Bug#675188: marked as done (Change in rpc.idmapd makes clients unable to resolv users/groups)
Your message dated Tue, 21 May 2013 22:17:07 +0000
with message-id <E1Ueurj-0000ee-19@franck.debian.org>
and subject line Bug#675188: fixed in nfs-utils 1:1.2.6-4
has caused the Debian Bug report #675188,
regarding Change in rpc.idmapd makes clients unable to resolv users/groups
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
675188: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675188
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: Change in rpc.idmapd makes clients unable to resolv users/groups
- From: Alberto Gonzalez Iniesta <agi@inittab.org>
- Date: Wed, 30 May 2012 14:13:11 +0200
- Message-id: <20120530121311.GU4407@lib.inittab.org>
Package: nfs-kernel-server
Version: 1:1.2.5-4~bpo60
Severity: important
After upgrading an nfs server from 1.2.2 to 1.2.5 (from backports) all
the clients lost the ability to show the correct owner/group for files
and directories:
-rw-rw-r-- 1 nobody nogroup 0 2012-05-29 17:46 foo
drwxr-xr-x 2 nobody nogroup 4096 2012-05-29 17:39 bar
I tracked the problem to the way rpc.idmapd reports users and groups to
the clients. From rpc.idmapd -vvvvv in 1.2.2:
rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=user
rpc.idmapd: nfs4_uid_to_name: calling umich_ldap->uid_to_name
rpc.idmapd: ldap_init_and_bind: version mismatch between API information and protocol version. Setting protocol version to 3
rpc.idmapd: nfs4_uid_to_name: umich_ldap->uid_to_name returned 0
rpc.idmapd: nfs4_uid_to_name: final return value is 0
rpc.idmapd: Server: (user) id "2095" -> name "alberto.gonzalez"
rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=group
rpc.idmapd: nfs4_gid_to_name: calling umich_ldap->gid_to_name
rpc.idmapd: ldap_init_and_bind: version mismatch between API information and protocol version. Setting protocol version to 3
rpc.idmapd: nfs4_gid_to_name: umich_ldap->gid_to_name returned 0
rpc.idmapd: nfs4_gid_to_name: final return value is 0
rpc.idmapd: Server: (group) id "2095" -> name "alberto.gonzalez"
Whereas in 1.2.5:
rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=user
rpc.idmapd: nfs4_uid_to_name: calling nsswitch->uid_to_name
rpc.idmapd: nfs4_uid_to_name: nsswitch->uid_to_name returned 0
rpc.idmapd: nfs4_uid_to_name: final return value is 0
rpc.idmapd: Server : (user) id "2095" -> name "alberto.gonzalez@domain"
rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=user
rpc.idmapd: nfs4_uid_to_name: calling nsswitch->uid_to_name
rpc.idmapd: nfs4_uid_to_name: nsswitch->uid_to_name returned 0
rpc.idmapd: nfs4_uid_to_name: final return value is 0
rpc.idmapd: Server : (user) id "1000" -> name "agi@domain"
rpc.idmapd: nfsdcb: authbuf=gss/krb5p authtype=group
rpc.idmapd: nfs4_gid_to_name: calling nsswitch->gid_to_name
rpc.idmapd: nfs4_gid_to_name: nsswitch->gid_to_name returned 0
rpc.idmapd: nfs4_gid_to_name: final return value is 0
rpc.idmapd: Server : (group) id "1000" -> name "agi@domain"
I've tried commenting out "Domain = domain" and setting it to its real value,
(in the server's /etc/idmapd.conf) both test with the same result.
I'm not saying that "user@domain" is not the right value for this (it probably
is, don't know the RFC). But it's not the way it used to behave.
It would be nice to have a way to have rpc.idmapd report users and
groups as it used to, in order to avoid modifying /etc/idmapd.conf in
hundreds of nfs clients as well as introducing an extra attribute (for
NFSv4_name_attr and NFSv4_group_attr) in LDAP (now just using "uid").
I expect this bug to hit nfs (v4) servers upgrading from Squeeze to
Wheezy.
Thanks,
Alberto
--
Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
--- End Message ---
--- Begin Message ---
Source: nfs-utils
Source-Version: 1:1.2.6-4
We believe that the bug you reported is fixed in the latest version of
nfs-utils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 675188@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated nfs-utils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 11 May 2013 14:37:13 +0200
Source: nfs-utils
Binary: nfs-kernel-server nfs-common
Architecture: source amd64
Version: 1:1.2.6-4
Distribution: stable
Urgency: low
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: Luk Claes <luk@debian.org>
Description:
nfs-common - NFS support files common to client and server
nfs-kernel-server - support for NFS kernel server
Closes: 675188 682709 707401 707720
Changes:
nfs-utils (1:1.2.6-4) stable; urgency=low
.
* mountd: auth_unix_ip should downcall on error to prevent
hangs (Closes: #682709).
* Avoid DNS reverse resolution fixes CVE-2013-1923 (Closes: #707401).
* Set default domain (Closes: #675188).
* Fix getopt handling for -R option (Closes: #707720).
Checksums-Sha1:
e12d056ac347f2ca2bdd71af3f537d770b5dbb4d 2244 nfs-utils_1.2.6-4.dsc
ecce84b044fca647feb30bec64fdf39427e776ad 39545 nfs-utils_1.2.6-4.debian.tar.bz2
d54414ec2b0696b93d8e53cda1341eb6f0b48f35 156260 nfs-kernel-server_1.2.6-4_amd64.deb
6e22b10977d81da12bf759ea25dc97f3760e0c02 287812 nfs-common_1.2.6-4_amd64.deb
Checksums-Sha256:
96e6be52317f30ad86e8dd54eebf4eda403c44e4fba3fbb17ea2aacdddfbfdb3 2244 nfs-utils_1.2.6-4.dsc
3b0ddf1c48d27aaedfd7c15e30301bbbce192024c30978107bfb6ee3ec421611 39545 nfs-utils_1.2.6-4.debian.tar.bz2
5cd88fe13c4e42fefe780b34d4f53f01d32159c6235d17d18e6cac9739638430 156260 nfs-kernel-server_1.2.6-4_amd64.deb
54eb48243394718447bffee1dca72e9240ecd5563af46d73ff926d00b0c8f51e 287812 nfs-common_1.2.6-4_amd64.deb
Files:
d47f0e26e17d2bd12efe0cf5a6cf9f27 2244 net standard nfs-utils_1.2.6-4.dsc
37dba20026ed7f6778ec1ef85a254b70 39545 net standard nfs-utils_1.2.6-4.debian.tar.bz2
07c75214386fad203bf86c70f4ba64e4 156260 net optional nfs-kernel-server_1.2.6-4_amd64.deb
e7167682ea97c27f8dd75bfd9c673816 287812 net standard nfs-common_1.2.6-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRjj3+AAoJECEnNxubsjBisf8P/iuoViemcgKVDo6tbyn3CoR+
qmLTVYQ3vASdsmwC+FcijH39vG/U76hSd3GWJ+9vni7stqaCApJSTpZJunKgD0zb
hiCTTxw6Q6aCSgsd0ENNd0IGIoRF/ofyXsatN3TjzMjOCkQacBjdPLL4UTOpYG/W
cAbCnYQPcJaQNzS9fC1pLbf5WQ8n43aHRFXH91dZzxYYVS74UB4BwEZ17/IHWKS4
WbA0dZ5TPeor5LW1v4nVT3P3DjkjcPRZUcsSSgy26e/9XEWGMmqiQrdkl0QSWhHr
kFJKUGUQJ20Lo/YMjNTgIU1XjL2zIYkhjUJloa/xYGaKjeY+EpnULCXgZOwJ9oXy
mmw2TsevVZ2F+DLw4OvSVyImyugGKNaCZvcFgiA/SutdgS30hK+bIXaGg2lvcMjB
ISSLhPmC0qKLvpLnaEY7580SJ07Ady7dD/1d/D3KsIAqUNBjG4NuHs5mjIfvA2Gg
MiVSWUDhntlgVaFyzKUWeESmVshY2QHZhMuaKwfiJPOceH5C8EKFbzBZPehtvDkX
lDLSfxvzltqSNRpokeEhPZshLjF06R/9Ll2Le+C28UgN7DTrXbpmRiUylq0f75l+
7pHi291eV9qJT9lkAbUgcDZkCyUeZa0m7RGk79f/hkHl6fGaOujPDuIz8s9eHs4E
Ig73Rbl1PKRaIOT9k4iR
=z20X
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: