On Thu, 2013-06-20 at 16:57 -0400, Steve Thompson wrote: > On Thu, 20 Jun 2013, steve wrote: > > Thanks for your reply! I am really pulling my hair out over this one, and > I don't have that much left :( > > > What do you have in /etc/idmapd.conf > > The content of this file is correct as far as I understand it, as it works > with NFSv3 and NFSv4 with sec=sys: > > [General] > Verbosity = 0 > Domain = icse.cornell.edu > Local-Realms = TITAN.TEST.CORNELL.EDU > > [Mapping] > Nobody-User = nobody > Nobody-Group = nobody > > [Translation] > Method = nsswitch > > (and I have nsswitch.conf correctly configured). > > Note: in my case, the value of Domain in idmapd.conf is NOT the same as > the DNS domain name. But as I understand it, as long as it is the same on > all servers and clients, this should not matter, as it is just a label. I > tried setting it to the DNS domain name, but it didn't make any > difference. And changing it on just the server and not the clients leaves > all ownerships as being nobody:nobody instead of the proper ownerships, > which is (a) expected, and (b) leads me to believe that rpc.idmapd is > working as it should. Starting rpc.idmapd with -vvv dumps the mappings to > /var/log/messages, and they are correct. In any case, clients don't all > have the same DNS domain name. > > > What does ps aux | grep rpc give? > > rpc 1616 0.0 0.0 18972 992 ? Ss Jun18 0:00 rpcbind > rpcuser 1649 0.0 0.0 25420 1380 ? Ss Jun18 0:00 rpc.statd > root 1678 0.0 0.0 0 0 ? S Jun18 0:00 [rpciod/0] > root 1679 0.0 0.0 0 0 ? S Jun18 0:01 [rpciod/1] > root 5789 0.0 0.0 50112 2072 ? Ss 12:06 0:00 rpc.svcgssd > -vvv > root 5795 0.0 0.0 107304 276 ? Ss 12:06 0:00 rpc.rquotad > root 5799 0.0 0.0 22832 2560 ? Ss 12:06 0:00 rpc.mountd > --no-nfs-version 2 > root 5850 0.0 0.0 36900 1048 ? Ss 12:06 0:00 rpc.idmapd > -vvv > root 8807 0.0 0.0 37340 2556 ? Ss 16:37 0:00 rpc.gssd -vvv > > All the expected daemons are present, including rpc.gssd and rpc.svcgssd. > I have rpc.svcgssd running on the clients too, although it should not be > necessary there (but the CentOS init scripts don't give the option to not > start it). > > > Can the user browse using nfs3? > > mount -t nfs3 -o sec=krb5 <server_fqdn>:/data /mnt > > No; exactly the same result as NFSv4. But yes with sec=sys. > > > Have a look at the gotchas. There's loadsa wrong info abut kerberos and > > nfs4: http://linux-nfs.org/wiki/index.php/Nfsv4_configuration > > That's one of the many articles that I've read (several times). I don't > see anything wrong in what I have done (btw, I don't agree that the fsid=0 > export should be mode 1777, and I don't agree that your first exports > example is the proper way to do it. But in any event I have tried those > too, to no effect). > > Steve
Hi Nobody agrees with anything for nfs4, so don't worry! Ok, that narrows it down to kerberos I suppose. What does the mount look like: rpc.gssd -fvvv and the idmapping: rpc.idmapd -fvvv The latter may throw up some uidNumbers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
