(Solved) NFSv4 - Files ownership wrong, idmap domain correct

PreparationH67 · 2011-02-18 21:10:01

I have an arch server the is exporting the home directories for my users over a local network. Currently there are 2 arch servers mounting at export to their /home. The accounts exist on an Active Directory server that all three are plugged into via LDAP and Kerberos (NFS is not using Kerberos thou). So far it has been working flawlessly, except for one problem that seems to only be affecting me. I have an SSH key in my home directory on the server that I use to connect from my netbook. The problem is somethings when I ssh into one of the servers from my machine it asks for my password instead of letting me in, I get in and I find that all my files and my home directory are being mapped to nobody instead of my account. To make it even weirder, the group, which is also on AD, is mapped correctly and when I do an ls -l on /home my directory is the only one that has the wrong mapping. I'm not sure what could possibly be going wrong as the other server is not having this problem and I can't find a pattern to this behavior. The ownership seems to correct itself after a little bit, but at least once now only some on my files had the correct ownership and some were still mapped to nobody. Does anyone have any idea what can be causing this? I may try and change the domain in idmapd.conf, but I know it's correct so I don't know what else it could be and I don't see anything useful in the logs.

Last edited by PreparationH67 (2011-02-24 17:04:12)

delerious010 · 2011-02-19 23:53:35

Out of curiosity, if you perform an ls -n, are the UID and GID numerically the same ?
I'm asking since it could always be possible that the username and group are being returned through a different system than AD. For instance, if you're reading files before reading ldap/ap in /etc/nsswitch.conf.

PreparationH67 · 2011-02-20 15:48:39

The GID is correct, but the UID is not. It also seems the that the problem is not localized to the one machine like I thought. I setup a simple bash script in cron.hourly on both machines to check if my directory and log the results. It is happening on both, but there is no pattern either between the two or on the machines themselves. It does seem that interacting with the files in the directory changes the user back to normal, like using cat or nano, but only for that file. I did manage to find something in /var/log/messages.log

Feb 20 02:18:02 localhost rpc.idmapd[954]: nss_getpwnam: name 'walter' not found in domain 'mydomain'

I edited out the domain, but it is the same across all the servers.

I've been looking around but have not been able to find any references to this behavior, the only thing I can think of now is to expand that script to make sure it is only my directory. Unless someone else has some prophetic insight.

PreparationH67 · 2011-02-22 06:27:51

So today I found out that it is indeed happening to other people as well, but when someone else is logged in they can see when it is messing up on my directory, so it is not local to a specific persons view. Anyone got anything on this, it's driving me crazy here?

PreparationH67 · 2011-02-23 04:53:22

I think I may have solved the issue and I think it had to do with hosts.allow not being quite right. I reread the NFS wiki entry and the full list is not in the NFSv4 page so it looks like I had it wrong.

nfsd: ALL
rpcbind: ALL
mountd:ALL

Although obviously I didn't use the ALL option, I'll tag this as solved when I fully confirm this worked out.

Last edited by PreparationH67 (2011-02-23 04:54:09)

Arch Linux

#1 2011-02-18 21:10:01

(Solved) NFSv4 - Files ownership wrong, idmap domain correct

#2 2011-02-19 23:53:35

Re: (Solved) NFSv4 - Files ownership wrong, idmap domain correct

#3 2011-02-20 15:48:39

Re: (Solved) NFSv4 - Files ownership wrong, idmap domain correct

#4 2011-02-22 06:27:51

Re: (Solved) NFSv4 - Files ownership wrong, idmap domain correct

#5 2011-02-23 04:53:22

Re: (Solved) NFSv4 - Files ownership wrong, idmap domain correct

Board footer