[Kernel-packages] [Bug 1124250] Re: Partially incorrect uid mapping with nfs4/idmapd/ldap-auth
Hi, I'm still seeing this error. root@XX:~# uname -r 3.13.0-77-generic root@XX~# root@~# cat /etc/issue Ubuntu 14.04.4 LTS \n \l root@:~# -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1124250 Title: Partially incorrect uid mapping with nfs4/idmapd/ldap-auth Status in linux package in Ubuntu: Fix Released Status in linux source package in Trusty: Fix Released Status in linux source package in Utopic: Fix Released Status in nfs-utils package in Debian: Confirmed Status in Fedora: Unknown Bug description: [Impact] * This bug is likely to cause an incorrect UID/GID mapping for NFS shares in case of large numbers of differend UIDs/GIDs or in case of expired UID/GID mappings (stored as keys in the kernel). [Test Case] 1. Setup a nfs4 server exporting /home with a large number of different users and ldap-based authentication. 2. Mount the share on a ldap-connected client machine. 3. List the mounted /home directory. 4. Wait more than 10 minutes (the default key expiration time) and list it again with ls -l. Expected result - all directories are listed with correct UIDs/GIDs. Actual result - some of the directories may be listed with incorrect UID/GID of 4294967294. [Regression Potential] * This issue has been merged upstream in the 3.18 kernel and is also present in Debian's 3.16 kernel. [Other Info] * Original bug description: I'm running a nfs4 server exporting a directory /home (ext4,usrquota). This server is running Ubuntu 12.04 amd64(up-to-date). This directory is handling 662 homedirs for ldap authenticated users. /etc/exports is : /exports 192.168.0.0/24(rw,fsid=0,no_subtree_check) Important lines in /etc/idmapd.conf : domain=my-domain.org [Translation] Method=nsswitch. In /etc/default/nfs-common : NEED_IDMAPD=yes In /etc/default/nfs-kernel-server : RPCNFSDCOUNT=75 RPCMOUNTDOPTS=--manage-gids 2 Clients (rhel6 x86 & Ubuntu 12.04.2 i686) are mounting this nfs4 exported directory with no problems : When doing ls -l /home on this clients, I have : ... drwx-- 4 user100 oldusers 4096 sept. 21 2011 user100 drwx-- 4 user101 oldusers 4096 sept. 21 2011 user101 drwx-- 37 user102 oldusers 4096 oct. 1 19:06 user102 drwx-- 36 user103 users4096 févr. 5 21:08 user103 drwx-- 36 user104 users4096 févr. 8 14:03 user104 drwx-- 30 user105 users4096 févr. 4 18:01 user105 drwx-- 28 user106 oldusers 4096 oct. 5 2011 user106 drwx-- 37 user107 oldusers 4096 janv. 8 14:52 user107 drwx-- 31 user108 users4096 déc. 4 11:52 user108 drwx-- 4 user109 oldusers 4096 sept. 21 2011 user109 drwx--x--x 45 user110 oldusers 4096 janv. 22 15:53 user109 drwx-- 31 user111 users4096 janv. 29 12:03 user110 ... uid/gid mapping works fine, authldap works fine, ... All Clients running Ubuntu 12.10 i686 or Ubuntu 12.10 amd64 are experiencing the same problem : The config files are the same that used in ubuntu 12.04. Auth ldap is correctly configured, user can log in. This is the /etc/fstab entry for /home : 192.168.0.1:/ /home nfs rw,nfsvers=4 0 0 Important lines in /etc/idmapd.conf : domain=my-domain.org [Translation] Method=nsswitch In /etc/default/nfs-common : NEED_IDMAPD=yes /etc/nsswitch.conf is : passwd: files ldap group: files ldap shadow: files ldap When doing ls -l /home there is a strange problem : drwx-- 4 4294967294 oldusers 4096 sept. 21 2011 user100 drwx-- 4 user101oldusers 4096 sept. 21 2011 user101 drwx-- 37 user102oldusers 4096 oct. 1 19:06 user102 drwx-- 36 4294967294 users4096 févr. 5 21:08 user103 drwx-- 36 4294967294 users4096 févr. 8 14:03 user104 drwx-- 30 4294967294 users4096 févr. 4 18:01 user105 drwx-- 28 4294967294 oldusers 4096 oct. 5 2011 user106 drwx-- 37 4294967294 oldusers 4096 janv. 8 14:52 user107 drwx-- 31 4294967294 users4096 déc. 4 11:52 user108 drwx-- 4 user109oldusers 4096 sept. 21 2011 user109 drwx--x--x 45 4294967294 oldusers 4096 janv. 22 15:53 user110 drwx-- 31 4294967294 users4096 janv. 29 12:03 user111 for 571 homedirs (this number varies at each reboot)/662, the owner is the value 4294967294. For the 91 remaining homedirs, the owner is correct. The gidnumber is correctly mapped for all (only 5 differents values used for gidNumber). In /var/log/syslog, I can see : For example : user110 is mapped as 4294967294. but the command "id user110" returns : uid=31124(user110) gid=666(oldusers) groupes=666(oldusers) user110 logs in (auth ldap) from tty1. He runs "ls -l /home/user110/"
[Kernel-packages] [Bug 1124250] Re: Partially incorrect uid mapping with nfs4/idmapd/ldap-auth
Hi, Am I still hitting this bug ? root@XX:~# uname -r 3.13.0-77-generic root@XX~# root@~# cat /etc/issue Ubuntu 14.04.4 LTS \n \l root@:~# root@prod-login-west01:~# ls -l /u4/ | head total 9356 drwx--x--x 6 nobody staff4096 Jun 24 2013 aabdul drwx--x--x 75 nobody staff 24576 Feb 12 2015 aadhikar drwxr-xr-x 3 4294967294 daemon 4096 Nov 6 2013 aaggarwa drwx--x--x 27 nobody staff 20480 Jul 22 2012 aalness drwx--x--x 3 4294967294 staff4096 Aug 1 2012 aamehta drwx--x--x 4 nobody staff4096 Dec 10 2012 aamsalem drwx--x--x 4 4294967294 staff4096 Jan 23 2015 aamte drwxr-xr-x 3 4294967294 staff4096 Jul 15 2014 aanand drwx--x--x 2 4294967294 staff4096 Mar 26 2013 aassfalg root@prod-login-west01:~# -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1124250 Title: Partially incorrect uid mapping with nfs4/idmapd/ldap-auth Status in linux package in Ubuntu: Fix Released Status in linux source package in Trusty: Fix Released Status in linux source package in Utopic: Fix Released Status in nfs-utils package in Debian: Confirmed Status in Fedora: Unknown Bug description: [Impact] * This bug is likely to cause an incorrect UID/GID mapping for NFS shares in case of large numbers of differend UIDs/GIDs or in case of expired UID/GID mappings (stored as keys in the kernel). [Test Case] 1. Setup a nfs4 server exporting /home with a large number of different users and ldap-based authentication. 2. Mount the share on a ldap-connected client machine. 3. List the mounted /home directory. 4. Wait more than 10 minutes (the default key expiration time) and list it again with ls -l. Expected result - all directories are listed with correct UIDs/GIDs. Actual result - some of the directories may be listed with incorrect UID/GID of 4294967294. [Regression Potential] * This issue has been merged upstream in the 3.18 kernel and is also present in Debian's 3.16 kernel. [Other Info] * Original bug description: I'm running a nfs4 server exporting a directory /home (ext4,usrquota). This server is running Ubuntu 12.04 amd64(up-to-date). This directory is handling 662 homedirs for ldap authenticated users. /etc/exports is : /exports 192.168.0.0/24(rw,fsid=0,no_subtree_check) Important lines in /etc/idmapd.conf : domain=my-domain.org [Translation] Method=nsswitch. In /etc/default/nfs-common : NEED_IDMAPD=yes In /etc/default/nfs-kernel-server : RPCNFSDCOUNT=75 RPCMOUNTDOPTS=--manage-gids 2 Clients (rhel6 x86 & Ubuntu 12.04.2 i686) are mounting this nfs4 exported directory with no problems : When doing ls -l /home on this clients, I have : ... drwx-- 4 user100 oldusers 4096 sept. 21 2011 user100 drwx-- 4 user101 oldusers 4096 sept. 21 2011 user101 drwx-- 37 user102 oldusers 4096 oct. 1 19:06 user102 drwx-- 36 user103 users4096 févr. 5 21:08 user103 drwx-- 36 user104 users4096 févr. 8 14:03 user104 drwx-- 30 user105 users4096 févr. 4 18:01 user105 drwx-- 28 user106 oldusers 4096 oct. 5 2011 user106 drwx-- 37 user107 oldusers 4096 janv. 8 14:52 user107 drwx-- 31 user108 users4096 déc. 4 11:52 user108 drwx-- 4 user109 oldusers 4096 sept. 21 2011 user109 drwx--x--x 45 user110 oldusers 4096 janv. 22 15:53 user109 drwx-- 31 user111 users4096 janv. 29 12:03 user110 ... uid/gid mapping works fine, authldap works fine, ... All Clients running Ubuntu 12.10 i686 or Ubuntu 12.10 amd64 are experiencing the same problem : The config files are the same that used in ubuntu 12.04. Auth ldap is correctly configured, user can log in. This is the /etc/fstab entry for /home : 192.168.0.1:/ /home nfs rw,nfsvers=4 0 0 Important lines in /etc/idmapd.conf : domain=my-domain.org [Translation] Method=nsswitch In /etc/default/nfs-common : NEED_IDMAPD=yes /etc/nsswitch.conf is : passwd: files ldap group: files ldap shadow: files ldap When doing ls -l /home there is a strange problem : drwx-- 4 4294967294 oldusers 4096 sept. 21 2011 user100 drwx-- 4 user101oldusers 4096 sept. 21 2011 user101 drwx-- 37 user102oldusers 4096 oct. 1 19:06 user102 drwx-- 36 4294967294 users4096 févr. 5 21:08 user103 drwx-- 36 4294967294 users4096 févr. 8 14:03 user104 drwx-- 30 4294967294 users4096 févr. 4 18:01 user105 drwx-- 28 4294967294 oldusers 4096 oct. 5 2011 user106 drwx-- 37 4294967294 oldusers 4096 janv. 8 14:52 user107 drwx-- 31 4294967294 users4096 déc. 4 11:52 user108 drwx-- 4 user109oldusers