On 3/8/2018 2:38 AM, Malahal Naineni wrote:
Hmm.  When I change some configs in /etc/idmapd.conf on the client:

Nobody-User = nfsnobody
Nobody-Group = nfsnobody

server that connects to the NFS Ganesha cluster, I do see some changes and folders list as nfsnobody instead of nobody. So that gave me the impression it's being used in some way.

Tried with it disabled and the result is the same, still listed as nobody for UID / GID. I think the FreeIPA client is using it instead. Thinking it's not an NFS Ganesha question at this point then.

Cheers,
Tom

>> Tried identical ifmapd.conf files on client and server but rpcidmapd tries to start the local copy of nfsd on the nfs Ganesha servers but that competes with

NFS Ganesha doesn't need rpcidmapd daemon running. So refrain from running the idmapd daemon. Ganesha uses idmapd libraries, so you should be good as long as you have the libraries installed (part of the nfs-utils package on RHEL, I think).

Regards, Malahal.

On Tue, Mar 6, 2018 at 9:15 PM, Tom <t...@mdevsys.com <mailto:t...@mdevsys.com>> wrote:

    t...@my.dom is an ad user.   Nix.my.dom is a subdomain managed freeipa.

    Tried identical ifmapd.conf files on client and server but rpcidmapd
    tries to start the local copy of nfsd on the nfs Ganesha servers but
    that competes with nfs-Ganesha and won’t bind on port 2049.  So I
    need to change the port for the old nfs to 12049 etc to get the old
    nfs started so rpcidmapd can start on the Ganesha nfs servers.  They
    made it a dependency.

    That’s when things get messy.   I may try to uninstall the built in
    nfs packages but not sure if they will also pull out the rpcidmapd
    ones too.

    Cheers,
    Tom

    Sent from my iPhone

     > On Mar 6, 2018, at 9:00 AM, Daniel Gryniewicz <d...@redhat.com
    <mailto:d...@redhat.com>> wrote:
     >
     > Based on the error messages, you client is not sending
    t...@nix.my.dom but is sending t...@my.dom@localdomain.  Something is
    mis-configured on the client.  Have you tried having identical
    (including case) idmapd.conf files on both the client and server?
     >
     > Idmap configuration has historically be very picky and hard to
    set up, and I'm far from an expert on it.
     >
     > Daniel
     >
     >> On 03/06/2018 08:24 AM, TomK wrote:
     >> Hey Guy's,
     >> Getting below message which in turn fails to list proper UID /
    GID on NFSv4 mounts from within an unprivileged account. All files
    show up with owner and group as nobody / nobody when viewed from the
    client.
     >> Wondering if anyone saw this and what the solution could be here?
     >> If not the right list, let me know please.
     >> [root@client01 etc]# cat /etc/idmapd.conf|grep -v "#"| sed -e
    "/^$/d"
     >> [General]
     >> Verbosity = 7
     >> Domain = nix.my.dom
     >> [Mapping]
     >> [Translation]
     >> [Static]
     >> [UMICH_SCHEMA]
     >> LDAP_server = ldap-server.local.domain.edu
    <http://ldap-server.local.domain.edu>
     >> LDAP_base = dc=local,dc=domain,dc=edu
     >> [root@client01 etc]#
     >> Mount looks like this:
     >> nfs-c01.nix.my.dom:/n/my.dom on /n/my.dom type nfs4
    
(rw,relatime,vers=4.0,rsize=8192,wsize=8192,namlen=255,hard,proto=tcp,port=0,timeo=10,retrans=2,sec=sys,clientaddr=192.168.0.236,local_lock=none,addr=192.168.0.80)
    /var/log/messages
     >> Mar  6 00:17:27 client01 nfsidmap[14396]: key: 0x3f2c257b type:
    uid value: t...@my.dom@localdomain timeout 600
     >> Mar  6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
    calling nsswitch->name_to_uid
     >> Mar  6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name
    't...@my.dom@localdomain' domain 'nix.my.dom': resulting localname
    '(null)'
     >> Mar  6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name
    't...@my.dom@localdomain' does not map into domain 'nix.my.dom'
     >> Mar  6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
    nsswitch->name_to_uid returned -22
     >> Mar  6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
    final return value is -22
     >> Mar  6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
    calling nsswitch->name_to_uid
     >> Mar  6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name
    'nob...@nix.my.dom' domain 'nix.my.dom': resulting localname 'nobody'
     >> Mar  6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
    nsswitch->name_to_uid returned 0
     >> Mar  6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
    final return value is 0
     >> Mar  6 00:17:27 client01 nfsidmap[14398]: key: 0x324b0048 type:
    gid value: t...@my.dom@localdomain timeout 600
     >> Mar  6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
    calling nsswitch->name_to_gid
     >> Mar  6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
    nsswitch->name_to_gid returned -22
     >> Mar  6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
    final return value is -22
     >> Mar  6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
    calling nsswitch->name_to_gid
     >> Mar  6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
    nsswitch->name_to_gid returned 0
     >> Mar  6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
    final return value is 0
     >> Mar  6 00:17:31 client01 systemd-logind: Removed session 23.
     >> Result of:
     >> systemctl restart rpcidmapd
     >> /var/log/messages
     >> -------------------
     >> Mar  5 23:46:12 client01 systemd: Stopping Automounts
    filesystems on demand...
     >> Mar  5 23:46:13 client01 systemd: Stopped Automounts filesystems
    on demand.
     >> Mar  5 23:48:51 client01 systemd: Stopping NFSv4 ID-name mapping
    service...
     >> Mar  5 23:48:51 client01 systemd: Starting Preprocess NFS
    configuration...
     >> Mar  5 23:48:51 client01 systemd: Started Preprocess NFS
    configuration.
     >> Mar  5 23:48:51 client01 systemd: Starting NFSv4 ID-name mapping
    service...
     >> Mar  5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: using
    domain: nix.my.dom
     >> Mar  5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: Realms
    list: 'NIX.MY.DOM'
     >> Mar  5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap:
    using domain: nix.my.dom
     >> Mar  5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap:
    Realms list: 'NIX.MY.DOM'
     >> Mar  5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap:
    loaded plugin /lib64/libnfsidmap/nsswitch.so for method nsswitch
     >> Mar  5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: loaded
    plugin /lib64/libnfsidmap/nsswitch.so for method nsswitch
     >> Mar  5 23:48:51 client01 rpc.idmapd[14118]: Expiration time is
    600 seconds.
     >> Mar  5 23:48:51 client01 systemd: Started NFSv4 ID-name mapping
    service.
     >> Mar  5 23:48:51 client01 rpc.idmapd[14118]: Opened
    /proc/net/rpc/nfs4.nametoid/channel
     >> Mar  5 23:48:51 client01 rpc.idmapd[14118]: Opened
    /proc/net/rpc/nfs4.idtoname/channel
     >


    
------------------------------------------------------------------------------
    Check out the vibrant tech community on one of the world's most
    engaging tech sites, Slashdot.org! http://sdm.link/slashdot
    _______________________________________________
    Nfs-ganesha-devel mailing list
    Nfs-ganesha-devel@lists.sourceforge.net
    <mailto:Nfs-ganesha-devel@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
    <https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel>




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot



_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel



--
Cheers,
Tom K.
-------------------------------------------------------------------------------------

Living on earth is expensive, but it includes a free trip around the sun.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Reply via email to