On Wed, Jul 27, 2016 at 01:46:31PM +0000, Longina Przybyszewska wrote:
Hi,
I upgraded to sssd-13.4 (kernel 4.4.0-31-generic #50-Ubuntu) -.
After upgrade I have problems with nfs4+Kerberos idmaping, using krb localauth snippet
and choosing 'sss' method in /etc/idmap.conf;
I get (igen!) famous nobody mapping for cross realm users;
Mapping of groups is correct, as groups are in the same domain as computers.
I can mount with sec=krb5, get access to my nfs-mounted home directory, get r/w
permissions, but listing a file shows wrong owner:
ausr@nat.domain@adm-lnx438:~$ ls -ld .
drwxr-xr-x 3 4294967294 lnx-primary(a)adm.domain 28 Aug 18 2015 SSSD-GIT
ausr(a)nat.domain --> 4294967294
group(a)adm.domain --> group
In logfile:
Jul 27 14:23:55 adm-lnx438 nfsidmap[22500]: key: 0x26626a54 type: uid value:
ausr@nat.domain(a)adm.domain timeout 600
Jul 27 14:23:55 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: calling
sss_nfs->name_to_uid
Jul 27 14:23:55 adm-lnx438 nfsidmap[22500]: user ausr@nat.domain(a)adm.domain not in
memcache
Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: sss_nfs_name_to_uid: rc=2 msg=No such file or
directory
It looks like the sss_nfs_* functions are at least called, is there
anything in the logs around that time?
Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid:
sss_nfs->name_to_uid returned -2
Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: final return value is -2
Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: calling
sss_nfs->name_to_uid
Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: user nobody(a)adm.domain not in memcache
Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: sss_nfs_name_to_uid: rc=2 msg=No such file or
directory
Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: sss_nfs->name_to_uid
returned -2
Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: final return value is -2
Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: key: 0x276b113b type: gid value:
lnx-primary(a)adm.domain timeout 600
Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: nfs4_name_to_gid: calling
sss_nfs->name_to_gid
Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: found group lnx-primary(a)adm.domain in
memcache
Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: sss_nfs_name_to_gid: rc=0 msg=Success
Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: nfs4_name_to_gid: sss_nfs->name_to_gid
returned 0
Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: nfs4_name_to_gid: final return value is 0
----
getent passwd ausr(a)nat.domain
ausr@nat.domain:*:10002:30000000:Ausr :/home/ausr:/bin/bash
id ausr(a)nat.domain
uid=10002(ausr(a)nat.domain) gid=30000000(lnx-primary(a)adm.domain)
groups=30000000(lnx-primary@adm.domain),4(adm),24(cdrom),27(sudo),46(plugdev),113(lpadmin),131(lxd),),9002(lnx-xxx-nfs4users2@c.xxx.dk),6666(nfs4users2@nat.domain),30000006(data-adm-lnx-nfs0a-qbl-admin-id-00001@adm.domain),9999(usr-xxx-glu@c.xxx.dk),8888(nfs4users@nat.domain),30000002(lnx-ladm-clients(a)adm.domain)
Any ideas what could happen?
Best
Longina
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org