On 3/7/2018 1:11 PM, Rob Crittenden wrote:
Hey Rob,
When starting idmapd or stopping it, logs on the LDAP server don't
change. But UID and GID's change to nfsnobody when I set Nobody-User
and Nobody-Group to nfsnobody in /etc/idmapd.conf .
[General]
Verbosity = 9
Domain = nix.my.dom
[Mapping]
Nobody-User = nfsnobody
Nobody-Group = nfsnobody
[Translation]
[Static]
[UMICH_SCHEMA]
LDAP_server = idmipa01.nix.my.dom
LDAP_base = cn=accounts,DC=NIX,DC=MY,DC=DOM
LDAP_people_base = DC=NIX,DC=MY,DC=DOM
LDAP_group_base = DC=NIX,DC=MY,DC=DOM
Cheers,
Tom
TomK via FreeIPA-users wrote:
> Hey Guy's,
>
> Getting below message which in turn fails to list proper UID / GID on
> NFSv4 mounts from within an unprivileged account. All files show up with
> owner and group as nobody / nobody when viewed from the client.
>
> Is there a way to structure /etc/idmapd.conf to allow for proper UID /
> GID resolution? Or perhaps another solution?
>
>
> [root@client01 etc]# cat /etc/idmapd.conf|grep -v "#"| sed -e
"/^$/d"
> [General]
> Verbosity = 7
> Domain = nix.my.dom
> [Mapping]
> [Translation]
> [Static]
> [UMICH_SCHEMA]
> LDAP_server =
ldap-server.local.domain.edu
> LDAP_base = dc=local,dc=domain,dc=edu
> [root@client01 etc]#
>
> Mount looks like this:
>
> nfs-c01.nix.my.dom:/n/my.dom on /n/my.dom type nfs4
>
(rw,relatime,vers=4.0,rsize=8192,wsize=8192,namlen=255,hard,proto=tcp,port=0,timeo=10,retrans=2,sec=sys,clientaddr=192.168.0.236,local_lock=none,addr=192.168.0.80)
>
>
> /var/log/messages
>
> Mar 6 00:17:27 client01 nfsidmap[14396]: key: 0x3f2c257b type: uid
> value: tom@my.dom(a)localdomain timeout 600
> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: calling
> nsswitch->name_to_uid
> Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name
> 'tom@my.dom(a)localdomain' domain 'nix.my.dom': resulting localname
'(null)'
> Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name
> 'tom@my.dom(a)localdomain' does not map into domain 'nix.my.dom'
> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
> nsswitch->name_to_uid returned -22
> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: final return
> value is -22
> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: calling
> nsswitch->name_to_uid
> Mar 6 00:17:27 client01 nfsidmap[14396]: nss_getpwnam: name
> 'nobody(a)nix.my.dom' domain 'nix.my.dom': resulting localname
'nobody'
> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid:
> nsswitch->name_to_uid returned 0
> Mar 6 00:17:27 client01 nfsidmap[14396]: nfs4_name_to_uid: final return
> value is 0
> Mar 6 00:17:27 client01 nfsidmap[14398]: key: 0x324b0048 type: gid
> value: tom@my.dom(a)localdomain timeout 600
> Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: calling
> nsswitch->name_to_gid
> Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
> nsswitch->name_to_gid returned -22
> Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: final return
> value is -22
> Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: calling
> nsswitch->name_to_gid
> Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid:
> nsswitch->name_to_gid returned 0
> Mar 6 00:17:27 client01 nfsidmap[14398]: nfs4_name_to_gid: final return
> value is 0
> Mar 6 00:17:31 client01 systemd-logind: Removed session 23.
>
>
>
>
> Result of:
>
> systemctl restart rpcidmapd
>
> /var/log/messages
> -------------------
> Mar 5 23:46:12 client01 systemd: Stopping Automounts filesystems on
> demand...
> Mar 5 23:46:13 client01 systemd: Stopped Automounts filesystems on demand.
> Mar 5 23:48:51 client01 systemd: Stopping NFSv4 ID-name mapping service...
> Mar 5 23:48:51 client01 systemd: Starting Preprocess NFS configuration...
> Mar 5 23:48:51 client01 systemd: Started Preprocess NFS configuration.
> Mar 5 23:48:51 client01 systemd: Starting NFSv4 ID-name mapping service...
> Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: using domain:
> nix.my.dom
> Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: Realms list:
> 'NIX.MY.DOM'
> Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap: using
> domain: nix.my.dom
> Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap: Realms
> list: 'NIX.MY.DOM'
> Mar 5 23:48:51 client01 rpc.idmapd: rpc.idmapd: libnfsidmap: loaded
> plugin /lib64/libnfsidmap/nsswitch.so for method nsswitch
> Mar 5 23:48:51 client01 rpc.idmapd[14117]: libnfsidmap: loaded plugin
> /lib64/libnfsidmap/nsswitch.so for method nsswitch
> Mar 5 23:48:51 client01 rpc.idmapd[14118]: Expiration time is 600 seconds.
> Mar 5 23:48:51 client01 systemd: Started NFSv4 ID-name mapping service.
> Mar 5 23:48:51 client01 rpc.idmapd[14118]: Opened
> /proc/net/rpc/nfs4.nametoid/channel
> Mar 5 23:48:51 client01 rpc.idmapd[14118]: Opened
> /proc/net/rpc/nfs4.idtoname/channel
>
You might be able to correlate that to the 389-ds access log to see what
queries are being executed.
You probably need to set LDAP_people_base and LDAP_group_base as well.
I think ipa-client-automount only sets the Domain value and doesn't
configure the ldap section at all.
rob
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
--
Cheers,
Tom K.
-------------------------------------------------------------------------------------
Living on earth is expensive, but it includes a free trip around the sun.