On 3/8/2018 2:38 AM, Malahal Naineni wrote:
Hmm. When I change some configs in /etc/idmapd.conf on the client:
Nobody-User = nfsnobody
Nobody-Group = nfsnobody
server that connects to the NFS Ganesha cluster, I do see some changes
and folders list as nfsnobody instead of nobody. So that gave me the
impression it's being used in some way.
Tried with it disabled and the result is the same, still listed as
nobody for UID / GID. I think the FreeIPA client is using it instead.
Thinking it's not an NFS Ganesha question at this point then.
Cheers,
Tom
>> Tried identical ifmapd.conf files on client and server but rpcidmapd
tries to start the local copy of nfsd on the nfs Ganesha servers but
that competes with
NFS Ganesha doesn't need rpcidmapd daemon running. So refrain from
running the idmapd daemon. Ganesha uses idmapd libraries, so you should
be good as long as you have the libraries installed (part of the
nfs-utils package on RHEL, I think).
Regards, Malahal.
On Tue, Mar 6, 2018 at 9:15 PM, Tom <t...@mdevsys.com
<mailto:t...@mdevsys.com>> wrote:
t...@my.dom is an ad user. Nix.my.dom is a subdomain managed freeipa.
Tried identical ifmapd.conf files on client and server but rpcidmapd
tries to start the local copy of nfsd on the nfs Ganesha servers but
that competes with nfs-Ganesha and won’t bind on port 2049. So I
need to change the port for the old nfs to 12049 etc to get the old
nfs started so rpcidmapd can start on the Ganesha nfs servers. They
made it a dependency.
That’s when things get messy. I may try to uninstall the built in
nfs packages but not sure if they will also pull out the rpcidmapd
ones too.
Cheers,
Tom
Sent from my iPhone
> On Mar 6, 2018, at 9:00 AM, Daniel Gryniewicz <d...@redhat.com
<mailto:d...@redhat.com>> wrote:
>
> Based on the error messages, you client is not sending
t...@nix.my.dom but is sending t...@my.dom@localdomain. Something is
mis-configured on the client. Have you tried having identical
(including case) idmapd.conf files on both the client and server?
>
> Idmap configuration has historically be very picky and hard to
set up, and I'm far from an expert on it.
>
> Daniel
>
>> On 03/06/2018 08:24 AM, TomK wrote:
>> Hey Guy's,
>> Getting below message which in turn fails to list proper UID /
GID on NFSv4 mounts from within an unprivileged account. All files
show up with owner and group as nobody / nobody when viewed from the
client.
>> Wondering if anyone saw this and what the solution could be here?
>> If not the right list, let me know please.
>> [root@client01 etc]# cat /etc/idmapd.conf|grep -v "#"| sed -e
"/^$/d"
>> [General]
>> Verbosity = 7
>> Domain = nix.my.dom
>> [Mapping]
>> [Translation]
>> [Static]
>> [UMICH_SCHEMA]
>> LDAP_server = ldap-server.local.domain.edu
<http://ldap-server.local.domain.edu>
>> LDAP_base = dc=local,dc=domain,dc=edu
>> [root@client01 etc]#
>> Mount looks like this:
>> nfs-c01.nix.my.dom:/n/my.dom on /n/my.dom type nfs4
(rw,relatime,vers=4.0,rsize=8192,wsize=8192,namlen=255,hard,proto=tcp,port=0,timeo=10,retrans=2,sec=sys,clientaddr=192.168.0.236,local_lock=none,addr=192.168.0.80)
/var/log/messages
>> Mar 6 00:17:27 client01 nfsidmap[14396]: key: 0x3f2c257b type:
uid value: t...@my.dom@localdomain timeout 600
>> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
calling nsswitch->name_to_uid
>> Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name
't...@my.dom@localdomain' domain 'nix.my.dom': resulting localname
'(null)'
>> Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name
't...@my.dom@localdomain' does not map into domain 'nix.my.dom'
>> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
nsswitch->name_to_uid returned -22
>> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
final return value is -22
>> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
calling nsswitch->name_to_uid
>> Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name
'nob...@nix.my.dom' domain 'nix.my.dom': resulting localname 'nobody'
>> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
nsswitch->name_to_uid returned 0
>> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
final return value is 0
>> Mar 6 00:17:27 client01 nfsidmap[14398]: key: 0x324b0048 type:
gid value: t...@my.dom@localdomain timeout 600
>> Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
calling nsswitch->name_to_gid
>> Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
nsswitch->name_to_gid returned -22
>> Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
final return value is -22
>> Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
calling nsswitch->name_to_gid
>> Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
nsswitch->name_to_gid returned 0
>> Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
final return value is 0
>> Mar 6 00:17:31 client01 systemd-logind: Removed session 23.
>> Result of:
>> systemctl restart rpcidmapd
>> /var/log/messages
>> -------------------
>> Mar 5 23:46:12 client01 systemd: Stopping Automounts
filesystems on demand...
>> Mar 5 23:46:13 client01 systemd: Stopped Automounts filesystems
on demand.
>> Mar 5 23:48:51 client01 systemd: Stopping NFSv4 ID-name mapping
service...
>> Mar 5 23:48:51 client01 systemd: Starting Preprocess NFS
configuration...
>> Mar 5 23:48:51 client01 systemd: Started Preprocess NFS
configuration.
>> Mar 5 23:48:51 client01 systemd: Starting NFSv4 ID-name mapping
service...
>> Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: using
domain: nix.my.dom
>> Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: Realms
list: 'NIX.MY.DOM'
>> Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap:
using domain: nix.my.dom
>> Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap:
Realms list: 'NIX.MY.DOM'
>> Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap:
loaded plugin /lib64/libnfsidmap/nsswitch.so for method nsswitch
>> Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: loaded
plugin /lib64/libnfsidmap/nsswitch.so for method nsswitch
>> Mar 5 23:48:51 client01 rpc.idmapd[14118]: Expiration time is
600 seconds.
>> Mar 5 23:48:51 client01 systemd: Started NFSv4 ID-name mapping
service.
>> Mar 5 23:48:51 client01 rpc.idmapd[14118]: Opened
/proc/net/rpc/nfs4.nametoid/channel
>> Mar 5 23:48:51 client01 rpc.idmapd[14118]: Opened
/proc/net/rpc/nfs4.idtoname/channel
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
<mailto:Nfs-ganesha-devel@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
<https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
--
Cheers,
Tom K.
-------------------------------------------------------------------------------------
Living on earth is expensive, but it includes a free trip around the sun.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
