On 03/11/10 09:27 AM, Robert Thurlow wrote:
Ian Collins wrote:
On 03/11/10 05:42 AM, Andrew Daugherity wrote:
I've found that when using hostnames in the sharenfs line, I had to use
the FQDN; the short hostname did not work, even though both client and
server were in the same DNS domain and that domain is in the search
path, and nsswitch uses DNS for hosts (read: 'ping client1' works fine,
as does 'mount server:/export/fs /mnt' from client1).
I have found the same, whether sharing to Linux or Solaris hosts, the
FQDN appears to be required.
It's not quite true that you need the FQDN, as it still
does depend on the name service setup. However, what is
true is this: to authenticate a client, the server does
a IP-to-hostname mapping and compares the string with the
string on the share entry. If the strings match (ignoring
case), the client gets access. If not, the client does not
get access. This has confused many, and it's not clear
how or where to document this so that it does not cause
more confusion. RFEs with example language would be
welcome.
So, to make a long story short, if you log into the server
from the client and do "who am i", you will get the host
name you need for the share.
Thanks for the clarification Rob.
Digging a little deeper, this is documented in the share_nfs man page:
access_list
The access_list argument is a colon-separated list whose
components may be any number of the following:
hostname
The name of a host. With a server configured for DNS or
LDAP naming in the nsswitch "hosts" entry, any hostname
must be represented as a fully qualified DNS or LDAP
name.
Maybe your last paragraph could be added to the NOTES section on that page?
--
Ian.
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss