On Wed, 16 Jul 2014, Nordgren, Bryce L -FS wrote:
Thing is, nfsidmap always adds and then substracts '@' plus domain,
assuming that the part prior to '@' is what going to be mapped by the
domain-specific idmap mapper.
That's the crux of the problem right there. Sssd is not a
domain-specific
ub Hrozek [jhro...@redhat.com]
Sent: Wednesday, July 16, 2014 2:19 AM
To: Parsons, Aron
Cc: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA+AD trust and NFS nobody issue
On 16 Jul 2014, at 03:29, Parsons, Aron wrote:
> I ran into this issue last fall and have been running with a patched
&
> Thing is, nfsidmap always adds and then substracts '@' plus domain,
> assuming that the part prior to '@' is what going to be mapped by the
> domain-specific idmap mapper.
That's the crux of the problem right there. Sssd is not a domain-specific
idmap mapper. Sssd is a domain-aware, multido
On Wed, 16 Jul 2014, Nordgren, Bryce L -FS wrote:
Hi Aron,
the support case you referenced is linked to bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1066153 which is fully acked
for RHEL-6.6, the state of the bugzilla is ON_QA, so currently it looks the
patch will be released in 6.6..
> Hi Aron,
>
> the support case you referenced is linked to bugzilla
> https://bugzilla.redhat.com/show_bug.cgi?id=1066153 which is fully acked
> for RHEL-6.6, the state of the bugzilla is ON_QA, so currently it looks the
> patch will be released in 6.6..
username@domain is coded in the NFS spec a
code is stripping the domain off based on the location of the
> first "@" character in the value returned by the server. This results in
> UID/GID mappings failing and resulting in ownership on the clients of
> "nobody".
>
> Regards,
> Johan
>
> From:
an
From: Dmitri Pal [dpal redhat com]
Sent: Thursday, June 05, 2014 21:03
To: Johan Petersson; Alexander Bokovoy
Cc: Sumit Bose; freeipa-users redhat com
Subject: Re: [Freeipa-users] IPA+AD trust and NFS nobody issue
On 06/04/2014 09:57 AM, Johan Petersson wrote:
> Yes the message is exact
> > I see the first two represented on the design, but not the last. I suspect
> that this means that the plugin regards security principals and NFSv4
> identities as the same thing, which may mean it won't work for multiple
> domains? Let me turn the question on its head: according to the OP, th
On 27 Jun 2014, at 22:22, Nordgren, Bryce L -FS wrote:
>
>> Would the idmap sss module we have on the list pending review help here?
>
> My read of the design page suggests that the plugin is 66% of a solution.
> There are three types of identities which need to be related:
>
> * local machi
> -Original Message-
> > What I'm not quite clear on is the interaction between idmapd and ldap
> > (slides 15,16,18). Does idmapd want to see this "NFSv4RemoteUser"
> > schema on the LDAP server? Is this schema something that FreeIPA would
> > have to support for NFS to work with cross-r
> Would the idmap sss module we have on the list pending review help here?
My read of the design page suggests that the plugin is 66% of a solution. There
are three types of identities which need to be related:
* local machine accounts/identities (meaningful to the filesystem)
* security princi
On Thu, 2014-06-26 at 23:21 +, Nordgren, Bryce L -FS wrote:
> > The second @ is not provided by kerberos, it is rpcimapd making false
> > assumptions, it does a getpwuid and gets back adt...@ad.example.org as
> > the username, to which it decides to slap on the local REALM name with an @
> > si
On Fri, 2014-06-27 at 00:10 +, Nordgren, Bryce L -FS wrote:
> Also:
> http://tools.ietf.org/html/draft-adamson-nfsv4-multi-domain-access-04
>
> Never became an RFC, but cites Simo's I-D on a Kerberos PAC.
>
> I like the CITI approach better (also approach 2 of section 6 in the
> above I-D). I
21:03
> To: Johan Petersson; Alexander Bokovoy
> Cc: Sumit Bose; freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] IPA+AD trust and NFS nobody issue
>
> On 06/04/2014 09:57 AM, Johan Petersson wrote:
> > Yes the message is exactly like that with commas, I double checked.
> &
On Thu, Jun 26, 2014 at 06:42:37PM -0400, Simo Sorce wrote:
> On Thu, 2014-06-26 at 22:02 +, Nordgren, Bryce L -FS wrote:
> > > The reason is that rpcidmapd` does not parse fully-qualified usernames
> > > so"adt...@ad.example.org@IPA.EXAMPLE.ORG" does not work.
> >
> > If someone can educate m
Also: http://tools.ietf.org/html/draft-adamson-nfsv4-multi-domain-access-04
Never became an RFC, but cites Simo's I-D on a Kerberos PAC.
I like the CITI approach better (also approach 2 of section 6 in the above
I-D). I have no use for the groups defined in my active directory. Also, for
the ex
> The second @ is not provided by kerberos, it is rpcimapd making false
> assumptions, it does a getpwuid and gets back adt...@ad.example.org as
> the username, to which it decides to slap on the local REALM name with an @
> sign in between.
>
> I think this is something that may be handled with i
On Thu, 2014-06-26 at 22:02 +, Nordgren, Bryce L -FS wrote:
> > The reason is that rpcidmapd` does not parse fully-qualified usernames
> > so"adt...@ad.example.org@IPA.EXAMPLE.ORG" does not work.
>
> If someone can educate me as to why there are two @ signs in the above, I can
> fix the wiki
> The reason is that rpcidmapd` does not parse fully-qualified usernames
> so"adt...@ad.example.org@IPA.EXAMPLE.ORG" does not work.
If someone can educate me as to why there are two @ signs in the above, I can
fix the wiki page
(http://www.freeipa.org/page/Collaboration_with_Kerberos#Mechanism_
y".
Regards,
Johan
From: Dmitri Pal [d...@redhat.com]
Sent: Thursday, June 05, 2014 21:03
To: Johan Petersson; Alexander Bokovoy
Cc: Sumit Bose; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA+AD trust and NFS nobody issue
On 06/04/2014 09:57 AM, Johan Petersson wrote:
> Yes
Bokovoy [mailto:aboko...@redhat.com]
Sent: Wednesday, June 04, 2014 3:14 PM
To: Johan Petersson
Cc: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA+AD trust and NFS nobody issue
On Wed, 04 Jun 2014, Johan Petersson wrote:
Mail got posted before I was finished sorry.
I f
name "ad_us...@linux.home"
The group ad_users is a IPA group with external maps from AD Domain users.
-Original Message-
From: Alexander Bokovoy [mailto:aboko...@redhat.com]
Sent: Wednesday, June 04, 2014 3:14 PM
To: Johan Petersson
Cc: d...@redhat.com; freeipa-users@redhat
the first
string (nss_getpwnam: name '' domain '...': resulting localname
...)? it would be
[general]
Verbosity = 4
in /etc/idmapd.conf
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Johan Petersson
Sent: Wednesday, June 04, 20
rusted
domains.
bye,
Sumit
>
>
> From: freeipa-users-boun...@redhat.com
> [mailto:freeipa-users-boun...@redhat.com] On Behalf Of Johan Petersson
> Sent: Wednesday, June 04, 2014 12:02 PM
> To: d...@redhat.com; freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] IPA+AD tr
n 'linux.home,'
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Johan Petersson
Sent: Wednesday, June 04, 2014 12:02 PM
To: d...@redhat.com; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA+AD trust and NFS nobody issue
Yes Client is
at.com>
[mailto:freeipa-users-boun...@redhat.com]<mailto:[mailto:freeipa-users-boun...@redhat.com]>
On Behalf Of Dmitri Pal
Sent: Tuesday, June 03, 2014 6:48 PM
To: freeipa-users@redhat.com<mailto:freeipa-users@redhat.com>
Subject: Re: [Freeipa-users] IPA+AD trust and NFS nobody
-boun...@redhat.com] On Behalf Of Dmitri Pal
Sent: Tuesday, June 03, 2014 6:48 PM
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] IPA+AD trust and NFS nobody issue
On 06/03/2014 09:07 AM, Johan Petersson wrote:
Hi,
Environment:
RHEL 7 IPA Server 3.3 with a trust to a Windows 2012 Server AD
R
On 06/03/2014 09:07 AM, Johan Petersson wrote:
Hi,
Environment:
RHEL 7 IPA Server 3.3 with a trust to a Windows 2012 Server AD
RHEL 7 NFS Server
RHEL 7 Client
I have found one problem when using a NFS 4 shared Home Directory for
AD users logging in to IPA.
I have created a NFS share /hom
Hi,
Environment:
RHEL 7 IPA Server 3.3 with a trust to a Windows 2012 Server AD
RHEL 7 NFS Server
RHEL 7 Client
I have found one problem when using a NFS 4 shared Home Directory for AD users
logging in to IPA.
I have created a NFS share /home/adexample.org and use autofs map in IPA.
All wbinfo
29 matches
Mail list logo