Real utility of idmapd
Guillaume Rousse
Guillaume.Rousse at inria.fr
Thu Mar 22 06:20:16 EDT 2007
William A. (Andy) Adamson wrote:
> From the logs, the server seems to map ids on name, not names on id:
> Mar 20 15:33:52 stalingrad rpc.idmapd[19602]: Server: (user) id "501"
> -> name "nobody"
> Mar 20 15:33:52 stalingrad rpc.idmapd [19602]: nfsdcb:
> authbuf=oberkampf.msr-inria.inria.fr
> <http://oberkampf.msr-inria.inria.fr> authtype=group
> Mar 20 15:33:52 stalingrad rpc.idmapd[19602]: Server: (group) id "501"
> -> name "nogroup"
>
> So name-based mapping appears to be working upside down here...
>
>
> as bruce mentions in his response: UID/GID exist in POSIX file system,
> so NFSv4 names on the wire need to be mapped to UID/GID.
That's OK. It just work halfways in my case, probably because of my
attempt to used different uids with nsswitch translation method.
> have you looked at the power point presentation i refefernced? i believe
> all of these questions are answered.......
It mostly deals with the most complex scenario (acls, gss auth,
umich_ldap translation, multiple realms), not with intermediate ones. As
I'm trying to figure out how to limit complexity to suit my needs, I
need to understand their limitations also.
BTW, it's not clear (even with notes activated this time) what you call
a 'local user'. Initially, I though of a user with an account on the nfs
server itself, but generally local user access local filesystems
directly, not through nfs. Or is it just a theorical case ?
More information about the NFSv4
mailing list