We are a Linux shop with about 30 Macs to support. We have our Leopard and Snow Leopard systems set up with LDAP authentication and automounted NFSv3 home directories so our staff have the same login and file whether they use OS X or Ubuntu. The only issue we have is that with NFSv3, we can't use Firefox >= 4. That issue still exists in Lion.
Now that OS X supports NFSv4 in Lion, I decided to try that out. It failed rapidly. I am unable to open applications. When I log in with ssh, many commands related to file operations hang.
On Linux NFSv4 clients, you must set up a domain name for mapping usernames between the client and the server in /etc/idmpad.conf. Is there anything like that in Lion? Are there any other configuration setting I need to check?
I have also tried using the latest version of Netatalk, but after a while, Microsoft Word starts saying files are read only.
Updated information
We discovered that using async in NFSv3 solved our problem with Firefox. Unfortunately, async does not solve the problem with NFSv4.
That turned out to be a misunderstanding of the problem. async does not solve the problem for either NFSv3 or NFSv4.
Testing Method
We have a couple of test accounts in our LDAP server with autofs entries pointing to an NFSv4 server on Ubuntu. I test by logging in via the login window or by ssh. In the GUI, I try opening applications and editing text files. Via ssh, I try editing text files with vim.
For the NFS Manager suggestion, I used su to become one of those users and tried editing a file with vim.
Server Settings
This is the /etc/exports from my testing nfsv4 server. The settings are the same as the production NFSv3 servers.
/var/lib/nfs/v4root @utm(ro,fsid=0,root_squash,insecure,no_subtree_check,async) @admin(ro,fsid=0,no_root_squash,insecure,no_subtree_check,async)
/var/lib/nfs/v4root/d2/export/fac @utm(fsid=31,rw,async,root_squash,no_subtree_check,insecure) @admin(fsid=31,rw,async,no_root_squash,no_subtree_check,insecure)
/var/lib/nfs/v4root/d2/export/grad @utm(fsid=32,rw,async,root_squash,no_subtree_check,insecure) @admin(fsid=32,rw,async,no_root_squash,no_subtree_check,insecure)
/var/lib/nfs/v4root/d2/export/staff @utm(fsid=33,rw,async,root_squash,no_subtree_check,insecure) @admin(fsid=33,rw,async,no_root_squash,no_subtree_check,insecure)
/d2/export/fac @utm(fsid=41,rw,async,root_squash,no_subtree_check,insecure) @admin(fsid=41,rw,async,no_root_squash,no_subtree_check,insecure)
/d2/export/grad @utm(fsid=42,rw,async,root_squash,no_subtree_check,insecure) @admin(fsid=42,rw,async,no_root_squash,no_subtree_check,insecure)
/d2/export/staff @utm(fsid=43,rw,async,root_squash,no_subtree_check,insecure) @admin(fsid=43,rw,async,no_root_squash,no_subtree_check,insecure)
Client mount options
The clients use autofs in LDAP to mount the filesystem. The options follow:
intr,tcp,rw,vers=4,timeo=20
I have tried with just vers=4, but I get the same results.
Network
For this test, the client and the server are on different subnets. The traffic goes through 100 Mbps cisco switches with gigabit connections to the cisco route switch. Throughput tests show consistent 91 Mbps transfers with low .3 ms pings. This network has been appropriate for NFSv3 for many years.
Solution
Wait for 10.7.3. I am pleased to report that this was a bug in 10.7.2, and the 10.7.3 prerelease fixes it.