Re: Issues with nfs v4 and security
On Mon, Mar 19, 2012 at 10:41 PM, Alexander Samad <alex@samad.com.au> wrote:
> this is on server A
> /home/alex
> -no_root_squash,insecure,wdelay,no_subtree_check,async,mp=/home/alex
> 192.168.11.14/32(rw) laptop.wlan1.hme1.samad.com.au(rw)
> laptop.lan1.hme1.samad.com.au(rw) alex-mini.lan1.hme1.samad.com.au(rw)
> alex-mini.wlan1.hme1.samad.com.au(rw) nas.lan1.hme1.samad.com.au(rw)
>
> server B
> /exports/video/cam
> -no_root_squash,insecure,wdelay,no_subtree_check,async,crossmnt,mp=/exports/video
> 192.168.8.0/22(rw) mmac(rw,root_squash,anonuid=1025,anongid=1029)
I've lost track whether it's when you're mounting the serverA or
serverB export that you're having the nobody problem but do you have
the same problem when mounting that export from another box? Do you
have the problem when mounting via hostname and not via ip address?
Are all your "Domain" values the same in all your boxes'
"/etc/idmapd.conf"? Do they all have "Domain = abc.com.au" like the
one that you posted earlier?
>> Do "/var/log/messages" and a verbose mount give you any information on
>> the failure?
>>
> so i tried a mount -v ? is that what you meant by verbose, the only thing I
> got was
> Mar 20 13:37:27 max rpc.idmapd[19081]: nss_getpwnam: name 'nobody' does not
> map into domain 'samad.com.au'
You can use "-vvv" but it's pretty clear that you have an idmapd problem.
> got me thinking my nsswitch and some other libraries are not update on
> server B this is the one serving up the bad mount
Is "/etc/nsswitch.conf" the same on your two boxes? Does "getent
hosts" list all of your hosts and their ip addresses? Can you query
LDAP for hostnames on all your boxes?
>> (What's the "localdoman" variable in :/etc/idmapd.conf" for?)
>
> don't know !
I've never seen "localdomain/localdoman" as an "/etc/idmapd.conf" stanza.
Reply to: