I recently set up an NFS v4 server on debian stretch. If I use a debian client to mount the share, everything works fine. However, if I use a CentOS or a Ubuntu client, the permissions don't work.
I have synchronized the group ids manually, and that's the only permissions I'm interested in.
I have a directory structure like this:
/export
/export/ssl
/export/ssl/wildcard
/export/ssl/wildcard is chmod 2750 with root:ssl-cert as its owner.
root user is uid 0, ssl-cert is gid 555.
My exports file looks like this:
/export 10.77.9.0/24(rw,sync,fsid=0,crossmnt,no_subtree_check)
/export/ssl 10.77.9.0/24(ro,sync,no_subtree_check)
/export/ssl/wildcard 10.77.9.0/24(ro,sync,no_subtree_check)
There is no firewall on the server. iptables is wide open. Server is 10.77.9.188 and client is 10.77.9.189. hosts.allow has ALL:ALL on the last line.
I have no trouble mounting the share on the client. But a member of the ssl-cert group (again, it IS GID 555 -- I made the group manually to ensure this) CANNOT enter the directory. They cannot read files in the directory. They cannot do anything with the share.
I have this trouble with Ubuntu 14.04, Ubuntu 16.04, and CentOS 7. I do not have any issues with Debian 8 or Debian 9 clients.
/etc/default/nfs-common has
NEED_IDMAPD=yes
/etc/default/nfs-kernel-server is stock; no changes.
I have this problem with NFSv4 servers on Debian 8 and Debian 9.
If I run the NFS server on Ubuntu 16.04, I can access it fine from Ubuntu clients and CentOS clients, but Debian clients have the same problem.
What am I missing? What can I do to further troubleshoot this? Is there any way to determine what mapping it THINKS is occurring?
Thanks.