/ganesha/export.conf EXPORT { Export_Id = 1 ; # Export ID unique to each export Path = "/n"; # Path of the volume to be exported. Eg: "/test_volume" FSAL { name = GLUSTER; hostname = "nfs03.nix.mds.xyz"; # IP of one of the nodes in the trusted pool volume = "gv01"; # Volume name. Eg: "test_volume" } Access_type = RW; # Access permissions Squash = No_root_squash; # To enable/disable root squashing Disable_ACL = FALSE; # To enable/disable ACL Pseudo = "/n"; # NFSv4 pseudo path for this export. Eg: "/test_volume_pseudo" Protocols = "3", "4"; # "3", "4" NFS protocols supported Transports = "UDP", "TCP" ; # "UDP", "TCP" Transport protocols supported SecType = "sys","krb5","krb5i","krb5p"; # "sys","krb5","krb5i","krb5p"; # Security flavors supported } [root@nfs03 ganesha]# Attached logs of a Mac OS X session attempt to mount the NFS share. (above)