Problem with GID mapping - RHEL 5.0
Steve Dickson
SteveD at redhat.com
Tue Mar 11 09:35:02 EDT 2008
Ole BjXrn Hessen wrote:
> Hi,
>
> I'm trying to get NFSv4 working on two RHEL5.0 hosts. This is a simple
> setup with no Kerberos. UID and GID is coordinated between the two
> hosts and is managed centralized. The main purpose of using NFSv4 is to
> make the access-list on routers "smaller" by only allowing TCP/2049
> between the two hosts.
>
> The problem is that the UID seems to map to correct username, but GID
> is mapped to nfsnobody for some groups with no apparent pattern.
>
> Serverhost is batch-rrd1 (exporting) and client is batch-rrd3 (importing).
>
> The idmapd.conf file is equal on the two hosts.
>
> egrep ^[A-Za-z] /etc/idmapd.conf
> Verbosity = 0
> Pipefs-Directory = /var/lib/nfs/rpc_pipefs
> Domain = nm1.telenor.net
> Nobody-User = nfsnobody
> Nobody-Group = nfsnobody
> Method = nsswitch
>
> The idtoname cache om the batch-rrd1 seems to map some GID to nfsnobody
> but not all groups. The UID seems to be mapping ok.
>
> cat /proc/net/rpc/nfs4.idtoname/content
> #domain type id [name]
> 10.122.94.160/28 group 268 nfsnobody
> 10.122.94.160/28 group 1442 nfsnobody
> 10.122.94.160/28 group 3230 nfsnobody
> 10.122.94.160/28 group 391 nfsnobody
> 10.122.94.160/28 user 0 root at nm1.telenor.net
> 10.122.94.160/28 group 0 root at nm1.telenor.net
> 10.122.94.160/28 group 38 ntp at nm1.telenor.net
> 10.122.94.160/28 user 266 tiadm at nm1.telenor.net
> 10.122.94.160/28 group 266 nfsnobody
> 10.122.94.160/28 user 174 obh at nm1.telenor.net
> 10.122.94.160/28 group 174 nfsnobody
> 10.122.94.160/28 group 77 pcap at nm1.telenor.net
> 10.122.94.160/28 group 99 nobody at nm1.telenor.net
> 10.122.94.160/28 group 1360 nfsnobody
> 10.122.94.160/28 group 5166 nfsnobody
>
> Why does group 268,1442,3230,391,266,174,1360,5166 map to nfsnobody, but not group 0,38,77,99?
> This seems to be consistend even if restarting nfs, portmap, rpcidmapd.
So all this groups are definitely in /etc/groups, since it appears
you not using NIS...
Are there any type of idmapd failures or warning in /var/log/messages?
>
>
> By the way: The file NEWS in libnfsidmap-0.20 is from 2004 and says
>
> Doesn't work yet.
Thanks for pointing this out...
steved.
More information about the NFSv4
mailing list