system correctly. We use "winbind" with AD.
I am using ubuntu. Can you pls let me know what libraries I need to use to compile ganesha with windbind?
Thanks,
Sri Krishna
Hi,Can someone please reply to this.Thanks,Sri KrishnaOn Thu, Aug 2, 2018 at 1:18 PM, Sri Krishnachowdary kankanala <kankanalakittu@gmail.com> wrote:Hi,I have AD server configured on windows 2012 server. I joined centos node to AD using sssd. I configured sssd with fully qualified domain names for users.I mounted the nfs4 ganesha's export using krb5.I create a file from client node logged in as user1@ad.domain.com but when I do "ls -I" I see below entries where as I expect the owner to be user1@ad.domain.com-rw-r--r-- 1 4294967294 4294967294 0 Aug 1 23:12 file1
I see the below error in ganesha logs:
nfs_req_creds :Could not map principal user1@AD.DOMAIN.COM to uid
I further went ahead and used nfs4_set_debug() to get more logs and found the below in ganesha logs when principal2uid() is called:nfs4_gss_princ_to_ids: calling nsswitch->princ_to_ids
nss_getpwnam: name 'user1@AD.DOMAIN.COM' domain '(null)': resulting localname 'user1'
nfs4_gss_princ_to_ids: nsswitch->princ_to_ids returned -2
nfs4_gss_princ_to_ids: final return value is -2
Relevant entries in my idmap.conf:[General]Domain = ad.domain.com
[Translation]Method = nsswitch
The same setup works if I disable fully qualified domain names from sssd.Is there a way to use other methods like umich_ldap and get Fully qualified AD domain running with nfs4 ganesha?Can you please list the steps I need to follow on order to do that?Thanks,Sri Krishna