On Mon, Aug 04, 2008 at 11:22:58AM -0500, Paul Fisher wrote: > Actually no, only one nfs domain called "localnet" which is set on both > the client and the server. What is different is that the client and > server have a different idea of the actual uid/gid values that are used > for the names (all in the local /etc files on each system).
Provided you're using NFSv4 and you're NOT using AUTH_SYS, then this will work. > If NFSv4 idmap'ing uses names, but the uid/gid values on both sides need > to match, what is the purpose of this translation layer? What am I > missing here? AUTH_SYS -- don't use that. Use Kebreros (-o sec=krb5, krb5i or krb5p). > >There is no idmapd.conf on Solaris. > > > Um, did you missed that the client was Debian Etch Linux? Linux does in > fact have this file, which is where the idmap domain name is set. I did miss that. > If you look at the ls -l /export/home (on the os system), and ls -l > /home (on the etch-01 system) in the original post, you can see that the > name->id mapping seems to work for directory listings, but something > else is going on when accessing the contents. Right. See above. Your problem is AUTH_SYS. Nico --