Make sure NFSv4 ID Mapping value matches on client and server. On server side (i.e. CES nodes); you can set as below: $ mmnfs config change IDMAPD_DOMAIN=test.com On client side (e.g. RHEL NFS client); one can set it using Domain attribute in /etc/idmapd.conf file. $ egrep ^Domain /etc/idmapd.conf Domain = test.com [root@rh73node2 2018_05_07-13:31:11 ~]$ $ service nfs-idmap restart Please refer following link for the details: https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.0/com.ibm.spectrum.scale.v5r00.doc/b1ladm_authconsidfornfsv4access.htm Thanks, Chetan. From: "Yaron Daniel" <[email protected]> To: gpfsug main discussion list <[email protected]> Date: 05/07/2018 10:46 AM Subject: Re: [gpfsug-discuss] CES NFS export Sent by: [email protected] Hi If you want to use NFSv3 , define only NFSv3 on the export. In case you work with NFSv4 - you should have "DOMAIN\user" all the way - so this way you will not get any user mismatch errors, and see permissions like nobody. Regards Yaron 94 Em Daniel Ha'Moshavot Rd Storage Petach Tiqva, Architect 49527 IBM Israel Global Markets, Systems HW Sales Phone: +972-3-916-5672 Fax: +972-3-916-5672 Mobile: +972-52-8395593 e-mail: [email protected] IBM Israel IBM Storage Strategy and Solutions v1IBM Storage Management and Data Protection v1 Related image From: Jagga Soorma <[email protected]> To: [email protected] Date: 05/07/2018 06:05 AM Subject: Re: [gpfsug-discuss] CES NFS export Sent by: [email protected] Looks like this is due to nfs v4 and idmapd domain not being configured correctly. I am going to test further and reach out if more assistance is needed. Thanks! On Sun, May 6, 2018 at 6:35 PM, Jagga Soorma <[email protected]> wrote: > Hi Guys, > > We are new to gpfs and have a few client that will be mounting gpfs > via nfs. We have configured the exports but all user/group > permissions are showing up as nobody. The gateway/protocol nodes can > query the uid/gid's via centrify without any issues as well as the > clients and the perms look good on a client that natively accesses the > gpfs filesystem. Is there some specific config that we might be > missing? > > -- > # mmnfs export list --nfsdefs /gpfs/datafs1 > Path Delegations Clients > Access_Type Protocols Transports Squash Anonymous_uid > Anonymous_gid SecType PrivilegedPort DefaultDelegations Manage_Gids > NFS_Commit > ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > /gpfs/datafs1 NONE {nodenames} RW 3,4 TCP > ROOT_SQUASH -2 -2 SYS FALSE NONE > TRUE FALSE > /gpfs/datafs1 NONE {nodenames} RW 3,4 > TCP NO_ROOT_SQUASH -2 -2 SYS FALSE > NONE TRUE FALSE > /gpfs/datafs1 NONE {nodenames} RW 3,4 TCP > ROOT_SQUASH -2 -2 SYS FALSE > NONE TRUE FALSE > -- > > On the nfs clients I see this though: > > -- > # ls -l > total 0 > drwxrwxr-t 3 nobody nobody 4096 Mar 20 09:19 dir1 > drwxr-xr-x 4 nobody nobody 4096 Feb 9 17:57 dir2 > -- > > Here is our mmnfs config: > > -- > # mmnfs config list > > NFS Ganesha Configuration: > ========================== > NFS_PROTOCOLS: 3,4 > NFS_PORT: 2049 > MNT_PORT: 0 > NLM_PORT: 0 > RQUOTA_PORT: 0 > NB_WORKER: 256 > LEASE_LIFETIME: 60 > DOMAINNAME: VIRTUAL1.COM > DELEGATIONS: Disabled > ========================== > > STATD Configuration > ========================== > STATD_PORT: 0 > ========================== > > CacheInode Configuration > ========================== > ENTRIES_HWMARK: 1500000 > ========================== > > Export Defaults > ========================== > ACCESS_TYPE: NONE > PROTOCOLS: 3,4 > TRANSPORTS: TCP > ANONYMOUS_UID: -2 > ANONYMOUS_GID: -2 > SECTYPE: SYS > PRIVILEGEDPORT: FALSE > MANAGE_GIDS: TRUE > SQUASH: ROOT_SQUASH > NFS_COMMIT: FALSE > ========================== > > Log Configuration > ========================== > LOG_LEVEL: EVENT > ========================== > > Idmapd Configuration > ========================== > LOCAL-REALMS: LOCALDOMAIN > DOMAIN: LOCALDOMAIN > ========================== > -- > > Thanks! _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uic-29lyJ5TCiTRi0FyznYhKJx5I7Vzu80WyYuZ4_iM&m=3k9qWcL7UfySpNVW2J8S1XsIekUHTHBBYQhN7cPVg3Q&s=844KFrfpsN6nT-DKV6HdfS8EEejdwHuQxbNR8cX2cyc&e=
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
