Using NFS instead of Samba for Mac homes

SirTux · February 8, 2018, 9:44pm

Is NFS enabled for the Home-share?

cat /etc/exports

sccmrb · February 8, 2018, 9:46pm

Yes

cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
#               to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
#
"/users" -ro,no_root_squash,async,no_subtree_check * # LDAP:cn=users,cn=shares,dc=skaggscatholiccenter,dc=org

SirTux · February 8, 2018, 9:49pm

Readonly and async aren’t good options for a home share.

sccmrb · February 9, 2018, 3:26pm

That’s just the root directory of the share. The homes inside obviously are not affected and have the proper permissions for the users currently mounting them over SMB.

SirTux · February 9, 2018, 3:33pm

AFAIK you want to use NFS for the home share, so it should be writable. But there is only a read-only NFS export of /users, so it isn’t writable. NFS export options have priority over file system permissions.

EDIT: Btw. I haven’t looked in the code of the UMC, but it makes totally sense for me filtering out read-only shares.

sccmrb · February 9, 2018, 3:48pm

Well according to the UMC NFS write access is checked.

SirTux · February 9, 2018, 3:59pm

Then you should check the listener:
https://help.univention.com/t/troubleshooting-listener-notifier/6430

Relevant for the NFS-server is not the LDAP but the /etc/exports. You should also post the output of

univention-ldapsearch cn=users

sccmrb · February 9, 2018, 4:02pm

I can make changes to the custom options area for NFS and they show up within seconds so it seems like that is already working.

sccmrb · February 9, 2018, 4:04pm

Ok the exports file on the other server where the random share is showing up does have rw in it’s exports. So the question is why the main home server refuses to show rw and is instead stuck with ro.

SirTux · February 9, 2018, 4:07pm

Then you’re probably modifying the wrong LDAP object. They are only valid for one server. Please post the output of the command written above.

sccmrb · February 9, 2018, 4:12pm

Figured it out. If I toggle off NFS support and save in the share and then toggle it back on and save. Then enable NFS write access and save it enables it in the exports file for the share. Problem is it’s still creating a local home folder instead of using the NFS share.

SirTux · February 9, 2018, 4:18pm

I don’t have a mac, but think you have to configure autofs.

sccmrb · February 15, 2018, 3:17pm

I was able to create the automounts with the app “NFS Manager” which actually puts them into the Mac’s local Open Directory which is preferred over previous methods.

And after doing that I was able to correctly set the home folder in UCM.

https://www.bresink.com/osx/NFSManager.html