[clug] NFSv4 "Invalid argument"

George at Clug Clug at goproject.info
Mon Oct 13 20:55:34 MDT 2014

    _Maybe after a few more weeks of working on NFS I will understand
it better._

_Below I attempt to answer to some of the questions that people asked
me; _

_I am using OpenFiler v2.99 as the NFS server, so I am limited as to
personally modifying the NFS server side._

Searching from the URLs that people indicated, I found the below
comment which describes why I am researching NFS. I 
have built a Debian Wheezy kvm virt-manager hypervisor server and
wanted to mount the images from an NFS share 
(OpenFiler) by "mount -t nfs  -v

"Before I specified a domain on my servers, files created on the NFS
shares had ownership nobody.nobody, regardless of 
what user created it (even root). This ownership issue was affecting
the creation of VM images on the NFS share, which 
was fixed after I specified a domain in /etc/idmapd.conf. My VM images
now have ownership qemu.qemu, as it should be."

"If creating an NFSv4 share in a RHEL 6 server, be sure to edit
/etc/idmapd.conf and define a domain name on the NFS 
server and the KVM hosts (NFS clients) in the [General] section
towards the top of the file. The domain name, which 
can be the same as your DNS domain, should be the same on all servers:
Domain = yourdomain.com
For this change to take effect, restart the rpcidmapd service:
# service rpcidmapd restart"


As to your question, try to adopt the following configuration. This is
the content of /etc/idmapd.conf on both the 
server and the clients:

=== /etc/idmapd.conf ===
 Domain = example.org

 Nobody-User = nobody
 Nobody-Group = nobody

 Method = nsswitch
 === cut here ===

The key is to keep the value “Domain” in sync on the server and on
the clients. It is not a domain in the DNS sense, 
it is what used to be called the “realm” in Kerberos IV. Well,
actually the whole idmapd configuration should be 
consistent on the server and the clients.

You don’t have to have anything fancy in your /etc/nsswitch.conf,
the usual local-only configuration (mostly “files”) 
is perfectly OK.


Martin is right. It works just by setting up those lines. There is one
more thing you need to change is to start 
idmapd service. By default is disabled in /etc/default/nfs-common file



Prior to this update, it was not possible to statically map usernames
to NFSv4 file systems. This update adds the 

feature and the user can configure the static mapping in the
/etc/idmapd.conf file. 



    It's important that /export and /export/users have 777
permissions as we will be accessing the NFS share from the 
client without LDAP/NIS authentication. This will not apply if using
authentication (see below). Now mount the real 

users directory with:

    # mount --bind /home/users /export/users

    To save us from retyping this after every reboot we add the
following line to /etc/fstab
    /home/users    /export/users   none    bind  0  0

There are three configuration files that relate to an NFS server:
/etc/default/nfs-kernel-server, /etc/default/nfs-
common and /etc/exports.

    The only important option in /etc/default/nfs-kernel-server for
now is NEED_SVCGSSD. It is set to "no" by default, 
which is fine, because we are not activating NFSv4 security this time.

In order for the ID names to be automatically mapped, both the client
and server require the /etc/idmapd.conf file to 
have the same contents with the correct domain names. Furthermore,
this file should have the following lines in the 

Mapping section:


    Nobody-User = nobody
    Nobody-Group = nogroup

    However, the client may have different requirements for the
Nobody-User and Nobody-Group. For example on RedHat 

variants, it's nfsnobody for both. cat /etc/passwd and cat /etc/group
should show the "nobody" accounts. 

This way, server and client do not need the users to share same


Example 11.23. The /etc/default/nfs-common file
# Do you want to start the idmapd daemon? It is only needed for NFSv4.

More information about the linux mailing list