You are not logged in.
Hello,
I'm installing, at home, a data server using NFSv4 and Kerberos. It's almost working, I've just a last, strange problem: Consequences of same users existing on client and server sides with different uids. Here just two non consistent commands:
Command Client side Server side Comment
touch file user1(uid1) -> user1(uid2) same username on both sides, different uids
ls -l file user3(uid2) <- user1(uid2) same uid on both sides, different usernamesI would have supposed consistency on either username or uid over all commands, I don't catch why there is this difference. Well, even if I don't get it, I can use the nfs-idmapd service: Either I squash user1(uid1) to user4(uid1) on server, or I squash user3(uid2) to user1(uid1) on client. I prefer the first solution as there are usually less servers than clients.
So here is my /etc/idmapd.conf file:
[General]
Domain = domain.net
Local-Realms = DOMAIN.NET
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = static,nsswitch
[Static]
user1@DOMAIN.NET = user4I force static method (user1 -> user4) before nsswitch so that the last one does not keep the same user on server side. The nsswitch method is still necessary for other users, such as root.
Unfortunately, it does not work: static method is not used (or misused) and user1 on client is still mapped to user1 on server. Then it's possible to manually run the nfs-idmapd service on server (rpc.idmapd -f -vvvvv) to get more details. When I make the touch command on client, the output on server is:
rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=user
rpc.idmapd: nfs4_uid_to_name: calling static->uid_to_name
rpc.idmapd: nfs4_uid_to_name: static->uid_to_name returned 0
rpc.idmapd: nfs4_uid_to_name: final return value is 0 # From static method:
rpc.idmapd: Server : (user) id "uid1" -> name "user1@DOMAIN.NET" # request comes from Kerberos user1...
# YESSS!!!
rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=group
rpc.idmapd: nfs4_gid_to_name: calling static->gid_to_name
rpc.idmapd: nfs4_gid_to_name: static->gid_to_name returned -2
rpc.idmapd: nfs4_gid_to_name: calling nsswitch->gid_to_name
rpc.idmapd: nfs4_gid_to_name: nsswitch->gid_to_name returned 0
rpc.idmapd: nfs4_gid_to_name: final return value is 0 # From nsswitch method:
rpc.idmapd: Server : (group) id "gid1" -> name "group1@domain.net" # user1 is in group1
rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=user
rpc.idmapd: nfs4_uid_to_name: calling static->uid_to_name
rpc.idmapd: nfs4_uid_to_name: static->uid_to_name returned -2
rpc.idmapd: nfs4_uid_to_name: calling nsswitch->uid_to_name
rpc.idmapd: nfs4_uid_to_name: nsswitch->uid_to_name returned 0
rpc.idmapd: nfs4_uid_to_name: final return value is 0 # From nsswitch method:
rpc.idmapd: Server : (user) id "uid2" -> name "user1@domain.net" # Corresponding user is user1(uid2)
# NOOO!!!I'm blocked now. Do you have an idea about making rpc.idmapd program working as intended?
Offline