Carlos E. R. said the following on 03/16/2012 07:58 AM:
On 2012-03-16 12:44, Anton Aylward wrote:
While I count my self fortunate in that I've always been able to ensure matching user IDs, I thought there was a tool for remapping ... nfsmapid(4) or rpc.idmapd and idmapd.conf(5)
Must be new, I don't have those two manuals in my 11.4
I do seem to recall seeing something like this back in the 1990s when I first used NFS cross a enterprise level network, but as I said, it turned out that it was easy enough to have centralised (YP in those days) UID management.
http://www.dcache.org/manuals/Book-2.1/config/cf-idmap-fhs.shtml
Doesn't say much :-?
This one only uses:
Nobody-User = nobody Nobody-Group = nobody
This is, I think, the generic mapping that was always available, no other user could be remapped.
I think otherwise. I think all users get remapped but the ones that can't (aka don't exist on the 'other' system) need to be dealt with. I think the default is that the two daemons talk to each other and do the remapping. Its only the exceptions that need to appear in the config. Perhaps you missed it, perhaps the references didn't make it clear, but the daemon has to run on both ends. Of course, as Lynn points out, Kerberos and LDAP can come to play as well, but make sure you set up the realms/domains properly www.citi.umich.edu/projects/nfsv4/crossrealm/ASC_NFSv4_WKSHP_X_DOMAIN_N2ID.pdf In that case you are really authenticating against Kerberos so I'm not sure the ID #s are that important. -- Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench. -- Gene Spafford -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org