On ke, 25 loka 2017, Robert Sturrock via FreeIPA-users wrote:
Hi All.

We have IPA setup in an AD trust to support our Linux fleet.  I’m running into 
a problem trying to get Ubuntu (16.04) clients to resolve names/ids on an 
NFS-mounted filesystem from an NFS server using NFSv4/krb5.  Files and 
directories show up as ‘nobody’ or an incorrect numerical ID when listed with 
‘ls’.  RHEL7 clients seem to working fine with a very similar configuration (as 
far as I can tell).

The particulars are:

 - AD forest has domains ‘localdomain’ and ‘student.localdomain’ (my user 
identity is ‘user@localdomain’)
 - IPA domain is ‘ipa.localdomain’
 - The NFS server (RHEL7) and clients (Ubu16.04, RHEL7) are both enrolled to 
IPA (with 'Domain=ipa.localdomain’ in /etc/idmapd.conf).

I have mounted the NFS volume on the clients with a simple:

 mount -t nfs4 nfs-server.ipa.localdomain:/export /mnt

Listing my directory as myself (‘rns@localdomain’) on the Ubuntu client, I see:

$ ls -ld rns
drwx------ 18 nobody 4294967294 4096 Oct 25 15:18 rns

.. with these corresponding nfsidmap messages:

Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: key: 
0x2c254c26 type: uid value: rns@localdomain@ipa.localdomain timeout 600
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: 
nfs4_name_to_uid: calling nsswitch->name_to_uid
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: 
nss_getpwnam: name 'rns@localdomain@ipa.localdomain' domain 'ipa.localdomain': 
resulting localname '(null)'
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: 
nss_getpwnam: name 'rns@localdomain@ipa.localdomain' does not map into domain 
'ipa.localdomain'
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: 
nfs4_name_to_uid: nsswitch->name_to_uid returned -22
Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: 
nfs4_name_to_uid: final return value is -22

.. whereas on the RHEL7 client, I see:

$ ls -ld rns
drwx------. 18 rns@localdomain rns@localdomain 4096 Oct 25 15:18 rns

Oct 25 16:56:23 rhel-7-client.sub.localdomain nfsidmap[30590]: key: 0xf113fd2 
type: uid value: rns@localdomain@ipa.localdomain timeout 600
Oct 25 16:56:23 rhel-7-client.sub.localdomain nfsidmap[30590]: nfs4_name_to_uid: 
calling nsswitch->name_to_uid
Oct 25 16:56:23 rhel-7-client.sub.localdomain nfsidmap[30590]: nss_getpwnam: 
name 'rns@localdomain@ipa.localdomain' domain 'ipa.localdomain': resulting 
localname 'rns@localdomain'
Oct 25 16:56:23 rhel-7-client.sub.localdomain nfsidmap[30590]: nfs4_name_to_uid: 
nsswitch->name_to_uid returned 0
Oct 25 16:56:23 rhel-7-client.sub.localdomain nfsidmap[30590]: 
nfs4_name_to_uid: final return value is 0
Oct 25 16:56:23 rhel-7-client.sub.localdomain nfsidmap[30592]: key: 0x2125a5d2 
type: gid value: rns@localdomain@ipa.localdomain timeout 600
Oct 25 16:56:23 rhel-7-client.sub.localdomain nfsidmap[30592]: nfs4_name_to_gid: 
calling nsswitch->name_to_gid
Oct 25 16:56:23 rhel-7-client.sub.localdomain nfsidmap[30592]: nfs4_name_to_gid: 
nsswitch->name_to_gid returned 0
Oct 25 16:56:23 rhel-7-client.sub.localdomain nfsidmap[30592]: 
nfs4_name_to_gid: final return value is 0

Why does the Ubuntu client's nfsidmap think that my identity doesn’t
map into ‘ipa.localdomain’ and therefore (presumably) returns the error
code ‘-22’?
What version of libnfsidmap does Ubuntu have?

There was a bug fixed in 0.26-rc4 which used wrong '@' sign to detect
NFS domain. There was also a bug fixed past 0.27 release which prevented
multi-domain setup working. I guess you are affected by the latter bug.

--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to