Re: [Nfs-ganesha-devel] nfs4 idmapping issue with sssd fully qualified domain names

Thu, 09 Aug 2018 05:50:35 -0700 

This list has been deprecated. Please subscribe to the new devel list at 
lists.nfs-ganesha.org.
Malahal,

>> nfs4_gss_princ_to_ids() should have succeeded if you have set up your

system correctly. We use "winbind" with AD.


I am using ubuntu. Can you pls let me know what libraries I need to use to
compile ganesha with windbind?


Thanks,

Sri Krishna


On Wed, Aug 8, 2018 at 2:25 PM, Sri Krishnachowdary kankanala <
kankanalaki...@gmail.com> wrote:

> Hi,
>
> Can someone please reply to this.
>
> Thanks,
> Sri Krishna
>
> On Thu, Aug 2, 2018 at 1:18 PM, Sri Krishnachowdary kankanala <
> kankanalaki...@gmail.com> wrote:
>
>> Hi,
>>
>> I have AD server configured on windows 2012 server. I joined centos node
>> to AD using sssd. I configured sssd with fully qualified domain names for
>> users.
>> I mounted the nfs4 ganesha's export using krb5.
>>
>> I create a file from client node logged in as us...@ad.domain.com but
>> when I do "ls -I" I see below entries where as I expect the owner to be
>> us...@ad.domain.com
>>
>>   -rw-r--r-- 1         4294967294            4294967294 0 Aug  1 23:12
>> file1
>>
>>
>> I see the below error in ganesha logs:
>>
>>
>>   nfs_req_creds :Could not map principal us...@ad.domain.com to uid
>>
>> I further went ahead and used nfs4_set_debug() to get more logs and found
>> the below in ganesha logs when principal2uid() is called:
>>
>>   nfs4_gss_princ_to_ids: calling nsswitch->princ_to_ids
>>
>>   nss_getpwnam: name 'us...@ad.domain.com' domain '(null)': resulting
>> localname 'user1'
>>
>>   nfs4_gss_princ_to_ids: nsswitch->princ_to_ids returned -2
>>
>>   nfs4_gss_princ_to_ids: final return value is -2
>>
>>
>>
>> Relevant entries in my idmap.conf:
>>
>>    [General]
>>
>>   Domain = ad.domain.com
>>
>>   [Translation]
>>
>>   Method = nsswitch
>>
>> The same setup works if I disable fully qualified domain names from sssd.
>>
>> Is there a way to use other methods like umich_ldap and get Fully
>> qualified AD domain  running with nfs4 ganesha?
>> Can you please list the steps I need to follow on order to do that?
>>
>> Thanks,
>> Sri Krishna
>>
>>
>>
>

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Reply via email to