On Tuesday 03 January 2012 23:02:41 lynn wrote:
Is this a bug in Yast? Yes, it looks like a bug. Is it important enough to bugzilla it? I think it's worth an entry, yes. YaST should be able to handle nfs4
Whilst we're here, does the Kerberos stuff look after itself? I've kerberized nfs but in particular, should the nfs4 domainname relate to the Kerberos realm? (It doesn't seem to matter what you call it so long as it's set the same on server and clients.) kerberos is something I haven't played with at all, so I have to defer to others here. I *think* it should be the kerberos domain, but I'm not sure
Also, is it intended that the Yast NFS Client set the Domain=domainname in /etc/idmapd.conf ? (Yast NFS Server does.) I'm not sure if this is another bug, but I had to change this manually on the client:
[General] Verbosity=0 Pipefs-Directory=/var/lib/nfs/rpc_pipefs #Domain=domainname Domain=SOMETHING.ELSE [Mapping] Nobody-User=nobody Nobody-Group=nobody It should match what is set on the server, otherwise idmapd won't know how to translate users. This is a problem even without kerberos, but I'm not sure where YaST should get the domain name from. If you are using the Yast NFS Client then I think it should get the Kerberos realm from the NFSv4 settings option. Except in my case it didn't and uid:gid was mapped to nobody:nobody. It would be better if Yast took the domainname from what was already set on the server. Yast NFS Client should also check to see if there was an NFS server before it gave the error 'cannot mount nfs shares from fstab'. The Domain setting is only relevant if rpc.idmapd NFSv4 is used I think. I don't what you need for NFSv3. There could be other ways e.g. if you had joined a M$ AD domain or used Yast Kerberos Client to be able to authenticate. Just
On 01/03/2012 11:11 PM, Anders Johansson wrote: thinking out loud.
It is definitely a problem, but I'm not sure if it's a bug or a feature request
I suppose it's a request, that is also a suggestion, which would make Yast even greater than it already is;)
Sorry to be a pain. I'd say these are valid issues. Not a pain
Anders L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org