NFS

NFS service allows Linux clients to access data on this Synology NAS device. Synology NAS currently supports NFSv2, NFSv3, NFSv4, and NFSv4.1.

To enable NFS service:

  1. Go to Control Panel > File Services > NFS and tick Enable NFS service.
  2. Select NFSv3, NFSv4, or NFSv4.1 from the Maximum NFS protocol drop-down menu.
  3. Click Apply.

Limitations:

  • NFSv4.1 is only supported on specific Synology NAS models. It is not supported on models with the the following package architectures:
    • Alpine, Alpine4k, armada38x, Avoton, Braswell, Bromolow, Grantley, Monaco
  • If you select NFSv4 or NFSv4.1, you may click Advanced Settings and enter a custom domain name in the NFSv4 domain or NFSv4/4.1 domain field. This field is optional and can be left blank.
  • The following shared folders are not accessible via NFS:
    • PetaSpace shared folders
    • Shared folders using HFS Plus and exFAT file systems

Note:

  • When mounting, the parameter -o vers=2, -o vers=3 or -o vers=4 can be added to the mount command in order to specify which NFS version should be used.
  • When you use NFSv4 to mount the shared folder, please note the following. Otherwise, the file operations associated with the username will fail.
    • NFS client must enable idmapd.
    • NFSv4 domain settings in the idmapd.conf file on your NFS client must be consistent with the NFSv4 domain field on Synology NAS.

Multipathing

NFSv4.1 supports Multipathing. Clients can access an NFS server via multiple network connections at the same time. Multipathing increases the bandwidth and provides traffic failover to maintain network connection when the connection is down. For the time being, only VMware ESXi version 6.0 and above support NFSv4.1 clients. For more information about VMware NFSv4.1 support, please refer to the VMware document.

Note:

  • Multipathing is only available on models that support NFSv4.1.

To configure Linux clients' access privileges to shared folders:

Go to Control Panel > Shared Folder. Select a shared folder and click Edit to manage NFS rules and regulate the access right to this shared folder for Linux clients.

Advanced Settings

Applying default UNIX permissions

When Apply default UNIX permissions is checked, default UNIX permissions set in the Linux client are applied instead of Windows ACL permissions when uploading or creating files and folders. Applied permissions are the same as permissions applied by the UNIX command umask. The default umask value is 022.

Note:

  • For Windows ACL enabled shared folders (all shares excluding "photo" and shares on external drives), please run the chmod command on your Linux or FTP client to change folder and file permission types from Windows ACL to UNIX.
  • Enabling this option might cause inconsistent permission issues between different protocols. To avoid inconsistencies, we suggest leaving this option disabled.

Custom port

You can customize port numbers for statd and nlockmgr services.

  1. Select Customized ports.
  2. Enter port numbers in statd port and nlockmgr port.
  3. Click Apply.

Note:

  • If you would like to use NFSv3 services, go to Control Panel > Security > Firewall and create a firewall rule that enables "Mac/Linux file server" from the list of built-in applications.

Setting Read/Write Packet Size

When the read/write packet size cannot be set on your NFS client, you can specify the default value in this field.

  1. Select the desired packet size from the Read packet size and Write packet size fields.
  2. Click Apply.
  3. Remount the share.

Note:

  • After changing the read/write packet size, the shared folder must be remounted before the new settings can take effect.
  • These settings only affect NFS clients who connect via UDP (User Datagram Protocol).

Kerberos Settings

Kerberos is a network authentication protocol. It allows clients and servers communicating over a non-secure network to authenticate and prove their identities to each other in a secure manner. Synology NAS provides options to import an existing Kerberos key. Once imported successfully, NFS clients can use the Kerberos authentication protocol to connect to the Synology NAS.

To import a Kerberos key:

  1. Click Kerberos Settings.
  2. Click the Import button.
  3. Choose the Kerberos key you want to import.
  4. Click OK.

Kerberos ID Mapping

You can map individual Kerberos principals to local DSM user accounts.

To map Kerberos principals and local user accounts:

  1. Click Kerberos Settings.
  2. Go to the ID Mapping tab.
  3. Click the Add button. Select one of the following.
    • ID Mapping: Enter the Kerberos principal and the local user account to which it should be mapped.
    • Suggested Mapping List: This option displays a list of suggested Kerberos principal/local user mapping options that are generated by the system.

Note:

  • Kerberos is only available on models with internal hard drives.
  • If you want to map an NFS client who connects through Kerberos to an existing Domain/LDAP user account, make sure you've joined the directory service. In addition, the directory server must have an attribute that includes the corresponding Kerberos principal.
    • Domain User: The format for the corresponding attribute should be userPrincipalName.
    • LDAP User: The format for the corresponding attribute should be GSSAuthName.
  • If the user cannot be successfully mapped to a local user or domain/LDAP user, then the user shall be mapped to "guest."
  • Mapped priority is as follows: Local user > Domain/LDAP user > Guest.
  • If you want to modify the access permissions of NFS clients, please use Windows Access Control List (ACL). The privileges options located at Control Panel > User & Group are not applicable for NFS clients.
Advanced Settings
Kerberos Settings
Kerberos ID Mapping