[Bug 447549] New: On the clients ID mapping does not work correctly with NFSv4/ Kerberos-mounts
https://bugzilla.novell.com/show_bug.cgi?id=447549 User tomiak@helmholtz-berlin.de added comment https://bugzilla.novell.com/show_bug.cgi?id=447549#c1 Summary: On the clients ID mapping does not work correctly with NFSv4/Kerberos-mounts Product: openSUSE 11.0 Version: Final Platform: x86-64 OS/Version: openSUSE 11.0 Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: tomiak@helmholtz-berlin.de QAContact: qa@suse.de Found By: Community User The UID and GIDs of files on mounted filesystems with NFSv4 and Kerberos (-o sec=krb5) are not shown correctly. On the server they display ok, the client can create files on the server with the right UID/GID. The UID/GID are just displayed as nobody: On the client dispens.hmi.de (openSUSE 11.0) (Linux dispens.hmi.de 2.6.25.18-0.2-default #1 SMP 2008-10-21 16:30:26 +0200 x86_64 x86_64 x86_64 GNU/Linux) dispens:~ # rcnfs start Starting NFS client services: sm-notify gssd idmapd done dispens:~ # ls -la /mnt total 4 drwxrwxrwx 3 nobody nobody 184 Nov 20 17:12 . drwxr-xr-x 27 root root 4096 Nov 12 15:34 .. -rw-r--r-- 1 nobody nobody 0 Nov 20 16:29 Datei_von_Andreas -rw-r--r-- 1 nobody nobody 0 Nov 20 17:12 abc drwxr-xr-x 2 nobody nobody 72 Nov 12 16:22 tomiak -rw-r--r-- 1 nobody nobody 0 Nov 12 15:49 xxx -rw-r--r-- 1 nobody nobody 0 Nov 20 17:09 xxxx dispens:~ # umount /mnt Now changing the start order of idmapd (which is expected to cause the problem) and nfsd at the server digatevm1.hmi.de (openSUSE 11.0) (Linux digatevm1.hmi.de 2.6.22.19-0.1-default #1 SMP 2008-10-14 22:17:43 +0200 x86_64 x86_64 x86_64 GNU/Linux) and restart nfsserver with rcnfsserver restart, then remount it on the client and check the files again: dispens:~ # mount -t nfs4 -o sec=krb5 digatevm1.hmi.de:/ /mnt dispens:~ # ls -la /mnt total 4 drwxrwxrwx 3 root root 184 Nov 20 17:12 . drwxr-xr-x 27 root root 4096 Nov 12 15:34 .. -rw-r--r-- 1 dat fmd 0 Nov 20 16:29 Datei_von_Andreas -rw-r--r-- 1 dat fmd 0 Nov 20 17:12 abc drwxr-xr-x 2 dat root 72 Nov 12 16:22 tomiak -rw-r--r-- 1 nobody nogroup 0 Nov 12 15:49 xxx -rw-r--r-- 1 nobody nogroup 0 Nov 20 17:09 xxxx The mount command without the option sec=krb5 it works, but this voids the security features of NFSv4. Workaround: After changing the start order in /etc/init.d/nfsserver on the server digatevm1.hmi.de in such a way, that the idmapd is started after the nfsd, all works as expected. The command and the diff file for my suggested workaround: digatevm1:/etc/init.d # diff nfsserver nfsserver.changed 186,194d185 < if [ "$NEED_IDMAPD" = yes ]; then < echo -n " idmapd" < do_start_idmapd < if [ $? != 0 ]; then < rc_status -v < rc_exit < fi < echo $IDMAPD_BIN > $IDMAPD_SERVER_STATE < fi 221a213,221
if [ "$NEED_IDMAPD" = yes ]; then echo -n " idmapd" do_start_idmapd if [ $? != 0 ]; then rc_status -v rc_exit fi echo $IDMAPD_BIN > $IDMAPD_SERVER_STATE fi
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=447549
Robert Vojcik
https://bugzilla.novell.com/show_bug.cgi?id=447549
Robert Vojcik
https://bugzilla.novell.com/show_bug.cgi?id=447549
User nfbrown@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=447549#c2
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=447549
User tomiak@helmholtz-berlin.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=447549#c3
Andreas Tomiak
https://bugzilla.novell.com/show_bug.cgi?id=447549
User tomiak@helmholtz-berlin.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=447549#c4
Andreas Tomiak
https://bugzilla.novell.com/show_bug.cgi?id=447549
User tomiak@helmholtz-berlin.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=447549#c5
--- Comment #5 from Andreas Tomiak
participants (1)
-
bugzilla_noreply@novell.com