Thank you for confirming the bug, it looks like libnfsidmap's code base was imported into nfs-utils by Redhat on 10/26/2017 by Justin Mitchell, it already had the line modification inside nss.c at that point.
I found where the commit was made, it was on the master branch of https://github.com/Distrotech/libnfsidmap You can see it here: https://github.com/Distrotech/libnfsidmap/commits/master/nss.c https://github.com/Distrotech/libnfsidmap/commit/309a89975a50bf53c408233a1bb5b10fd579ca30#diff-61814500c84b4fbb0fbdc21f11f4ea2c <https://github.com/Distrotech/libnfsidmap/commit/309a89975a50bf53c408233a1bb5b10fd579ca30#diff-61814500c84b4fbb0fbdc21f11f4ea2c> On Fri, Mar 15, 2019 at 7:20 AM Bug Watch Updater < [email protected]> wrote: > ** Changed in: libnfsidmap (Debian) > Status: Unknown => New > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1819197 > > Title: > nss_getpwnam: name '[email protected]@XX.XX.EDU' domain 'XX.XX.EDU': > resulting localname '(null)' > > Status in libnfsidmap package in Ubuntu: > New > Status in nfs-utils package in Ubuntu: > New > Status in libnfsidmap package in Debian: > New > > Bug description: > uid and gid appear to not map properly from nfsidmap in a nfsv4 with > sec=krb5. UID and GID are mapping properly on CentOS server and > CentOS client. Ubuntu nfs client file permissions are honored, but > display in `ls -lan` command are incorrect. > > $ cat /var/log/syslog |grep nfsidmap > Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: key: 0x24a1c64d type: uid > value: [email protected]@XX.XX.EDU timeout 600 > Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling > nsswitch->name_to_uid > Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name > '[email protected]@XX.XX.EDU' domain 'XX.XX.EDU': resulting localname > '(null)' > Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name > '[email protected]@XX.XX.EDU' does not map into domain 'XX.XX.EDU' > Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: > nsswitch->name_to_uid returned -22 > Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: final > return value is -22 > Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling > nsswitch->name_to_uid > $ > $ mount -v -t nfs4 -o sec=krb5 SP19SRV.XX.XX.EDU:/export /mnt > $ su userX > $ ls -la /mnt > total 4 > drwxr-xr-x 5 nobody 4294967294 50 Feb 28 18:04 . > drwxr-xr-x 24 root root 4096 Mar 7 22:34 .. > drwxr-xr-x 2 nobody 4294967294 125 Mar 8 16:27 userX > $ > > Problem: > nfsmapid isn't showing proper file permissions on the ubuntu nfsv4 > client with sec=krb > > Client: > mount -v -t nfs4 -o sec=krb5 SP19SRV.XX.XX.EDU:/export /mnt > > $ ls -la > total 4 > drwxr-xr-x 5 nobody 4294967294 50 Feb 28 18:04 . > drwxr-xr-x 24 root root 4096 Mar 7 20:58 .. > drwxr-xr-x 2 nobody 4294967294 112 Mar 7 14:30 username > [email protected]@ubuntuclient:/mnt > > $ cat /etc/idmapd.conf > [General] > > Verbosity = 9 > Pipefs-Directory = /run/rpc_pipefs > # set your own domain here, if it differs from FQDN minus hostname > Domain = XX.XXX.EDU > > [Mapping] > > Nobody-User = nobody > Nobody-Group = nogroup > > $ cat /etc/default/nfs-common > STATDOPTS= > > # Do you want to start the gssd daemon? It is required for Kerberos > mounts. > NEED_GSSD="yes" > NEED_IDMAPD="yes" > > # I've tried commenting out NEED_IDMAPD as well. > > My nfs server is a Centos 7. > > Both machines were joined to active directory with sssd. NFSv4 with > krb security works on my centos server and client. The nfs server > mount works on the ubuntu client and file permissions are honored. > But, the ls -la command is showing the incorrect file permissions. > > uid and gid's appear to be in sync from sssd. Note in > /etc/sssd/sssd.conf ldap_id_mapping = False though I don't think that > should matter since ids are the same on both client and server from > the ldap attributes in AD. > > Centos 7 servers /var/log/messages with idmapd.conf verbosity: > Mar 8 16:38:32 sp19srv rpc.idmapd[1224]: Server : (group) id "65534" -> > name "[email protected]" > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 > authtype=user > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling > nsswitch->uid_to_name > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: > nsswitch->uid_to_name returned 0 > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final return > value is 0 > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "3872" -> > name "[email protected]@XX.XX.EDU" > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 > authtype=group > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: calling > nsswitch->gid_to_name > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: > nsswitch->gid_to_name returned 0 > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: final return > value is 0 > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (group) id "110" -> > name "some group [email protected]@XX.XX.EDU" > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 > authtype=user > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling > nsswitch->uid_to_name > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: > nsswitch->uid_to_name returned 0 > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final return > value is 0 > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "0" -> name > "[email protected]" > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 > authtype=group > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: calling > nsswitch->gid_to_name > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: > nsswitch->gid_to_name returned 0 > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: final return > value is 0 > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (group) id "0" -> > name "[email protected]" > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 > authtype=user > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling > nsswitch->uid_to_name > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: > nsswitch->uid_to_name returned 0 > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final return > value is 0 > Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "1630" -> > name "[email protected]@XX.XX.EDU" > > Please let me know if you need any additional information, thanks, > > ProblemType: Bug > DistroRelease: Ubuntu 18.04 > Package: nfs-common 1:1.3.4-2.1ubuntu5 > ProcVersionSignature: Ubuntu 4.15.0-46.49-generic 4.15.18 > Uname: Linux 4.15.0-46-generic x86_64 > ApportVersion: 2.20.9-0ubuntu7.5 > Architecture: amd64 > Date: Fri Mar 8 17:48:13 2019 > ProcEnviron: > TERM=xterm-256color > PATH=(custom, no user) > LANG=C.UTF-8 > SHELL=/bin/bash > SourcePackage: nfs-utils > UpgradeStatus: No upgrade log present (probably fresh install) > mtime.conffile..etc.default.nfs-common: 2019-03-07T21:45:28.468860 > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/libnfsidmap/+bug/1819197/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1819197 Title: nss_getpwnam: name '[email protected]@XX.XX.EDU' domain 'XX.XX.EDU': resulting localname '(null)' To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libnfsidmap/+bug/1819197/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
