Mailinglist Archive: opensuse (1445 mails)

< Previous Next >
Re: [opensuse] SAMBA.
Carlos E. R. said the following on 03/16/2012 07:58 AM:
On 2012-03-16 12:44, Anton Aylward wrote:

While I count my self fortunate in that I've always been able to ensure
matching user IDs, I thought there was a tool for remapping ...
nfsmapid(4) or rpc.idmapd and idmapd.conf(5)

Must be new, I don't have those two manuals in my 11.4

I do seem to recall seeing something like this back in the 1990s when I
first used NFS cross a enterprise level network, but as I said, it
turned out that it was easy enough to have centralised (YP in those
days) UID management.


http://www.dcache.org/manuals/Book-2.1/config/cf-idmap-fhs.shtml

Doesn't say much :-?

https://wiki.archlinux.org/index.php/NFSv4#ID_mapping

This one only uses:

Nobody-User = nobody
Nobody-Group = nobody

This is, I think, the generic mapping that was always available, no other
user could be remapped.

I think otherwise.
I think all users get remapped but the ones that can't (aka don't exist
on the 'other' system) need to be dealt with. I think the default is
that the two daemons talk to each other and do the remapping. Its only
the exceptions that need to appear in the config.

Perhaps you missed it, perhaps the references didn't make it clear, but
the daemon has to run on both ends.

Of course, as Lynn points out, Kerberos and LDAP can come to play as
well, but make sure you set up the realms/domains properly

www.citi.umich.edu/projects/nfsv4/crossrealm/ASC_NFSv4_WKSHP_X_DOMAIN_N2ID.pdf

In that case you are really authenticating against Kerberos so I'm not
sure the ID #s are that important.

--
Using encryption on the Internet is the equivalent of arranging an
armored car to deliver credit card information from someone living in a
cardboard box to someone living on a park bench.
-- Gene Spafford
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >