I have a Synology NAS which, among other things, hosts a shared drive. It’s exposed via SMB & NFS. When I mount the share as NFS on my linux machine, the user IDs don’t match and permissions are all messed up.
On my old NAS, I had it set up first so when I added users to the linux machine, I picked the user IDs so they’d match, but the Synology has a different starting ID and I don’t want to renumber my users on the client.
I’m trying to keep it simple, so I’d rather not delve into the rabbit hole of LDAP, AD or Kerberos. I was debating just mounting CIFS or SMB with a generic user, but that doesn’t feel right.
Has anybody done much with user mapping in NFS4? How well does it work? Is there a simple solution? I was hoping for a drop in replacement without a lot of time lost. What do you do on your system?
Specs: 4 users, 4 laptops, 1 Apple, 2 windows, 1 linux, 2 linux servers, 1 Synology NAS. 1 overworked admin.
Please just use Kerberos instead of fiddling with uids. It’s the only sane way to get NFS access controls and user mapping. Works on both Linux and macOS (but there’s no NFS on Windows anyway).
I’d say you can run the Kerberos KDC on the NAS but if Synology has some locked down special OS you’ll need another machine for that (edit: but you say you have other servers already so that shouldn’t be a problem).
Unfortunately SMB is so screwed that you can’t reuse ordinary Kerberos for authentication there, which is unfortunate if you want to have both that and NFS. I’ve yet to look into whether Samba AD can be used for both.
There is, although only the client and only v3 support.
True. I knew I should have left that as “NFS 4” because someone would comment this. From what I’ve read (never used it), NFS 3 is very different to 4 and also just kind of not worth using, especially just for Windows, since it has no security at all.
It’s enough if you just need access in a VM or over a lan (depending on your threat model) but agreed.