ONTAP support for NFSv4.2
Beginning with ONTAP 9.8, ONTAP supports the NFSv4.2 protocol to allow access for NFSv4.2-enabled clients.
NFSv4.2 is enabled by default in ONTAP 9.9.1 and later. In ONTAP 9.8, need to manually enable v4.2 by specifying the -v4.1
option and setting it to enabled
when creating an NFS server on the storage virtual machine (SVM). Enabling NFSv4.1 also enables clients to use the NFSv4.1 features while mounted as v4.2.
Successive ONTAP releases expand support for NFSv4.2 optional features.
Beginning with… | NFSv4.2 optional features include … |
---|---|
ONTAP 9.12.1 |
|
ONTAP 9.9.1 |
Mandatory Access Control (MAC) labelled NFS |
NFS v4.2 security labels
Beginning with ONTAP 9.9.1, NFS security labels can be enabled. They are disabled by default.
With NFS v4.2 security labels, ONTAP NFS servers are Mandatory Access Control (MAC) aware, storing and retrieving sec_label attributes sent by clients.
For more information, see RFC 7240.
Beginning with ONTAP 9.12.1, NFS v4.2 security labels are supported for NDMP dump operations. If security labels are encountered on files or directories in earlier releases, the dump fails.
-
Change the privilege setting to advanced:
set -privilege advanced
-
Enable security labels:
vserver nfs modify -vserver <svm_name> -v4.2-seclabel enabled
NFS extended attributes
Beginning with ONTAP 9.12.1, NFS extended attributes (xattrs) are enabled by default.
Extended attributes are standard NFS attributes defined by RFC 8276 and enabled in modern NFS clients. They can be used to attach user-defined metadata to file system objects, and they are of interest in advanced security deployments.
NFS extended attributes are not currently supported for NDMP dump operations. If extended attributes are encountered on files or directories, the dump proceeds but does not back up the extended attributes on those files or directories.
If you need to disable extended attributes, use the vserver nfs modify -v4.2-xattrs disabled
command.