nfsv4, weird permissions

William A. (Andy) Adamson androsadamson at gmail.com
Tue Jun 24 15:39:27 EDT 2008 

On Tue, Jun 24, 2008 at 3:30 PM, Julius <commercials at gmx.net> wrote:

> On Tue, 2008-06-24 at 12:45 -0400, J. Bruce Fields wrote:
> > On Tue, Jun 24, 2008 at 06:32:40PM +0200, Julius wrote:
> > > On Tue, 2008-06-24 at 10:19 -0400, William A. (Andy) Adamson wrote:
> > > > Hi
> > > >
> > > > Hmmm. 4294967294 (0xFFFFFFFE) is the uid of the nobody user, which is
> > > > the default used for un-mapped users. You seem to have idmapd
> > > > configured and running correctly on both client and server...
> > > >
> > > >
> > > >
> > > > You could restart idmapd on the client and the server with verbose
> > > > debugging turned on - change /etc/idmapd.conf Verbosity=0 to say,
> > > > Verbosity=5 and restart idmapd. This will prod idmapd to show the
> > > > mapping it is doing.
> > >
> > >
> > > rpc.idmapd[5058]: nfsdopenone:
> > > Opening /proc/net/rpc/nfs4.nametoid/channel failed: errno 2 (No such
> > > file or directory)
> > >
> > >
> > > with verbosity on i got this. some occourences on google, says that
> nfsd
> > > has to be loaded on the client as well.
> >
> > No, that's not necessary.
> >
> > > makes this error go away, still same permissions after remount.
> >
> > Right, the message isn't an error, and should be ignored.
>
> Read 3 or so answers in the gentoo forums that reported success after
> the module loading. maybe they just got lucky.
>
> > If you're seeing the message on the *server* (and if idmapd isn't
> > getting a SIGHUP after that to tell it to check for this file again
> > after nfsd's loaded), then that could explain the problem.
>
> the idmapd on the server starts without this error.
>
> > What Andy was really looking for, though, was messages describing
> > exactly what mapping the server and client are doing for the problematic
> > uid and name.
>
>
> from everything.log (Server):
>
> after: mount -t nfs4 ...
>
>
> Jun 24 21:09:02 olli-keller rpc.idmapd[23173]: nfsdcb:
> authbuf=myclientip authtype=user
> Jun 24 21:09:02 olli-keller rpc.idmapd[23173]:  Server: (user) id "0" ->
> name "root at localdomain"
> Jun 24 21:09:02 olli-keller rpc.idmapd[23173]: nfsdcb:
> authbuf=myclientip authtype=group
> Jun 24 21:09:02 olli-keller rpc.idmapd[23173]:  Server: (group) id "0"
> -> name "root at localdomain"
> Jun 24 21:09:02 olli-keller rpc.idmapd[23173]: nfsdcb:
> authbuf=myclientip authtype=user
> Jun 24 21:09:02 olli-keller rpc.idmapd[23173]:  Server: (user) id "1000"
> -> name "progger at localdomain"
> Jun 24 21:09:02 olli-keller rpc.idmapd[23173]: nfsdcb:
> authbuf=myclientip authtype=group
> Jun 24 21:09:02 olli-keller rpc.idmapd[23173]:  Server: (group) id
> "1000" -> name "progger at localdomain"
>
> > (Or another way to debug this would be watch the traffic between client
> > and server in wireshark--what you'd look for would be a GETATTR
> > operation on the file which requests the owner and owner_group
> > attributes--and, in particular, whether the result the server returns
> > for that attribute is correct.)
>
> In wireshark i can see in the info column:
> V4 COMPOUND REPLAY
> after some clicking i can see:
> recc_attr: FATTR4_OWNER (36)
>  fattr4_owner: progger at localdomain
>
>
> also the group is displayed correct.


ok. so the server idmapd is doing it's job, for example, the name
progger at localdomain gets to the client. now look at the output of the client
idmapd, which should map the name progger at localdomain to a UID.

-->Andy

>
>
>
> There are also:
> V3 GETATTR Replys, but since my /home currently works with nfs3 using
> the same user...is probably that share.
>
>
> If you could give me a specific filter i would be more than happy to
> post the results.
>
> > --b.
> >
> > > Btw, i can see the genius behind the idea to only output "important"
> > > error messages with verbosity on....
> > >
> > > No, i cant ;)
> > >
> > >
> > > Even with Verbosity = 5 theres nothing printed to syslog, "mount -t
> > > nfs4....."
> > > > What does your /etc/nsswitch.conf look like? Is NIS or LDAP
> configured
> > > > on either the client or the server?  What are the local permissions
> on
> > > > the server for .xinitrc?
> > >
> > > /etc/nsswitch.conf client:
> > > # Begin /etc/nsswitch.conf
> > >
> > > passwd: files
> > > group: files
> > > shadow: files
> > >
> > > publickey: files
> > >
> > > hosts: files dns
> > > networks: files
> > >
> > > protocols: db files
> > > services: db files
> > > ethers: db files
> > > rpc: db files
> > >
> > > netgroup: db files
> > >
> > > # End /etc/nsswitch.conf
> > >
> > >
> > >
> > > /etc/nsswitch.conf server:
> > > # Begin /etc/nsswitch.conf
> > >
> > > passwd: files
> > > group: files
> > > shadow: files
> > >
> > > publickey: files
> > >
> > > hosts: files dns
> > > networks: files
> > >
> > > protocols: db files
> > > services: db files
> > > ethers: db files
> > > rpc: db files
> > >
> > > netgroup: db files
> > >
> > > # End /etc/nsswitch.conf
>
> _______________________________________________
> NFSv4 mailing list
> NFSv4 at linux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linux-nfs.org/pipermail/nfsv4/attachments/20080624/5c72ce70/attachment.htm

More information about the NFSv4 mailing list