Bug#644948: nfs-common: Wrong uid/gid with latest version using NFSv4

To: Jamie Heilman <jamie@audible.transient.net>
Cc: 644948@bugs.debian.org
Subject: Bug#644948: nfs-common: Wrong uid/gid with latest version using NFSv4
From: Stephan Windmüller <windy@white-hawk.de>
Date: Mon, 24 Oct 2011 10:21:35 +0200
Message-id: <[🔎] 4EA5200F.9020204@white-hawk.de>
Reply-to: Stephan Windmüller <windy@white-hawk.de>, 644948@bugs.debian.org
In-reply-to: <[🔎] 20111023225808.GB2766@cucamonga.audible.transient.net>
References: <[🔎] 20111023114907.GB2981@cucamonga.audible.transient.net> <[🔎] 4EA43B54.7090409@white-hawk.de> <[🔎] 20111023225808.GB2766@cucamonga.audible.transient.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 24.10.2011 00:58, Jamie Heilman wrote:

>> In my configuration both domains (client and server) are
>> correctly set, but this is not the issue: passwd and group data
>> is fetched from ldap as set in nsswitch.conf, but idmapd does not
>> seem to respect these settings.
> Then to figure out the issue you face we'll need a good deal more 
> information about your setup I wager.  You say you downgraded to 
> nfs-common 1.2.2 and it fixed things ...

No, the client is running squeeze so 1.2.2 was the only version I used.

> was that on the client, the server, or both?

The server is running Solaris 10.

> You're using ldap, how do you have libnfsidmap configured?

The [Translation] section has one entry:

    Method = nsswitch

> Looking at your ldap server logs, are the lookups related to the 
> translation quereies even making to the server?

Not if I am using idmapd. If I disable it, the server gets the following
queries:

- -----

fd=31 ACCEPT from IP=[...] (IP=0.0.0.0:389)
op=0 BIND dn="" method=128
op=0 RESULT tag=97 err=0 text=
op=1 SRCH base="[...]" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uidNumber=-2))"
op=1 SRCH attr=userPassword cn gidNumber uidNumber loginShell
objectClass gecos uid homeDirectory
op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

fd=32 ACCEPT from IP=[...] (IP=0.0.0.0:389)
op=0 BIND dn="" method=128
op=0 RESULT tag=97 err=0 text=
op=1 SRCH base="[...]" scope=2 deref=0
filter="(&(objectClass=posixGroup)(gidNumber=-2))"
op=1 SRCH attr=cn userPassword memberUid gidNumber uniqueMember
op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

- -----

What seems odd here is the "-2" for uid and gid. An ls on the client
shows "4294967294" for both values (it's a 64bit client).

When I enable idmapd, in /etc/default/nfs-common there are no queries
like the above.

> Have you tried to strace rpc.idmapd to determine what values it's
> using during the lookups?

No, I did not try that.

> Were your kernels built with CONFIG_NFS_USE_NEW_IDMAPPER=y

It is the standard kernel of squeeze (2.6.32-5-amd64) and according to
the config file this option does not exist.

Regards
 Stephan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6lIA8ACgkQi8rkj8W4fFV/IQCfb78Jy6rSJKNP6YyVyo4Z//6s
7rEAoI4Csz7g+xr/6ubaVh4XrUkBvQlw
=qFuv
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Bug#644948: nfs-common: Wrong uid/gid with latest version using NFSv4
  - From: Jamie Heilman <jamie@audible.transient.net>

References:
- Bug#644948: nfs-common: Wrong uid/gid with latest version using NFSv4
  - From: Jamie Heilman <jamie@audible.transient.net>
- Bug#644948: nfs-common: Wrong uid/gid with latest version using NFSv4
  - From: Stephan Windmüller <windy@white-hawk.de>
- Bug#644948: nfs-common: Wrong uid/gid with latest version using NFSv4
  - From: Jamie Heilman <jamie@audible.transient.net>

Prev by Date: Bug#646429: linux-image-2.6.39-bpo.2-686-pae: CPU lockup on bogus values in alarmclock
Next by Date: Bug#644876: initramfs-tools: Boot failure from software RAID1 + LVM2 by timing
Previous by thread: Bug#644948: nfs-common: Wrong uid/gid with latest version using NFSv4
Next by thread: Bug#644948: nfs-common: Wrong uid/gid with latest version using NFSv4
Index(es):
- Date
- Thread