** Description changed: uid and gid appear to not map properly from nfsidmap in a nfsv4 with sec=krb5. UID and GID are mapping properly on CentOS server and CentOS client. Ubuntu nfs client file permissions are honored, but display in `ls -lan` command are incorrect. $ cat /var/log/syslog |grep nfsidmap - Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: key: 0x24a1c64d type: uid value: [email protected]@AD.SIU.EDU timeout 600 + Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: key: 0x24a1c64d type: uid value: [email protected]@XX.XX.EDU timeout 600 Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling nsswitch->name_to_uid Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name '[email protected]@XX.XX.EDU' domain 'XX.XX.EDU': resulting localname '(null)' Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name '[email protected]@XX.XX.EDU' does not map into domain 'XX.XX.EDU' Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: nsswitch->name_to_uid returned -22 Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: final return value is -22 Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling nsswitch->name_to_uid $ $ mount -v -t nfs4 -o sec=krb5 SP19SRV.XX.XX.EDU:/export /mnt $ su userX $ ls -la /mnt total 4 drwxr-xr-x 5 nobody 4294967294 50 Feb 28 18:04 . drwxr-xr-x 24 root root 4096 Mar 7 22:34 .. drwxr-xr-x 2 nobody 4294967294 125 Mar 8 16:27 userX $ Problem: nfsmapid isn't showing proper file permissions on the ubuntu nfsv4 client with sec=krb Client: - mount -v -t nfs4 -o sec=krb5 SP19SRV.AD.SIU.EDU:/export /mnt + mount -v -t nfs4 -o sec=krb5 SP19SRV.XX.XX.EDU:/export /mnt $ ls -la total 4 drwxr-xr-x 5 nobody 4294967294 50 Feb 28 18:04 . drwxr-xr-x 24 root root 4096 Mar 7 20:58 .. drwxr-xr-x 2 nobody 4294967294 112 Mar 7 14:30 username [email protected]@ubuntuclient:/mnt - $ cat /etc/idmapd.conf + $ cat /etc/idmapd.conf [General] Verbosity = 9 Pipefs-Directory = /run/rpc_pipefs # set your own domain here, if it differs from FQDN minus hostname Domain = XX.XXX.EDU [Mapping] Nobody-User = nobody Nobody-Group = nogroup - - $ cat /etc/default/nfs-common + $ cat /etc/default/nfs-common STATDOPTS= # Do you want to start the gssd daemon? It is required for Kerberos mounts. NEED_GSSD="yes" NEED_IDMAPD="yes" # I've tried commenting out NEED_IDMAPD as well. My nfs server is a Centos 7. Both machines were joined to active directory with sssd. NFSv4 with krb security works on my centos server and client. The nfs server mount works on the ubuntu client and file permissions are honored. But, the ls -la command is showing the incorrect file permissions. - uid and gid's appear to be in sync from sssd. + uid and gid's appear to be in sync from sssd. Note in + /etc/sssd/sssd.conf ldap_id_mapping = False though I don't think that + should matter since ids are the same on both client and server from the + ldap attributes in AD. + + Centos 7 servers /var/log/messages with idmapd.conf verbosity: + Mar 8 16:38:32 sp19srv rpc.idmapd[1224]: Server : (group) id "65534" -> name "[email protected]" + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=user + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling nsswitch->uid_to_name + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: nsswitch->uid_to_name returned 0 + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final return value is 0 + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "3872" -> name "[email protected]@XX.XX.EDU" + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=group + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: calling nsswitch->gid_to_name + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: nsswitch->gid_to_name returned 0 + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: final return value is 0 + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (group) id "110" -> name "some group [email protected]@XX.XX.EDU" + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=user + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling nsswitch->uid_to_name + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: nsswitch->uid_to_name returned 0 + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final return value is 0 + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "0" -> name "[email protected]" + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=group + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: calling nsswitch->gid_to_name + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: nsswitch->gid_to_name returned 0 + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: final return value is 0 + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (group) id "0" -> name "[email protected]" + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=user + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling nsswitch->uid_to_name + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: nsswitch->uid_to_name returned 0 + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final return value is 0 + Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "1630" -> name "[email protected]@XX.XX.EDU" Please let me know if you need any additional information, thanks, ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: nfs-common 1:1.3.4-2.1ubuntu5 ProcVersionSignature: Ubuntu 4.15.0-46.49-generic 4.15.18 Uname: Linux 4.15.0-46-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Fri Mar 8 17:48:13 2019 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=C.UTF-8 SHELL=/bin/bash SourcePackage: nfs-utils UpgradeStatus: No upgrade log present (probably fresh install) mtime.conffile..etc.default.nfs-common: 2019-03-07T21:45:28.468860
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1819197 Title: nss_getpwnam: name '[email protected]@XX.XX.EDU' domain 'XX.XX.EDU': resulting localname '(null)' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1819197/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
