Having just spent several days trying to get to the root cause of this
id-mapping issue I am strongly inclined to agree with Ancoron regarding the
forced usage of UID & GID with AUTH_SYS.
I have exactly the issue he describes. This is a small home setup and I do not
have nor do I desire to
I can toggle the good and bad behaviour by adding or removing "files" to
passwd_compat in /etc/nsswitch.conf
Causes problem:
passwd_compat: files ldap
group_compat: files ldap
host:/root root# getent passwd 1119
host:/root root#
No problem:
passwd_compat: ldap
group_compat: ldap
Just wanted to add my findings to this as I was also curious to get
user/group mapping to work without the need of a Kerberos server.
However, what I saw especially in comments and documentation from
upstream is that this was never designed to work that way. Instead, the
idmapper only works in
1) Confirmed: Ubuntu 11.04 has the problem, 10.04 does not.
2) I'm running the involved clients diskless, and apparently I forgot to
upgrade the tftpboot kernel for the 11.04, so the clients are now both running
the same kernel: 2.6.38-8-generic-pae. The problem does not depend on the
kernel.
11.04 has been unsupported since October 2012. You might want to re-
test this with a currently supported release.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/966734
Title:
nfs4+idmap does not
It sounds like this may have been fixed upstream?
See https://bugzilla.linux-nfs.org/show_bug.cgi?id=226
** Bug watch added: bugzilla.linux-nfs.org/ #226
http://bugzilla.linux-nfs.org/show_bug.cgi?id=226
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
FYI - Running across this bug when trying to get rpc.idmapd working
between Redhat5/6 boxes that have the same UID but different user names.
Added fun is that some of the conflicting UIDs are from LDAP and some
are from files. Very annoying!
--
You received this bug notification because you are
I'm debate the severity of the bug. If it's not about to be fixed (and
noting that, like Rudd-O, I've had this working properly, so it's not a
'feature' of SYS_AUTH) then it needs to be a lot clearer to people
installing NFS that mixed-userlist machines should not be expected to
work correctly.
Exploring the bug, it seems that rpc.idmap on the server maps a UID to a
name for RPC, and on the client does the reverse. The only earthly
reason for this is to get the server/client names straight.
Unfortunately it isn't applied on all operations - specifically, not
when you open a file - and
This bug persists on 12.04. It works on Fedora though.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/966734
Title:
nfs4+idmap does not map uids correctly when using AUTH_SYS
To manage
I found a discussion from 2008 on the net which seems to indicate that
this is by design and won't get changed:
http://thread.gmane.org/gmane.linux.nfsv4/7103/focus=7105
Sad, but probably there is nothing that can be done about this (aside
from using Kerberos, syncing IDs, or switching to
We are having the same problem on our servers running 11.10 but not on
servers running 10.04.4 and they both configured the same (they are two
different enviroments)
Also the two 11.10 boxen are all upto date and running the same kernels
(I read someone solved a similar issue by upgrading
as a workaround I created the attached script (which you will need to
update for correct UID and GID values, this can be used on the slave
server to sync the UID and GID across the servers.
I had to lookup the values of the GID and UID and find a spare value
that wasn't used.
*note* I used this
Thanks Clifford; sadly, it's probably not so useful in environments with two or
more NFS clients.
If we really only needed to mount one share per one client, we could use iSCSI
or something.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Ok. I think this is almost certainly a bug in the software somewhere,
not just a misconfiguration, but I'm of no help in figuring it out; I
only use RPCSEC_GSS here because even if this particular issue is an
implementation bug, there are plenty of other problems with AUTH_SYS
that are
Having scoured the internet some more, I've found a couple more sources that
confirm the idmapping works when Kerberos security is enabled.. and that it
doesn't work properly without it.
The fact that the usernames are still converted correctly in listing, just not
access control, still makes
16 matches
Mail list logo
