** Description changed: - Environment: IPA + NFSv4 (sec=krb5). + [Impact] + + * In a multi-domain environment setup with LDAP or IPA, the username is + not parsed correctly, resulting in id mapping issues. + + * As a result, NFSv4 cannot be used in a multi-domain environment at all + if the username is of the form user@authentication_domain@idmap_domain + + * The attached patch fixes an almost 10 year old bug in the libnfsidmap + library. The patch is included already in a similar form in current RHEL + releases. + + * Affects at least libnfsidmap2 0.25-5 on Ubuntu 16.04, 16.10, 17.04, + 17.10. + + [Test Case] + + * IPA with 2 different user domains. For example: user1@domain1 and + user2@domain2. + + * NFSv4 server enrolled into IPA. + + * NFS client enrolled into IPA. User and group names coming from IPA + have an '@' in them. + + [Regression Potential] + + * The attached patch has been in production in a major organisation with + more than 500 Ubuntu clients for more than a year now and has not shown + any issues. + + [Other Info] + + Environment: IPA + NFSv4 (sec=krb5) nss.c uses wrong '@' sign to detect the NFS domain resulting in "nobody" ownerships and the following error messages in an IPA environment: Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: key: 0x2c254c26 type: uid value: rns@[email protected] timeout 600 Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nfs4_name_to_uid: calling nsswitch->name_to_uid Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nss_getpwnam: name 'rns@[email protected]' domain 'ipa.localdomain': resulting localname '(null)' Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nss_getpwnam: name 'rns@[email protected]' does not map into domain 'ipa.localdomain' Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nfs4_name_to_uid: nsswitch->name_to_uid returned -22 Oct 25 16:49:42 ubuntu-16.04-client.sub.localdomain nfsidmap[6163]: nfs4_name_to_uid: final return value is -22 - - Affects at least libnfsidmap2=0.25-5 and 0.25-5.1 on 16.04, 16.10, - 17.04, 17.10 - - Corresponding Debian bug report: https://bugs.debian.org/cgi- - bin/bugreport.cgi?bug=744768 - - Tested patch attached.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1728310 Title: libnfsidmap2 fails to obtain username which results in failed translation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libnfsidmap/+bug/1728310/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
