[Samba] [CentOS] Samba4 and NFSv4
steve
steve at steve-ss.com
Thu Jun 20 15:20:03 MDT 2013
On Thu, 2013-06-20 at 16:57 -0400, Steve Thompson wrote:
> On Thu, 20 Jun 2013, steve wrote:
>
> Thanks for your reply! I am really pulling my hair out over this one, and
> I don't have that much left :(
>
> > What do you have in /etc/idmapd.conf
>
> The content of this file is correct as far as I understand it, as it works
> with NFSv3 and NFSv4 with sec=sys:
>
> [General]
> Verbosity = 0
> Domain = icse.cornell.edu
> Local-Realms = TITAN.TEST.CORNELL.EDU
>
> [Mapping]
> Nobody-User = nobody
> Nobody-Group = nobody
>
> [Translation]
> Method = nsswitch
>
> (and I have nsswitch.conf correctly configured).
>
> Note: in my case, the value of Domain in idmapd.conf is NOT the same as
> the DNS domain name. But as I understand it, as long as it is the same on
> all servers and clients, this should not matter, as it is just a label. I
> tried setting it to the DNS domain name, but it didn't make any
> difference. And changing it on just the server and not the clients leaves
> all ownerships as being nobody:nobody instead of the proper ownerships,
> which is (a) expected, and (b) leads me to believe that rpc.idmapd is
> working as it should. Starting rpc.idmapd with -vvv dumps the mappings to
> /var/log/messages, and they are correct. In any case, clients don't all
> have the same DNS domain name.
>
> > What does ps aux | grep rpc give?
>
> rpc 1616 0.0 0.0 18972 992 ? Ss Jun18 0:00 rpcbind
> rpcuser 1649 0.0 0.0 25420 1380 ? Ss Jun18 0:00 rpc.statd
> root 1678 0.0 0.0 0 0 ? S Jun18 0:00 [rpciod/0]
> root 1679 0.0 0.0 0 0 ? S Jun18 0:01 [rpciod/1]
> root 5789 0.0 0.0 50112 2072 ? Ss 12:06 0:00 rpc.svcgssd -vvv
> root 5795 0.0 0.0 107304 276 ? Ss 12:06 0:00 rpc.rquotad
> root 5799 0.0 0.0 22832 2560 ? Ss 12:06 0:00 rpc.mountd --no-nfs-version 2
> root 5850 0.0 0.0 36900 1048 ? Ss 12:06 0:00 rpc.idmapd -vvv
> root 8807 0.0 0.0 37340 2556 ? Ss 16:37 0:00 rpc.gssd -vvv
>
> All the expected daemons are present, including rpc.gssd and rpc.svcgssd.
> I have rpc.svcgssd running on the clients too, although it should not be
> necessary there (but the CentOS init scripts don't give the option to not
> start it).
>
> > Can the user browse using nfs3?
> > mount -t nfs3 -o sec=krb5 <server_fqdn>:/data /mnt
>
> No; exactly the same result as NFSv4. But yes with sec=sys.
>
> > Have a look at the gotchas. There's loadsa wrong info abut kerberos and
> > nfs4: http://linux-nfs.org/wiki/index.php/Nfsv4_configuration
>
> That's one of the many articles that I've read (several times). I don't
> see anything wrong in what I have done (btw, I don't agree that the fsid=0
> export should be mode 1777, and I don't agree that your first exports
> example is the proper way to do it. But in any event I have tried those
> too, to no effect).
>
> Steve
Hi
Nobody agrees with anything for nfs4, so don't worry!
Ok, that narrows it down to kerberos I suppose. What does the mount look
like:
rpc.gssd -fvvv
and the idmapping:
rpc.idmapd -fvvv
The latter may throw up some uidNumbers
More information about the samba
mailing list