This list has been deprecated. Please subscribe to the new devel list at
lists.nfs-ganesha.org.
nfs4_gss_princ_to_ids() should have succeeded if you have set up your
system correctly. We use "winbind" with AD.
On Wed, Aug 8, 2018 at 11:06 PM, Frank Filz <ff...@redhat.com> wrote:
> This list has been deprecated. Please subscribe to the new devel list at
> lists.nfs-ganesha.org.
> On 08/08/2018 01:55 AM, Sri Krishnachowdary kankanala wrote:
>
>> This list has been deprecated. Please subscribe to the new devel list at
>> lists.nfs-ganesha.org.
>>
>>
>> Hi,
>>
>> Can someone please reply to this.
>>
>> Thanks,
>> Sri Krishna
>>
>> On Thu, Aug 2, 2018 at 1:18 PM, Sri Krishnachowdary kankanala <
>> kankanalaki...@gmail.com <mailto:kankanalaki...@gmail.com>> wrote:
>>
>> Hi,
>>
>> I have AD server configured on windows 2012 server. I joined
>> centos node to AD using sssd. I configured sssd with fully
>> qualified domain names for users.
>> I mounted the nfs4 ganesha's export using krb5.
>>
>> I create a file from client node logged in as us...@ad.domain.com
>> <mailto:us...@ad.domain.com> but when I do "ls -I" I see below
>> entries where as I expect the owner to be us...@ad.domain.com
>> <mailto:us...@ad.domain.com>
>>
>> -rw-r--r-- 1 4294967294 4294967294 0 Aug 1 23:12 file1
>>
>>
>> I see the below error in ganesha logs:
>>
>>
>> nfs_req_creds :Could not map principal us...@ad.domain.com
>> <mailto:us...@ad.domain.com> to uid
>>
>>
>> I further went ahead and used nfs4_set_debug() to get more logs
>> and found the below in ganesha logs when principal2uid() is called:
>>
>> nfs4_gss_princ_to_ids: calling nsswitch->princ_to_ids
>>
>> nss_getpwnam: name 'us...@ad.domain.com
>> <mailto:us...@ad.domain.com>' domain '(null)': resulting localname
>> 'user1'
>>
>> nfs4_gss_princ_to_ids: nsswitch->princ_to_ids returned -2
>>
>> nfs4_gss_princ_to_ids: final return value is -2
>>
>>
>>
>> Relevant entries in my idmap.conf:
>>
>> [General]
>>
>> Domain = ad.domain.com <http://ad.domain.com>
>>
>>
>> [Translation]
>>
>> Method = nsswitch
>>
>>
>>
> Did you try putting your domain in all caps in your idmap.conf?
>
> The same setup works if I disable fully qualified domain names
>> from sssd.
>>
>> Is there a way to use other methods like umich_ldap and get Fully
>> qualified AD domain running with nfs4 ganesha?
>> Can you please list the steps I need to follow on order to do that?
>>
>>
> I'm not personally familiar with using AD.
>
> Frank
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Nfs-ganesha-devel mailing list
> Nfs-ganesha-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
