Re: Issues with nfs v4 and security
On Sun, Mar 18, 2012 at 7:13 PM, Alexander Samad <alex@samad.com.au> wrote:
> On Sun, Mar 18, 2012 at 6:20 PM, Tom H <tomh0665@gmail.com> wrote:
>> On Sun, Mar 18, 2012 at 12:34 AM, Alexander Samad <alex@samad.com.au>
>> wrote:
>>>
>>> I am having some issue with nfs-kernel.
>>>
>>> I have 2 servers both have NFS exports.
>>>
>>> when i mount 1 from server B to server A, the users come up as nobody
>>> and nogroup.
>>>
>>> when i mount from A to B I get the proper uid/gids
>>>
>>> on server B
>>> nfs:/home/alex /home/alex nfs
>>> _netdev,bg,rw,auto,noatime,nouser,async,nodev,suid,proto=tcp,vers=4
>>> 0 0
>>>
>>> on server A
>>> nas:/exports/video/cam /exports/video/cam nfs
>>> _netdev,bg,rw,noauto,noatime,nouser,async,nodev,nosuid,proto=tcp,vers=4
>>> 0 0
>>>
>>> idmap
>>>
>>> [General]
>>> Verbosity = 0
>>> Pipefs-Directory = /var/lib/nfs/rpc_pipefs
>>> # set your own domain here, if id differs from FQDN minus hostname
>>> # Domain = localdomain
>>> Domain = abc.com.au
>>> localdoman = hme1.bc.com.au
>>>
>>> [Mapping]
>>> Nobody-User = nobody
>>> Nobody-Group = nogroup
>>
>> Is "Domain" in "/etc/idmapd.conf" the same on all three boxes?
>>
>> Are the users' UIDs the same on all three boxes?
>
> only 2 boxs, both boxes acting as clients and servers. Yes the same
> uid/gid, they share a ldap service (they are both multi masters) and the
> id's are in sync on both boxs
>
> and the idmap.conf is the same on both boxs
Please don't top post.
Sorry. I didn't read Your initial message carefully. I saw that nfsv4
was failing and posted the first two checks that I'd do. I don't know
why I thought there were three boxes...
Given that you're using LDAP, what's in the "/etc/exports" on both boxes?
Are "rpc.idmapd" and "rpc.gssd" running on the "bad" client?
Do "/var/log/messages" and a verbose mount give you any information on
the failure?
(What's the "nas:/..." mount? Shouldn't it be "nfs:/..."?)
(What's the "localdoman" variable in :/etc/idmapd.conf" for?)
Reply to: