ONTAP support for NFSv4.2

Contributors

Beginning with ONTAP 9.8, the NFSv4.2 protocol is supported to allow access for NFSv4.2 clients.

NFSv4.2 is enabled by default in ONTAP 9.9.1 and later. In ONTAP 9.8, you can enable v4.2 by specifying the -v4.1 option and setting it to enabled when creating an NFS server on the storage virtual machine (SVM). Enabling NFSv4.1 also enables clients to use the NFSv4.1 features while mounted as v4.2.

The following NFSv4.2 optional features are supported:

  • Beginning with ONTAP 9.9.1, Mandatory Access Control (MAC) labelled NFS is supported when NFSv4.2 is enabled.

  • Additional NFSv4.2 optional features will be added in a later ONTAP release.

Enable NFS v4.2 security labels

Beginning with ONTAP 9.9.1, NFS security labels can be enabled. They are disabled by default.

With NFS v4.2 security labels, ONTAP NFS servers are Mandatory Access Control (MAC) aware, storing and retrieving sec_label attributes sent by clients.

For more information, see RFC7240

Note

NFS v4.2 security labels are not currently supported for NDMP dump operations. If security labels are encountered on files or directories, the dump fails.

Steps
  1. Change the privilege setting to advanced:

    set -privilege advanced

  2. Enable security labels:

    vserver nfs modify -vserver svm_name -v4.2-seclabel enabled