A little encouragement with Kerberos for NFS
Kevin Coffman
kwc at citi.umich.edu
Mon Jul 17 14:12:23 EDT 2006
Backing out the nfs-utils rpm may not help if you keep the same
version of libnfsidmap. (The library no longer defaults if the
mapping fails, leaving it up to the application to DtRT.) There is a
patch for svcgssd (in nfs-utils-1.0.9) to do the default, but
unfortunately it didn't get into 1.0.8 which is what the latest FC5
nfs-utils rpm includes.
There were a few iterations of the patch, so pointing you at a single
patch is difficult. Here are the three patches in order (which,
again, are in nfs-utils-1.0.9):
http://linux-nfs.org/cgi-bin/gitweb.cgi?p=nfs-utils;a=commitdiff;h=acae444246635ec2ca8990d53e685c9062d73091
http://linux-nfs.org/cgi-bin/gitweb.cgi?p=nfs-utils;a=commitdiff;h=28a7603b719f8d35bf22fd3018b610b489fec78f
http://linux-nfs.org/cgi-bin/gitweb.cgi?p=nfs-utils;a=commitdiff;h=7194d7d6320736c14f40d31c3738d40f3119ead5
The net result is to default to uid/gid of -1 which the kernel will
interpret to mean, use the correct anonuid/anongid for the export.
K.C.
On 7/17/06, Terry Figel <terry at soe.ucsc.edu> wrote:
> Is there any new news on this?
> I am using Fedora Core 5 and ran yum update....
> So I have the same rpms, and the same error message
> Jul 17 10:18:50 ldap rpc.svcgssd[2723]: WARNING: get_ids: unable to map
> name 'nfs/monitor5.cse.ucsc.edu at SOE.UCSC.EDU' to a uid
> I was thinking I was going to Back out the Rpm updates, and install this
> set:
> nfs-utils-1.0.7-8
> system-config-nfs-1.3.10-1
>
>
> Andrew B. Young wrote:
> > Dear Kevin,
> >
> > I am using the rpms--
> > [root at ns3 ~]# rpm --query --all | grep nfs
> > nfs-utils-1.0.8-2.fc5
> > nfs-utils-lib-1.0.8-4.FC5
> > system-config-nfs-1.3.19-1
> >
> > Following receipt of your last email I tried Sun's documentation on
> > gsscred--
> > http://docs.sun.com/app/docs/doc/816-4557/6maosrjle?a=view
> > but gsscred is not installed (don't know if it's in any of the FC5 rpms.)
> >
> > I also tried added the following in the KDC conf
> > |-- /etc/krb5.conf------------
> > | [auth_to_local_names]
> > | nfs/ns2.an3e.org = nfsnobody
> >
> > Neither helped; still getting--
> > Jul 10 13:39:44 ns3 rpc.svcgssd[2781]: WARNING: get_ids: unable to
> > map name 'nfs/ns2.an3e.org at AN3E.ORG' to a uid
> >
> > The Sun documentation states that that server will try to map the
> > principle to a uid, but I note there is no user "nfs" in the
> > distribution. I have not tried to create one, which would be similar
> > to nfsnobody. I may try this next.
> >
> > Thanks,
> > Andrew
> >
> > Kevin Coffman wrote:
> >> Hi Andrew,
> >> Thanks for the output. It is helpful.
> >>
> >>> [root at ns3 ~]# exportfs -a
> >>> gss/krb5:/var/lib/music: Cannot allocate memory
> >>
> >> I don't what this means, but ...
> >>
> >>
> >>>
> >>> [root at ns3 log]# tail messages
> >>> ...
> >>> Jul 10 09:41:04 ns3 rpc.svcgssd[10950]: WARNING: get_ids: unable to map
> >>> name 'nfs/ns2.an3e.org at AN3E.ORG' to a uid
> >>> ...
> >>
> >> This means that the server was unable to map the gss principal name
> >> 'nfs/ns2.an3e.org at AN3E.ORG' into a local uid/gid. If you are are
> >> working with source code versions of nfs-utils, etc., I can give you
> >> a patch to get by this error. Otherwise, if you are working with FC5
> >> rpms we can figure out how to proceed.
> >>
> >> K.C.
> >
> > _______________________________________________
> > NFSv4 mailing list
> > NFSv4 at linux-nfs.org
> > http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>
>
>
More information about the NFSv4
mailing list