Bug#644948: nfs-common: Wrong uid/gid with latest version using NFSv4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 24.10.2011 00:58, Jamie Heilman wrote:
>> In my configuration both domains (client and server) are
>> correctly set, but this is not the issue: passwd and group data
>> is fetched from ldap as set in nsswitch.conf, but idmapd does not
>> seem to respect these settings.
> Then to figure out the issue you face we'll need a good deal more
> information about your setup I wager. You say you downgraded to
> nfs-common 1.2.2 and it fixed things ...
No, the client is running squeeze so 1.2.2 was the only version I used.
> was that on the client, the server, or both?
The server is running Solaris 10.
> You're using ldap, how do you have libnfsidmap configured?
The [Translation] section has one entry:
Method = nsswitch
> Looking at your ldap server logs, are the lookups related to the
> translation quereies even making to the server?
Not if I am using idmapd. If I disable it, the server gets the following
queries:
- -----
fd=31 ACCEPT from IP=[...] (IP=0.0.0.0:389)
op=0 BIND dn="" method=128
op=0 RESULT tag=97 err=0 text=
op=1 SRCH base="[...]" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uidNumber=-2))"
op=1 SRCH attr=userPassword cn gidNumber uidNumber loginShell
objectClass gecos uid homeDirectory
op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
fd=32 ACCEPT from IP=[...] (IP=0.0.0.0:389)
op=0 BIND dn="" method=128
op=0 RESULT tag=97 err=0 text=
op=1 SRCH base="[...]" scope=2 deref=0
filter="(&(objectClass=posixGroup)(gidNumber=-2))"
op=1 SRCH attr=cn userPassword memberUid gidNumber uniqueMember
op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
- -----
What seems odd here is the "-2" for uid and gid. An ls on the client
shows "4294967294" for both values (it's a 64bit client).
When I enable idmapd, in /etc/default/nfs-common there are no queries
like the above.
> Have you tried to strace rpc.idmapd to determine what values it's
> using during the lookups?
No, I did not try that.
> Were your kernels built with CONFIG_NFS_USE_NEW_IDMAPPER=y
It is the standard kernel of squeeze (2.6.32-5-amd64) and according to
the config file this option does not exist.
Regards
Stephan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6lIA8ACgkQi8rkj8W4fFV/IQCfb78Jy6rSJKNP6YyVyo4Z//6s
7rEAoI4Csz7g+xr/6ubaVh4XrUkBvQlw
=qFuv
-----END PGP SIGNATURE-----
Reply to: