| View previous topic :: View next topic |
| Author |
Message |
Greeny
n00b
Joined: 27 Dec 2007
Posts: 20
|
 Posted: Sun Dec 31, 2017 6:02 pm Post subject: NFS4 and user-Mapping |
 |
|
I've tried to configure a nfs4-network-share with mapping my user1 (UID: 1000) to another user2 (UID: 1001) on the server side.
See following my config-files on server:
| Code: | cat "/etc/exports"
/srv/nfsv4 *(rw,sync,no_root_squash,no_subtree_check,fsid=0)
/srv/nfsv4/test *(rw,sync,no_subtree_check) |
| Code: | cat "/etc/idmapd.conf"
[General]
Verbosity = 10
Pipefs-Directory = /run/rpc_pipefs
Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
[Translation]
Method = static,nsswitch
[Static]
user1@localdomain = user2 |
| Code: | cat "/sys/module/nfsd/parameters/nfs4_disable_idmapping"
N |
and there my confilg-files on client:
| Code: | cat "/etc/fstab"
IP:/ /media/nfs/server nfs4 nfsvers=4,rw,noauto,user 0 0 |
| Code: | cat "/etc/idmapd.conf"
[General]
Verbosity = 10
Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = static,nsswitch
[Static]
user2@localdomain = user1 |
| Code: | cat "/sys/module/nfsd/parameters/nfs4_disable_idmapping"
N |
The server shows me in "journalctl":
| Code: | Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfsdcb: authbuf=* authtype=user
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_uid_to_name: calling nsswitch->uid_to_name
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_uid_to_name: nsswitch->uid_to_name returned 0
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_uid_to_name: final return value is 0
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: Server : (user) id "0" -> name "root@localdomain"
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfsdcb: authbuf=* authtype=group
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_gid_to_name: calling nsswitch->gid_to_name
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_gid_to_name: nsswitch->gid_to_name returned 0
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_gid_to_name: final return value is 0
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: Server : (group) id "0" -> name "root@localdomain"
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfsdcb: authbuf=* authtype=user
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_uid_to_name: calling nsswitch->uid_to_name
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_uid_to_name: nsswitch->uid_to_name returned 0
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_uid_to_name: final return value is 0
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: Server : (user) id "1001" -> name "user2@localdomain"
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfsdcb: authbuf=* authtype=group
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_gid_to_name: calling nsswitch->gid_to_name
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_gid_to_name: nsswitch->gid_to_name returned 0
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_gid_to_name: final return value is 0
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: Server : (group) id "1001" -> name "user2@localdomain" |
The client shows me following codes in "journalctl --identifier=nfsidmap"
| Code: | Dez 31 18:47:34 desktop-gentoo nfsidmap[6486]: key: 0x3f2ec707 type: uid value: root@localdomain timeout 600
Dez 31 18:47:34 desktop-gentoo nfsidmap[6486]: nfs4_name_to_uid: calling nsswitch->name_to_uid
Dez 31 18:47:34 desktop-gentoo nfsidmap[6486]: nss_getpwnam: name 'root@localdomain' domain 'localdomain': resulting localname 'root'
Dez 31 18:47:34 desktop-gentoo nfsidmap[6486]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
Dez 31 18:47:34 desktop-gentoo nfsidmap[6486]: nfs4_name_to_uid: final return value is 0
Dez 31 18:47:34 desktop-gentoo nfsidmap[6487]: key: 0x1de2cc67 type: gid value: root@localdomain timeout 600
Dez 31 18:47:34 desktop-gentoo nfsidmap[6487]: nfs4_name_to_gid: calling nsswitch->name_to_gid
Dez 31 18:47:34 desktop-gentoo nfsidmap[6487]: nfs4_name_to_gid: nsswitch->name_to_gid returned 0
Dez 31 18:47:34 desktop-gentoo nfsidmap[6487]: nfs4_name_to_gid: final return value is 0
Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: key: 0x9f5bf15 type: uid value: user2@localdomain timeout 600
Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nfs4_name_to_uid: calling nsswitch->name_to_uid
Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nss_getpwnam: name 'user2@localdomain' domain 'localdomain': resulting localname 'user2'
Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nss_getpwnam: name 'user2' not found in domain 'localdomain'
Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nfs4_name_to_uid: nsswitch->name_to_uid returned -2
Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nfs4_name_to_uid: final return value is -2
Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nfs4_name_to_uid: calling nsswitch->name_to_uid
Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nss_getpwnam: name 'nobody@localdomain' domain 'localdomain': resulting localname 'nobody'
Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nfs4_name_to_uid: final return value is 0
Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: key: 0x81524c3 type: gid value: user2@localdomain timeout 600
Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: nfs4_name_to_gid: calling nsswitch->name_to_gid
Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: nfs4_name_to_gid: nsswitch->name_to_gid returned -2
Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: nfs4_name_to_gid: final return value is -2
Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: nfs4_name_to_gid: calling nsswitch->name_to_gid
Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: nfs4_name_to_gid: nsswitch->name_to_gid returned 0
Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: nfs4_name_to_gid: final return value is 0 |
So it seems, that the configured static mapping isn't working.
Is there something wrong in my configurations? Or can anyone help me getting this mapping work? |
|
| Back to top |
|
 |
LIsLinuxIsSogood
Veteran
Joined: 13 Feb 2016
Posts: 1179
|
| Posted: Fri Jan 05, 2018 12:20 pm Post subject: |
|
|
Could it be worthwhile for you to try without the domain, and just refer to users and hosts except for the local user that will have to be mentioned in both places (either by name or uid I'm not sure).
It just seems like adding the domain to the puzzle is like putting an extra piece that doesn't need to be present.
Unless somehow you think it makes things simpler, but I don't think it should. |
|
| Back to top |
|
|
LIsLinuxIsSogood
Veteran
Joined: 13 Feb 2016
Posts: 1179
|
| Posted: Fri Jan 05, 2018 12:23 pm Post subject: |
|
|
Also I'm not sure about this but couldn't having the nobody user and group be overriding the other mapping instructions being provided by Static. I assume that is somehow actually not the case, but for now you could probably go very simple with the configuration until you've actually succeeded with mapping the user ids and then later add the necessary lines back for security or whatever else.
I think all it should require is the following, from what I found online
| Code: | [Translation]
Method=static
[Static]
fred@remote = localfred |
localfred is the local username, and fred is the username on the remote machine.
Source: https://unix.stackexchange.com/questions/286924/uid-mapping-in-nfs |
|
| Back to top |
|
|
piovrasca
n00b
Joined: 01 Feb 2018
Posts: 1
|
| Posted: Thu Feb 01, 2018 5:57 pm Post subject: |
|
|
So is this the solution? have you solved? I'm facing the same problem
Thanks |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
