Comment on [deleted]
2xsaiko@discuss.tchncs.de 3 days ago
Please just use Kerberos instead of fiddling with uids. It’s the only sane way to get NFS access controls and user mapping. Works on both Linux and macOS (but there’s no NFS on Windows anyway).
I’d say you can run the Kerberos KDC on the NAS but if Synology has some locked down special OS you’ll need another machine for that.
Unfortunately SMB is so screwed that you can’t reuse ordinary Kerberos for authentication there, which is unfortunate if you want to have both that and NFS. I’ve yet to look into whether Samba AD can be used for both.
I would recommend an LDAP sever for user Auth.
There you can create/authenticate user with a central repo in a machine independent fashion. Also having the possibility to allow /egate specific services from the central database is a big plus.
It seems difficult at the very beginning but it quickly pays off. Give it a try
vividspecter@lemm.ee 3 days ago
There is, although only the client and only v3 support.
2xsaiko@discuss.tchncs.de 3 days ago
True. I knew I should have left that as “NFS 4” because someone would comment this. From what I’ve read (never used it), NFS 3 is very different to 4 and also just kind of not worth using, especially just for Windows, since it has no security at all.
vividspecter@lemm.ee 3 days ago
It’s enough if you just need access in a VM or over a lan (depending on your threat model) but agreed.