Re: nfsv4 and rpcidmapd
If your using kerberos then there may be some other issues.1) make sure that the default realm is set correctly in /etc/krb5.conf on all servers.2) make sure that all the processes have access to keytab files readable by the user the service is running as, and that it contains the key for the principal for that service. If not then user key forwarding for the users pricipal won't work correctly.From: Patrick J. LoPrestiSent: Tuesday, June 30, 2015 17:17To: Orion PoplawskiCc: Eve V. E. Kovacs; SCIENTIFIC-LINUX-USERS@fnal.govSubject: Re: nfsv4 and rpcidmapdPossibly related:https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/526302Assuming you are using FQDNs and the host's domain matches the Kerberos domain, it sounds like you can simply comment out the "Domain = " line in idmapd.conf.(I vaguely recall "localdomain" having special meaning in this context and therefore being a bad idea. I always set it to something else. But I am unable to find a reference, so maybe my memory is playing tricks on me.)- PatOn Tue, Jun 30, 2015 at 1:47 PM, Orion Poplawski or...@cora.nwra.com wrote:On 06/30/2015 02:39 PM, Eve V. E. Kovacs wrote: Yes, kereberos is used for password authentication; account information is supplied by our ldap server. Passwords are not served via ldap. Eve Perhaps something in that configuration is forcing the full domain to get sent. Not sure. idmap issues always give me headaches. On Tue, 30 Jun 2015, Orion Poplawski wrote: Date: Tue, 30 Jun 2015 15:30:41 -0500 From: Orion Poplawski or...@cora.nwra.com To: Eve V. E. Kovacs kov...@anl.gov, scientific-linux-users@fnal.gov Subject: Re: nfsv4 and rpcidmapd On 06/30/2015 01:46 PM, Eve V. E. Kovacs wrote: We have an SL6 nfsv4 file server and a number of SL6 clients. We were careful to configure idmapd.conf on both the clients and the server to have the same domain name as follows: # The following should be set to the local NFSv4 domain name # The default is the host's DNS domain name. #Domain = local.domain.edu Domain = localdomain All of this worked until recently. Now, when I try to change the ownership of my file 'test' on one of the clients, I get an error: chown: changing ownership of test : Invalid argument On the server, I see errors in the log file: rpc.idmapd[6092]: nss_getpwnam: name 'kov...@hep.anl.gov' does not map into domain 'localdomain' This problem has various solutions posted on the internet. Some solutions claim that all that is required is to have the same domain name on the client and server. We already have this, but still have a problem. Another solution suggests changing the local NFSv4 domain name to match the DNS domain name (which looks promising, given the error message above). Has anyone else had this problem and/or know the fix? I would definitely recommend using the real domain name, but it does seem like the client is sending the "hep.anl.gov" domain name rather than "localdomain", and I'm not sure why that would be if it is configured as you described. Either way *should* work. Is kerberos involved at all? -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com *** Eve Kovacs Argonne National Laboratory, Room L-177, Bldg. 360, HEP 9700 S. Cass Ave. Argonne, IL 60439 USA Phone: (630)-252-6208 Fax: (630)-252-5047 email: kov...@anl.gov *** -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com
Re: Re: Modula 2?
On Tue, 30 Jun 2015 14:41:41 -0700 Konstantin Olchanski lt;olcha...@triumf.cagt; wrote On Mon, Jun 29, 2015 at 06:59:29PM -0700, ToddAndMargo wrote: gt; gt; Is Modula2 available for SL 6 and 7? gt; pascal -gt; modula-2 -gt; oberon -gt; java -gt; go -- Konstantin Olchanski Data Acquisition Systems: The Bytes Must Flow! Email: olchansk-at-triumf-dot-ca Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada Maybe I should just give up and learn Perl
Re: Modula 2?
Modula-2 is a pretty 'dead' language. The GNU compiler tool looks to be one of the most up to date from what a google search seems to sya. On 29 June 2015 at 19:59, ToddAndMargo toddandma...@zoho.com wrote: Hi All, Is Modula2 available for SL 6 and 7? Found this: http://www.nongnu.org/gm2/release.html Is there something better? Many thanks, -T -- Stephen J Smoogen.
Re: nfsv4 and rpcidmapd
On 06/30/2015 01:46 PM, Eve V. E. Kovacs wrote: We have an SL6 nfsv4 file server and a number of SL6 clients. We were careful to configure idmapd.conf on both the clients and the server to have the same domain name as follows: # The following should be set to the local NFSv4 domain name # The default is the host's DNS domain name. #Domain = local.domain.edu Domain = localdomain All of this worked until recently. Now, when I try to change the ownership of my file 'test' on one of the clients, I get an error: chown: changing ownership of test : Invalid argument On the server, I see errors in the log file: rpc.idmapd[6092]: nss_getpwnam: name 'kov...@hep.anl.gov' does not map into domain 'localdomain' This problem has various solutions posted on the internet. Some solutions claim that all that is required is to have the same domain name on the client and server. We already have this, but still have a problem. Another solution suggests changing the local NFSv4 domain name to match the DNS domain name (which looks promising, given the error message above). Has anyone else had this problem and/or know the fix? I would definitely recommend using the real domain name, but it does seem like the client is sending the hep.anl.gov domain name rather than localdomain, and I'm not sure why that would be if it is configured as you described. Either way *should* work. Is kerberos involved at all? -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com
nfsv4 and rpcidmapd
We have an SL6 nfsv4 file server and a number of SL6 clients. We were careful to configure idmapd.conf on both the clients and the server to have the same domain name as follows: # The following should be set to the local NFSv4 domain name # The default is the host's DNS domain name. #Domain = local.domain.edu Domain = localdomain All of this worked until recently. Now, when I try to change the ownership of my file 'test' on one of the clients, I get an error: chown: changing ownership of test : Invalid argument On the server, I see errors in the log file: rpc.idmapd[6092]: nss_getpwnam: name 'kov...@hep.anl.gov' does not map into domain 'localdomain' This problem has various solutions posted on the internet. Some solutions claim that all that is required is to have the same domain name on the client and server. We already have this, but still have a problem. Another solution suggests changing the local NFSv4 domain name to match the DNS domain name (which looks promising, given the error message above). Has anyone else had this problem and/or know the fix? Thanks Eve *** Eve Kovacs Argonne National Laboratory, Room L-177, Bldg. 360, HEP 9700 S. Cass Ave. Argonne, IL 60439 USA Phone: (630)-252-6208 Fax: (630)-252-5047 email: kov...@anl.gov ***
Re: nfsv4 and rpcidmapd
On 06/30/2015 02:39 PM, Eve V. E. Kovacs wrote: Yes, kereberos is used for password authentication; account information is supplied by our ldap server. Passwords are not served via ldap. Eve Perhaps something in that configuration is forcing the full domain to get sent. Not sure. idmap issues always give me headaches. On Tue, 30 Jun 2015, Orion Poplawski wrote: Date: Tue, 30 Jun 2015 15:30:41 -0500 From: Orion Poplawski or...@cora.nwra.com To: Eve V. E. Kovacs kov...@anl.gov, scientific-linux-users@fnal.gov Subject: Re: nfsv4 and rpcidmapd On 06/30/2015 01:46 PM, Eve V. E. Kovacs wrote: We have an SL6 nfsv4 file server and a number of SL6 clients. We were careful to configure idmapd.conf on both the clients and the server to have the same domain name as follows: # The following should be set to the local NFSv4 domain name # The default is the host's DNS domain name. #Domain = local.domain.edu Domain = localdomain All of this worked until recently. Now, when I try to change the ownership of my file 'test' on one of the clients, I get an error: chown: changing ownership of test : Invalid argument On the server, I see errors in the log file: rpc.idmapd[6092]: nss_getpwnam: name 'kov...@hep.anl.gov' does not map into domain 'localdomain' This problem has various solutions posted on the internet. Some solutions claim that all that is required is to have the same domain name on the client and server. We already have this, but still have a problem. Another solution suggests changing the local NFSv4 domain name to match the DNS domain name (which looks promising, given the error message above). Has anyone else had this problem and/or know the fix? I would definitely recommend using the real domain name, but it does seem like the client is sending the hep.anl.gov domain name rather than localdomain, and I'm not sure why that would be if it is configured as you described. Either way *should* work. Is kerberos involved at all? -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com *** Eve Kovacs Argonne National Laboratory, Room L-177, Bldg. 360, HEP 9700 S. Cass Ave. Argonne, IL 60439 USA Phone: (630)-252-6208 Fax: (630)-252-5047 email: kov...@anl.gov *** -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com
Re: nfsv4 and rpcidmapd
Possibly related: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/526302 Assuming you are using FQDNs and the host's domain matches the Kerberos domain, it sounds like you can simply comment out the Domain = line in idmapd.conf. (I vaguely recall localdomain having special meaning in this context and therefore being a bad idea. I always set it to something else. But I am unable to find a reference, so maybe my memory is playing tricks on me.) - Pat On Tue, Jun 30, 2015 at 1:47 PM, Orion Poplawski or...@cora.nwra.com wrote: On 06/30/2015 02:39 PM, Eve V. E. Kovacs wrote: Yes, kereberos is used for password authentication; account information is supplied by our ldap server. Passwords are not served via ldap. Eve Perhaps something in that configuration is forcing the full domain to get sent. Not sure. idmap issues always give me headaches. On Tue, 30 Jun 2015, Orion Poplawski wrote: Date: Tue, 30 Jun 2015 15:30:41 -0500 From: Orion Poplawski or...@cora.nwra.com To: Eve V. E. Kovacs kov...@anl.gov, scientific-linux-users@fnal.gov Subject: Re: nfsv4 and rpcidmapd On 06/30/2015 01:46 PM, Eve V. E. Kovacs wrote: We have an SL6 nfsv4 file server and a number of SL6 clients. We were careful to configure idmapd.conf on both the clients and the server to have the same domain name as follows: # The following should be set to the local NFSv4 domain name # The default is the host's DNS domain name. #Domain = local.domain.edu Domain = localdomain All of this worked until recently. Now, when I try to change the ownership of my file 'test' on one of the clients, I get an error: chown: changing ownership of test : Invalid argument On the server, I see errors in the log file: rpc.idmapd[6092]: nss_getpwnam: name 'kov...@hep.anl.gov' does not map into domain 'localdomain' This problem has various solutions posted on the internet. Some solutions claim that all that is required is to have the same domain name on the client and server. We already have this, but still have a problem. Another solution suggests changing the local NFSv4 domain name to match the DNS domain name (which looks promising, given the error message above). Has anyone else had this problem and/or know the fix? I would definitely recommend using the real domain name, but it does seem like the client is sending the hep.anl.gov domain name rather than localdomain, and I'm not sure why that would be if it is configured as you described. Either way *should* work. Is kerberos involved at all? -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com *** Eve Kovacs Argonne National Laboratory, Room L-177, Bldg. 360, HEP 9700 S. Cass Ave. Argonne, IL 60439 USA Phone: (630)-252-6208 Fax: (630)-252-5047 email: kov...@anl.gov *** -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane or...@nwra.com Boulder, CO 80301 http://www.nwra.com
