10:32 p.m.
Dan is correct. You can use "ganesha_mgr purge netgroups" to purge the
cache. Otherwise wait for 30 minutes!
Also, ganesha needs ipaddr to name mapping (DNS) and the name must be
in the netgroup (not the IP address). We could check for the IP
address as well, but currently not done.
Regards, Malahal.
On Tue, Dec 18, 2018 at 7:25 PM Daniel Gryniewicz <dang(a)redhat.com> wrote:
>
> On 12/18/2018 08:31 AM, Sachin Punadikar wrote:
> > Hello,
> > Does Ganesha's internal caching do support nested netgroups ?
> > One customer is reporting that one client from nested netgroup is
> > allowed to access while another one from same nested group is not allowed.
> > Any hints on possible cause of such scenario ?
> > Is there any way by which one can purge the netgroup cache in Ganesha ?
> >
>
> The netgroup cache code is pretty simple. It just looks in the cache
> tree by host/group, and returns if found; otherwise, it calls
> innetgr(group, host, NULL, NULL), and caches the result in the cache
> tree. Entries in the cache time out after 30 minutes. We don't
> explicitly do anything related to nested groups; if innetgr() returns
> success, then we'll cache the hostname in the outer group. There
> doesn't appear to be a reason why a host can't be in multiple groups.
>
> You can clear the netgroup cache with a dbus command purge_netgroups.
>
> Note that, if a host is not part of a group, so it fails, then we'll
> cache the negative status for 30 minutes. Adding the host to the
> correct group won't have any immediate effect, unless you clear the cache.
>
> Daniel
> _______________________________________________
> Devel mailing list -- devel(a)lists.nfs-ganesha.org
> To unsubscribe send an email to devel-leave(a)lists.nfs-ganesha.org