> On 3/6/2018 10:45 AM, Tom wrote:> t...@my.dom is an ad user. Nix.my.dom > is a subdomain managed freeipa.
So you have two domains visible on your client? That may be causing confusion. The client sending t...@my.dom@localdomain makes me think idmapd thinks localdomain is the domain to use for ids, and it doesn't recognize @my.dom, so it's treating "t...@my.dom" as an opaque username, and appending @localdomain to turn it into a fully qualified username. Frank > > Tried identical ifmapd.conf files on client and server but rpcidmapd tries > > to > start the local copy of nfsd on the nfs Ganesha servers but that competes with > nfs-Ganesha and won’t bind on port 2049. So I need to change the port for the > old nfs to 12049 etc to get the old nfs started so rpcidmapd can start on the > Ganesha nfs servers. They made it a dependency. > > > > That’s when things get messy. I may try to uninstall the built in nfs > > packages > but not sure if they will also pull out the rpcidmapd ones too. > > > > Cheers, > > Tom > > > > Sent from my iPhone > > > >> On Mar 6, 2018, at 9:00 AM, Daniel Gryniewicz <d...@redhat.com> wrote: > >> > >> Based on the error messages, you client is not sending t...@nix.my.dom but > is sending t...@my.dom@localdomain. Something is mis-configured on the > client. Have you tried having identical (including case) idmapd.conf files > on both > the client and server? > >> > >> Idmap configuration has historically be very picky and hard to set up, and > >> I'm > far from an expert on it. > >> > >> Daniel > >> > >>> On 03/06/2018 08:24 AM, TomK wrote: > >>> Hey Guy's, > >>> Getting below message which in turn fails to list proper UID / GID on > >>> NFSv4 > mounts from within an unprivileged account. All files show up with owner and > group as nobody / nobody when viewed from the client. > >>> Wondering if anyone saw this and what the solution could be here? > >>> If not the right list, let me know please. > >>> [root@client01 etc]# cat /etc/idmapd.conf|grep -v "#"| sed -e "/^$/d" > >>> [General] > >>> Verbosity = 7 > >>> Domain = nix.my.dom > >>> [Mapping] > >>> [Translation] > >>> [Static] > >>> [UMICH_SCHEMA] > >>> LDAP_server = ldap-server.local.domain.edu LDAP_base = > >>> dc=local,dc=domain,dc=edu > >>> [root@client01 etc]# > >>> Mount looks like this: > >>> nfs-c01.nix.my.dom:/n/my.dom on /n/my.dom type nfs4 > >>> (rw,relatime,vers=4.0,rsize=8192,wsize=8192,namlen=255,hard,proto=tc > >>> p,port=0,timeo=10,retrans=2,sec=sys,clientaddr=192.168.0.236,local_l > >>> ock=none,addr=192.168.0.80) /var/log/messages Mar 6 00:17:27 client01 > nfsidmap[14396]: key: 0x3f2c257b type: uid value: t...@my.dom@localdomain > timeout 600 Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: > calling nsswitch->name_to_uid Mar 6 00:17:27 client01 nfsidmap[14396]: > nss_getpwnam: name 't...@my.dom@localdomain' domain 'nix.my.dom': > resulting localname '(null)' > >>> Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name > 't...@my.dom@localdomain' does not map into domain 'nix.my.dom' > >>> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: > >>> nsswitch->name_to_uid returned -22 Mar 6 00:17:27 client01 > >>> nfsidmap[14396]: nfs4_name_to_uid: final return value is -22 Mar 6 > >>> 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: calling nsswitch- > >name_to_uid Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name > 'nob...@nix.my.dom' domain 'nix.my.dom': resulting localname 'nobody' > >>> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: > >>> nsswitch->name_to_uid returned 0 Mar 6 00:17:27 client01 > >>> nfsidmap[14396]: nfs4_name_to_uid: final return value is 0 Mar 6 > >>> 00:17:27 client01 nfsidmap[14398]: key: 0x324b0048 type: gid value: > >>> t...@my.dom@localdomain timeout 600 Mar 6 00:17:27 client01 > >>> nfsidmap[14398]: nfs4_name_to_gid: calling nsswitch->name_to_gid Mar > >>> 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: > >>> nsswitch->name_to_gid returned -22 Mar 6 00:17:27 client01 > >>> nfsidmap[14398]: nfs4_name_to_gid: final return value is -22 Mar 6 > >>> 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: calling nsswitch- > >name_to_gid Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: > nsswitch->name_to_gid returned 0 Mar 6 00:17:27 client01 nfsidmap[14398]: > nfs4_name_to_gid: final return value is 0 Mar 6 00:17:31 client01 systemd- > logind: Removed session 23. > >>> Result of: > >>> systemctl restart rpcidmapd > >>> /var/log/messages > >>> ------------------- > >>> Mar 5 23:46:12 client01 systemd: Stopping Automounts filesystems on > demand... > >>> Mar 5 23:46:13 client01 systemd: Stopped Automounts filesystems on > demand. > >>> Mar 5 23:48:51 client01 systemd: Stopping NFSv4 ID-name mapping > service... > >>> Mar 5 23:48:51 client01 systemd: Starting Preprocess NFS configuration... > >>> Mar 5 23:48:51 client01 systemd: Started Preprocess NFS configuration. > >>> Mar 5 23:48:51 client01 systemd: Starting NFSv4 ID-name mapping > service... > >>> Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: using > >>> domain: nix.my.dom Mar 5 23:48:51 client01 rpc.idmapd[14117]: > libnfsidmap: Realms list: 'NIX.MY.DOM' > >>> Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap: using > >>> domain: nix.my.dom Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: > libnfsidmap: Realms list: 'NIX.MY.DOM' > >>> Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap: loaded > >>> plugin /lib64/libnfsidmap/nsswitch.so for method nsswitch Mar 5 > >>> 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: loaded plugin > /lib64/libnfsidmap/nsswitch.so for method nsswitch Mar 5 23:48:51 client01 > rpc.idmapd[14118]: Expiration time is 600 seconds. > >>> Mar 5 23:48:51 client01 systemd: Started NFSv4 ID-name mapping service. > >>> Mar 5 23:48:51 client01 rpc.idmapd[14118]: Opened > >>> /proc/net/rpc/nfs4.nametoid/channel > >>> Mar 5 23:48:51 client01 rpc.idmapd[14118]: Opened > >>> /proc/net/rpc/nfs4.idtoname/channel > >> > > > > > > ---------------------------------------------------------------------- > > -------- Check out the vibrant tech community on one of the world's > > most engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > > Nfs-ganesha-devel mailing list > > Nfs-ganesha-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel > > > Cant remove the previous NFS utils package. I may need to figure out a way to > work with /etc/idmapd.conf. > > [root@nfs02 ~]# rpm -e nfs-utils-1.3.0-0.48.el7_4.1.x86_64 > error: Failed dependencies: > nfs-utils is needed by (installed) > ipa-client-4.5.0-22.el7.centos.x86_64 > nfs-utils is needed by (installed) > libvirt-daemon-driver-storage-core-3.2.0-14.el7_4.7.x86_64 > /sbin/mount.nfs is needed by (installed) > resource-agents-3.9.5-105.el7_4.6.x86_64 > /sbin/mount.nfs4 is needed by (installed) > resource-agents-3.9.5-105.el7_4.6.x86_64 > /sbin/rpc.statd is needed by (installed) > resource-agents-3.9.5-105.el7_4.6.x86_64 > /usr/sbin/rpc.mountd is needed by (installed) > resource-agents-3.9.5-105.el7_4.6.x86_64 > /usr/sbin/rpc.nfsd is needed by (installed) > resource-agents-3.9.5-105.el7_4.6.x86_64 > [root@nfs02 ~]# vi /etc/idmapd.conf > > > -- > Cheers, > Tom K. > ------------------------------------------------------------------------------------- > > Living on earth is expensive, but it includes a free trip around the sun. > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most engaging tech > sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Nfs-ganesha-devel mailing list > Nfs-ganesha-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
