NFS Service
NFS service allows Linux clients to access data on this DiskStation device.
To enable NFS service:
- Go to Control Panel > File Services > SMB/AFP/NFS and tick Enable NFS.
- Click Apply.
Note:
- DiskStation currently supports NFSv2, NFSv3 and NFSv4.
- When mounting, the parameter -o vers=2, -o vers=3 or -o vers=4 can be added to the mount command in order to specify which NFS version should be used.
- The following shared folders do not allow access via NFS:
- Encrypted shared folders
- PetaSpace shared folders
- Shared folders using HFS, HFS Plus, and exFAT file systems
To configure Linux clients' access privileges to shared folders:
Go to Control Panel > Shared Folder. Select a shared folder and click Edit to manage NFS rules and regulate the access right to this shared folder for Linux clients.
Setting NFSv4 and NFSv4.1 Support
DiskStation supports NFSv2 and NFSv3 by default. You can decide if NFSv4 or NFSv4.1 should be enabled.
To enable NFSv4 or NFSv4.1 support:
- Tick Enable NFSv4 support or Enable NFSv4.1 support.
-
In the NFSv4 domain field, enter the name of the NFSv4 domain you want to use. This field is optional and can be left blank.
-
Click Apply.
Note:
When you use NFSv4 to mount the shared folder, please note the following. Otherwise, the file operations associated with the username will fail.
- NFS client must enable idmapd.
- NFSv4 domain settings in the idmapd.conf file on your NFS client must be consistent with the NFSv4 domain field on DiskStation.
NFSv4 will be enabled automatically if NFSv4.1 is enabled.
Multipathing
NFSv4.1 supports Multipathing. Clients can access an NFS server via multiple network connections at the same time. Multipathing increases the bandwidth and provides traffic failover to maintain network connection when the connection is down. For the time being, only VMware ESXi version 6.0 and above support NFSv4.1 clients. For more information about VMware NFSv4.1 support, please refer to the VMware document.
Note:
- Multipathing is only available on models that support NFSv4.1.
Advanced Settings
Applying default UNIX permissions
When Apply default UNIX permissions is checked, default UNIX permissions set in the Linux client are applied instead of Windows ACL permissions when uploading or creating files and folders. Applied permissions are the same as permissions applied by the UNIX command umask. The default umask value is 022.
Note:
- For Windows ACL enabled shared folders (all shares excluding "photo" and shares on external drives), please run the chmod command on your Linux or FTP client to change folder and file permission types from Windows ACL to UNIX.
- Enabling this option might cause inconsistent permission issues between different protocols. To avoid inconsistencies, we suggest leaving this option disabled.
Custom port
You can customize port numbers for statd and nlockmgr services.
- Select Customized ports.
- Enter port numbers in statd port and nlockmgr port.
-
Click Apply.
Note:
- If you would like to use NFSv3 services, go to Control Panel > Security > Firewall and create a firewall rule that enables "Mac/Linux file server" from the list of built-in applications.
Setting Read/Write Packet Size
When the read/write packet size cannot be set on your NFS client, you can specify the default value in this field.
- Select the desired packet size from the Read packet size and Write packet size fields.
-
Click Apply.
-
Remount the share.
Note:
- After changing the read/write packet size, the shared folder must be remounted before the new settings can take effect.
- These settings only affect NFS clients who connect via UDP (User Datagram Protocol).
Kerberos Settings
Kerberos is a network authentication protocol. It allows clients and servers communicating over a non-secure network to authenticate and prove their identities to each other in a secure manner. DiskStation provides options to import an existing Kerberos key. Once imported successfully, NFS clients can use the Kerberos authentication protocol to connect to the DiskStation.
To import a Kerberos key:
- Click Kerberos Settings.
- Click the Import button.
- Choose the Kerberos key you want to import.
- Click OK.
Kerberos ID Mapping
You can map individual Kerberos principals to local DSM user accounts.
To map Kerberos principals and local user accounts:
- Click Kerberos Settings.
- Go to the ID Mapping tab.
- Click the Add button. Select one of the following.
- ID Mapping: Enter the Kerberos principal and the local user account to which it should be mapped.
- Suggested Mapping List: This option displays a list of suggested Kerberos principal/local user mapping options that are generated by the system.
Note:
- Kerberos is only available on models with internal hard drives.
- If you want to map an NFS client who connects through Kerberos to an existing Domain/LDAP user account, make sure you've joined the directory service. In addition, the directory server must have an attribute that includes the corresponding Kerberos principal.
- Domain User: The format for the corresponding attribute should be userPrincipalName.
- LDAP User: The format for the corresponding attribute should be GSSAuthName.
- If the user cannot be successfully mapped to a local user or domain/LDAP user, then the user shall be mapped to "guest."
- Mapped priority is as follows: Local user > Domain/LDAP user > Guest.
- If you want to modify the access permissions of NFS clients, please use Windows Access Control List (ACL). The privileges options located at Control Panel > User are not applicable for NFS clients.