[Samba] [CentOS] Samba4 and NFSv4

steve steve at steve-ss.com
Thu Jun 20 15:20:03 MDT 2013


On Thu, 2013-06-20 at 16:57 -0400, Steve Thompson wrote:
> On Thu, 20 Jun 2013, steve wrote:
> 
> Thanks for your reply! I am really pulling my hair out over this one, and 
> I don't have that much left :(
> 
> > What do you have in /etc/idmapd.conf
> 
> The content of this file is correct as far as I understand it, as it works 
> with NFSv3 and NFSv4 with sec=sys:
> 
> [General]
> Verbosity = 0
> Domain = icse.cornell.edu
> Local-Realms = TITAN.TEST.CORNELL.EDU
> 
> [Mapping]
> Nobody-User = nobody
> Nobody-Group = nobody
> 
> [Translation]
> Method = nsswitch
> 
> (and I have nsswitch.conf correctly configured).
> 
> Note: in my case, the value of Domain in idmapd.conf is NOT the same as 
> the DNS domain name. But as I understand it, as long as it is the same on 
> all servers and clients, this should not matter, as it is just a label. I 
> tried setting it to the DNS domain name, but it didn't make any 
> difference. And changing it on just the server and not the clients leaves 
> all ownerships as being nobody:nobody instead of the proper ownerships, 
> which is (a) expected, and (b) leads me to believe that rpc.idmapd is 
> working as it should. Starting rpc.idmapd with -vvv dumps the mappings to 
> /var/log/messages, and they are correct. In any case, clients don't all 
> have the same DNS domain name.
> 
> > What does ps aux | grep rpc give?
> 
> rpc       1616  0.0  0.0  18972   992 ?        Ss   Jun18   0:00 rpcbind
> rpcuser   1649  0.0  0.0  25420  1380 ?        Ss   Jun18   0:00 rpc.statd
> root      1678  0.0  0.0      0     0 ?        S    Jun18   0:00 [rpciod/0]
> root      1679  0.0  0.0      0     0 ?        S    Jun18   0:01 [rpciod/1]
> root      5789  0.0  0.0  50112  2072 ?        Ss   12:06   0:00 rpc.svcgssd -vvv
> root      5795  0.0  0.0 107304   276 ?        Ss   12:06   0:00 rpc.rquotad
> root      5799  0.0  0.0  22832  2560 ?        Ss   12:06   0:00 rpc.mountd --no-nfs-version 2
> root      5850  0.0  0.0  36900  1048 ?        Ss   12:06   0:00 rpc.idmapd -vvv
> root      8807  0.0  0.0  37340  2556 ?        Ss   16:37   0:00 rpc.gssd -vvv
> 
> All the expected daemons are present, including rpc.gssd and rpc.svcgssd. 
> I have rpc.svcgssd running on the clients too, although it should not be 
> necessary there (but the CentOS init scripts don't give the option to not 
> start it).
> 
> > Can the user browse using nfs3?
> > mount -t nfs3 -o sec=krb5 <server_fqdn>:/data /mnt
> 
> No; exactly the same result as NFSv4. But yes with sec=sys.
> 
> > Have a look at the gotchas. There's loadsa wrong info abut kerberos and 
> > nfs4: http://linux-nfs.org/wiki/index.php/Nfsv4_configuration
> 
> That's one of the many articles that I've read (several times). I don't 
> see anything wrong in what I have done (btw, I don't agree that the fsid=0 
> export should be mode 1777, and I don't agree that your first exports 
> example is the proper way to do it. But in any event I have tried those 
> too, to no effect).
> 
> Steve

Hi
Nobody agrees with anything for nfs4, so don't worry!
Ok, that narrows it down to kerberos I suppose. What does the mount look
like:
rpc.gssd -fvvv
and the idmapping:
rpc.idmapd -fvvv

The latter may throw up some uidNumbers






More information about the samba mailing list