Problem with GID mapping - RHEL 5.0

Ole Bjørn Hessen obh at telenor.net
Tue Mar 11 07:47:57 EDT 2008 

Hi,

I'm trying to get NFSv4 working on two RHEL5.0 hosts. This is a simple
setup with no Kerberos. UID and GID is coordinated between the two
hosts and is managed centralized. The main purpose of using NFSv4 is to
make the access-list on routers "smaller" by only allowing TCP/2049
between the two hosts.

The problem is that the UID seems to map to correct username, but GID
is mapped to nfsnobody for some groups with no apparent pattern.

Serverhost is batch-rrd1 (exporting) and client is batch-rrd3 (importing).

The idmapd.conf file is equal on the two hosts.

	egrep ^[A-Za-z] /etc/idmapd.conf 
	Verbosity = 0
	Pipefs-Directory = /var/lib/nfs/rpc_pipefs
	Domain = nm1.telenor.net
	Nobody-User = nfsnobody
	Nobody-Group = nfsnobody
	Method = nsswitch

The idtoname cache om the batch-rrd1 seems to map some GID to nfsnobody
but not all groups. The UID seems to be mapping ok.

	cat /proc/net/rpc/nfs4.idtoname/content
	#domain type id [name]
	10.122.94.160/28 group 268 nfsnobody
	10.122.94.160/28 group 1442 nfsnobody
	10.122.94.160/28 group 3230 nfsnobody
	10.122.94.160/28 group 391 nfsnobody
	10.122.94.160/28 user 0 root at nm1.telenor.net
	10.122.94.160/28 group 0 root at nm1.telenor.net
	10.122.94.160/28 group 38 ntp at nm1.telenor.net
	10.122.94.160/28 user 266 tiadm at nm1.telenor.net
	10.122.94.160/28 group 266 nfsnobody
	10.122.94.160/28 user 174 obh at nm1.telenor.net
	10.122.94.160/28 group 174 nfsnobody
	10.122.94.160/28 group 77 pcap at nm1.telenor.net
	10.122.94.160/28 group 99 nobody at nm1.telenor.net
	10.122.94.160/28 group 1360 nfsnobody
	10.122.94.160/28 group 5166 nfsnobody

Why does group 268,1442,3230,391,266,174,1360,5166 map to nfsnobody, but not group 0,38,77,99?  
This seems to be consistend even if restarting nfs, portmap, rpcidmapd.

The fs is exported with no_root_squash.

	exportfs -v
	/export/batch-rrd1
               10.122.94.160/28(rw,no_root_squash,no_subtree_check,no_acl,fsid=0,anonuid=65534,anongid=65534)

	nfs-utils-1.0.9-16.el5
	nfs-utils-lib-1.0.8-7.2.z2

	ls -lst /usr/lib64/libnfsidmap.so.0
	4 lrwxrwxrwx 1 root root 19:03 /usr/lib64/libnfsidmap.so.0 -> libnfsidmap.so.0.2.0*

The /etc/nsswitch.conf is configured to use simple files for users and groups:

	egrep ^[a-z] /etc/nsswitch.conf 
	passwd:     files
	shadow:     files
	group:      files
	hosts:      files dns
	protocols:  files
	rpc:        files
	services:   files
	netgroup:   nisplus
	publickey:  nisplus


Mount commands:

      mount -t nfs4 batch-rrd1:/ /importNFS4test
      batch-rrd1:/ on /importNFS4test type nfs4 (rw,addr=10.122.94.165)

Does anybody have an idea how to proceed?


By the way: The file NEWS in libnfsidmap-0.20 is from 2004 and says

	Doesn't work yet.


Kind regards,

Ole Bjørn Hessen
Telenor

More information about the NFSv4 mailing list