Hello,

These are my system configuration. 

CentOS Linux release 7.3.1611

Linux 3.10.0-514.el7.x86_64 kernel

nfs-ganesha-2.3.2-1.el7.x86_64

libnfsidmap-0.25-19.el7.x86_64

 

I am trying to use nfs-ganesha with openldap and kerberos.  

In the client, I am using autofs to mount the home directories of the users.

Logging as a user in the client is failing with following error

>>Could not chdir to home directory /home/demouser2: Permission denied

>>-bash: /home/demouser2/.bash_profile: Permission denied

Nfs-ganesha logs:

25/09/2018 06:54:34 : epoch 5ba9e1a1 : ganesha.nfsd-29533[work-6] nfs_req_creds :DISP :M_DBG :Mapping RPCSEC_GSS principal demouser2@DMS.COM to uid/gid

25/09/2018 06:54:34 : epoch 5ba9e1a1 : ganesha.nfsd-29533[work-6] principal2uid :RW LOCK :F_DBG :Got read lock on 0x7f92c10e6380 (&idmapper_user_lock) at /builddir/build/BUILD/nfs-ganesha-2.3.2/src/idmapper/idmapper.c:662

25/09/2018 06:54:34 : epoch 5ba9e1a1 : ganesha.nfsd-29533[work-6] principal2uid :RW LOCK :F_DBG :Unlocked 0x7f92c10e6380 (&idmapper_user_lock) at /builddir/build/BUILD/nfs-ganesha-2.3.2/src/idmapper/idmapper.c:667

25/09/2018 06:54:34 : epoch 5ba9e1a1 : ganesha.nfsd-29533[work-6] nfs_req_creds :ID MAPPER :WARN :Could not map principal demouser2@DMS.COM to uid


If I am using nfs, everything is working properly. So why this issue is only with nfs-ganesha? Am I doing something wrong in configuration? 

nfs-ganesha configuration file : /etc/ganesha/ganesha.conf

 

NFSV4

{

        IdmapConf = /etc/idmapd.conf;

        Allow_Numeric_Owners = false;

}

EXPORT

{

        # Export Id (mandatory, each EXPORT must have a unique Export_Id)

        Export_Id = 77;

 

        # Exported path (mandatory)

        Path =  /home;

 

        # Pseudo Path (required for NFS v4)

        Pseudo =  /home;

 

        # Required for access (default is None)

        # Could use CLIENT blocks instead

        Access_Type = RW;

        SecType = sys, krb5;

 

        # Exporting FSAL

        FSAL {

                Name = VFS;

        }

        CLIENT {

                Clients = client;

                Squash = No_root_squash;

        }

        NFS_KRB5

        {

           PrincipalName = "nfs" ;

           KeytabPath = /etc/krb5.keytab ;

           Active_krb5 = YES ;

        }

}

 


Thanks,

Durga.