Problem/Justification
I am switching to Kerberos (FreeIPA) for user auth in my lab. I have multiple domains that I support with a single Kerberos realm. I ran into issues with ID mapping and tracked it down to an NFSv4 domain mismatch. My TrueNAS was using its domain name in uid > name mappings, which the NFS client couldn’t map back to a UID. My solution was to add the line nfsuserd_flags="-domain lab.leaf"
to the /etc/rc.conf.freenas
file and then restarting nfsuserd. The change has remained through several reboots, but my concern is that any upgrade could remove it.
Impact
The default state of the nfsuserd options would be that none of the options are enabled, mimicking how it works now, so most users should be unaffected. Advanced users with specific requirements would be able to take advantage of the additional flexibility.
User Story
I’m not certain where this feature would be presented to the user, but the NFS service options seems the most likely place. The option I need also requires user input to specify the override domain name, but other options, like verbose, could be exposed as checkboxes.