I will not go into detail, for the best path of learning is hands-on trial and error.
Many have travelled the same path before you, So I will link their stories and the Reference Manuals for you instead of regurgitating it here.
If after you have digested what is below and still find yourself pickled; then please update here with your findings and then maybe we can pick apart the trouble.
But I have a feeling that you will find the answer(s) you seek in the links below.
Blessings :)
The FreeNAS docs explain that NFS can have better performance than CIFS, and gives directions for installing 3rd party NFS solutions on versions of Windows that don't support it directly. I want to take advantage of that, so I enabled NFS (supported by "Ultimate") and indeed connected to the FreeNAS box.
>>> But, although I can browse the directories and see the file names, all files give errors that they are locked by some other process, and can't be read. <<<
I tried turning off the Samba service completely in case there were some residual effects. It did not make a difference.
Now this shouldn't be any harder than serving NFS on one end and using NFS on the other, and the docs don't mention any other funny business. The permissions are OK since it worked on CIFS for the same directory, and the error doesn't indicate that it's a permissions problem. But I wonder if it still might be, and Windows doesn't interpret the error correctly? Do NFS shares have some access rules supplied directly onto the share, or interpret things differently than Samba might, or anything?
—John
Permissions NFS4 ACL or Mount / Export Problem ... You are not authorized to read or write either because the file permissions are not set correctly or the share was not mounted r+w or exported correctly.
*nix security is quite different than Windows in many ways.
Since NFS security has been pretty lax until 4.0 let's start with how the NFS share is Exported.
For a client to have access to an exported file system, the client must be listed in /etc/exports.
http://www.defcon1.org/html/nfs.html
http://www.freebsd.org/doc/handbook/network-nfs.html
http://www.freebsd.org/cgi/man.cgi?query=nfsv4&sektion=4
Permissions Confusion:
http://forums.freenas.org/threads/weird-nfs-permissions-problem.4996/
NFSv4 Issues:
https://forums.freebsd.org/showthread.php?p=235924
EDIT:
Start at bottom of page 140:
7.2 Unix (NFS) Shares
http://www.freenas.org/images/resources/freenas9.1.1/freenas9.1.1_guide.pdf
Page 142:
When creating the NFS share, keep the following points in mind:
1. The Maproot and Mapall options are exclusive, meaning you can only use one or the other--the
GUI will not let you use both. The Mapall options supersede the Maproot options. If you only
wish to restrict the root user's permissions, set the Maproot option. If you wish to restrict the
permissions of all users, set the Mapall option.
2. Each volume or dataset is considered to be its own filesystem and NFS is not able to cross
filesystem boundaries.
3. The network or host must be unique per share and per filesystem or directory.
4. The "All directories" option can only be used once per share per filesystem.
~~~
Page 143:
7.2.2
Sample NFS Share Configuration
By default the Mapall options shown in Figure 7.2a show as N/A. This means that when a user connects
to the NFS share, they connect with the permissions associated with their user account. This is a
security risk if a user is able to connect as root as they will have complete access to the share.
A better scenario is to do the following:
1. Specify the built-in nobody account to be used for NFS access.
2. In the permissions of the volume/dataset that is being shared, change the owner and group to
nobody and set the permissions according to your specifications.
3. Select nobody in the Mapall User and Mapall Group drop-down menus for the share in Sharing
→ Unix (NFS) Shares.
With this configuration, it does not matter which user account connects to the NFS share, as it will be
mapped to the nobody user account and will only have the permissions that you specified on the
volume/dataset. For example, even if the root user is able to connect, it will not gain root access to the
share.
~~~