TomK via FreeIPA-users wrote: > Hey Guy's, > > Getting below message which in turn fails to list proper UID / GID on > NFSv4 mounts from within an unprivileged account. All files show up with > owner and group as nobody / nobody when viewed from the client. > > Is there a way to structure /etc/idmapd.conf to allow for proper UID / > GID resolution? Or perhaps another solution? > > > [root@client01 etc]# cat /etc/idmapd.conf|grep -v "#"| sed -e "/^$/d" > [General] > Verbosity = 7 > Domain = nix.my.dom > [Mapping] > [Translation] > [Static] > [UMICH_SCHEMA] > LDAP_server = ldap-server.local.domain.edu > LDAP_base = dc=local,dc=domain,dc=edu > [root@client01 etc]# > > Mount looks like this: > > nfs-c01.nix.my.dom:/n/my.dom on /n/my.dom type nfs4 > (rw,relatime,vers=4.0,rsize=8192,wsize=8192,namlen=255,hard,proto=tcp,port=0,timeo=10,retrans=2,sec=sys,clientaddr=192.168.0.236,local_lock=none,addr=192.168.0.80) > > > /var/log/messages > > Mar 6 00:17:27 client01 nfsidmap[14396]: key: 0x3f2c257b type: uid > value: t...@my.dom@localdomain timeout 600 > Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: calling > nsswitch->name_to_uid > Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name > 't...@my.dom@localdomain' domain 'nix.my.dom': resulting localname '(null)' > Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name > 't...@my.dom@localdomain' does not map into domain 'nix.my.dom' > Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: > nsswitch->name_to_uid returned -22 > Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: final return > value is -22 > Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: calling > nsswitch->name_to_uid > Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name > 'nob...@nix.my.dom' domain 'nix.my.dom': resulting localname 'nobody' > Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: > nsswitch->name_to_uid returned 0 > Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: final return > value is 0 > Mar 6 00:17:27 client01 nfsidmap[14398]: key: 0x324b0048 type: gid > value: t...@my.dom@localdomain timeout 600 > Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: calling > nsswitch->name_to_gid > Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: > nsswitch->name_to_gid returned -22 > Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: final return > value is -22 > Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: calling > nsswitch->name_to_gid > Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: > nsswitch->name_to_gid returned 0 > Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: final return > value is 0 > Mar 6 00:17:31 client01 systemd-logind: Removed session 23. > > > > > Result of: > > systemctl restart rpcidmapd > > /var/log/messages > ------------------- > Mar 5 23:46:12 client01 systemd: Stopping Automounts filesystems on > demand... > Mar 5 23:46:13 client01 systemd: Stopped Automounts filesystems on demand. > Mar 5 23:48:51 client01 systemd: Stopping NFSv4 ID-name mapping service... > Mar 5 23:48:51 client01 systemd: Starting Preprocess NFS configuration... > Mar 5 23:48:51 client01 systemd: Started Preprocess NFS configuration. > Mar 5 23:48:51 client01 systemd: Starting NFSv4 ID-name mapping service... > Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: using domain: > nix.my.dom > Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: Realms list: > 'NIX.MY.DOM' > Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap: using > domain: nix.my.dom > Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap: Realms > list: 'NIX.MY.DOM' > Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap: loaded > plugin /lib64/libnfsidmap/nsswitch.so for method nsswitch > Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: loaded plugin > /lib64/libnfsidmap/nsswitch.so for method nsswitch > Mar 5 23:48:51 client01 rpc.idmapd[14118]: Expiration time is 600 seconds. > Mar 5 23:48:51 client01 systemd: Started NFSv4 ID-name mapping service. > Mar 5 23:48:51 client01 rpc.idmapd[14118]: Opened > /proc/net/rpc/nfs4.nametoid/channel > Mar 5 23:48:51 client01 rpc.idmapd[14118]: Opened > /proc/net/rpc/nfs4.idtoname/channel >
You might be able to correlate that to the 389-ds access log to see what queries are being executed. You probably need to set LDAP_people_base and LDAP_group_base as well. I think ipa-client-automount only sets the Domain value and doesn't configure the ldap section at all. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org