Public bug reported: Static NFS UID/GID translation doesn't work, even when using with sec=krb5.
The share is exported with: /nfs 192.168.0.0/24(rw,sync,crossmnt,no_subtree_check,root_squash,fsid=0,sec=krb5) Mapping configuration in /etc/idmapd.conf: ... [Translation] Method = static [Static] s...@home.lan = sam b...@home.lan = bob ... Logs from rpc.idmapd: ... rpc.idmapd[3591]: libnfsidmap: processing 'Method' list libnfsidmap: loaded plugin /lib/x86_64-linux-gnu/libnfsidmap/static.so for method static rpc.idmapd[3592]: Expiration time is 600 seconds. rpc.idmapd[3592]: Opened /proc/net/rpc/nfs4.nametoid/channel rpc.idmapd[3592]: Opened /proc/net/rpc/nfs4.idtoname/channel ... rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=user rpc.idmapd[3592]: nfs4_uid_to_name: final return value is 0 rpc.idmapd[3592]: Server : (user) id "1000" -> name "" rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0 rpc.idmapd[3592]: Server : (group) id "1000" -> name "" rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0 rpc.idmapd[3592]: Server : (group) id "1003" -> name "" rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=user rpc.idmapd[3592]: nfs4_uid_to_name: final return value is 0 rpc.idmapd[3592]: Server : (user) id "0" -> name "" rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0 rpc.idmapd[3592]: Server : (group) id "0" -> name "" rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=user rpc.idmapd[3592]: nfs4_uid_to_name: final return value is 0 rpc.idmapd[3592]: Server : (user) id "1002" -> name "" rpc.idmapd[3592]: nfsdcb: authbuf=gss/krb5 authtype=group rpc.idmapd[3592]: nfs4_gid_to_name: final return value is 0 rpc.idmapd[3592]: Server : (group) id "1002" -> name "" ... As you can see, even though static.so plugin was loaded, ID translation was not performed. Looking at this issue with GDB shows that static translation plugin is skipped in these two lines in libnfsidmap.c: ... if (plgns[i]->trans->funcname == NULL) continue; ... The reason that funcname is null is that pointers to name_to_uid, name_to_gid, uid_to_name, gid_to_name are explicitly initialized to NULL in the Ubuntu's version of libnfsidmap/static.c: ... struct trans_func static_trans = { .name = "static", .init = NULL, .name_to_uid = NULL, .name_to_gid = NULL, .uid_to_name = NULL, .gid_to_name = NULL, .princ_to_ids = static_gss_princ_to_ids, .gss_princ_to_grouplist = static_gss_princ_to_grouplist, }; ... Please note, that in original sources of NFS these callbacks are correctly initialized like so: ... struct trans_func static_trans = { .name = "static", .init = static_init, .name_to_uid = static_name_to_uid, .name_to_gid = static_name_to_gid, .uid_to_name = static_uid_to_name, .gid_to_name = static_gid_to_name, .princ_to_ids = static_gss_princ_to_ids, .gss_princ_to_grouplist = static_gss_princ_to_grouplist, }; ... I am not sure why in Ubuntu's package the NFS static ID translation was disabled, but if it was done deliberately it should've been documented (maybe here https://help.ubuntu.com/community/NFSv4Howto ?). Side note: nsswitch translation works correctly. Ubuntu Server 18.04.1 LTS libnfsidmap2:amd64 0.25-5.1 ** Affects: libnfsidmap (Ubuntu) Importance: Undecided Status: New ** Tags: nfs ** Package changed: snapd (Ubuntu) => libnfsidmap (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1812280 Title: Static ID mapping not functional in NFS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libnfsidmap/+bug/1812280/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs