> nfs4_gss_princ_to_ids() should have succeeded if you have set up your

Hi, Can someone please reply to this. Thanks, Sri Krishna On Thu, Aug 2, 2018 at 1:18 PM, Sri Krishnachowdary kankanala < kankanalakittu(a)gmail.com&gt; wrote: > Hi, > > I have AD server configured on windows 2012 server. I joined centos node > to AD using sssd. I configured sssd with fully qualified domain names for > users. > I mounted the nfs4 ganesha's export using krb5. > > I create a file from client node logged in as user1(a)ad.domain.com but > when I do "ls -I" I see below entries where as I expect the owner to be > user1(a)ad.domain.com > > -rw-r--r-- 1 4294967294 4294967294 0 Aug 1 23:12 > file1 > > > I see the below error in ganesha logs: > > > nfs_req_creds :Could not map principal user1(a)AD.DOMAIN.COM to uid > > I further went ahead and used nfs4_set_debug() to get more logs and found > the below in ganesha logs when principal2uid() is called: > > nfs4_gss_princ_to_ids: calling nsswitch->princ_to_ids > > nss_getpwnam: name &#39;user1(a)AD.DOMAIN.COM&#39; domain '(null)': resulting > localname 'user1' > > nfs4_gss_princ_to_ids: nsswitch->princ_to_ids returned -2 > > nfs4_gss_princ_to_ids: final return value is -2 > > > > Relevant entries in my idmap.conf: > > [General] > > Domain = ad.domain.com > > [Translation] > > Method = nsswitch > > The same setup works if I disable fully qualified domain names from sssd. > > Is there a way to use other methods like umich_ldap and get Fully > qualified AD domain running with nfs4 ganesha? > Can you please list the steps I need to follow on order to do that? > > Thanks, > Sri Krishna > > >