Hey Folks!

Hope everyone is doing great!

Question.  Tried a few sources to solve the UID and GID NFS mapping ability I would like to implement.  Mounting NFS Ganesha using sec=sys works but as soon as I use krb5, krb5i, krb5p etc I get 'permission denied' on the UID that IS the owner of that folder. 

Tried idmapd, as well as this suggestion:

UID_GID_Mapping = NFSv4_ID_Mapping

in FSAL which obviously didn't work.  So wondering, what is the proper way to get UID and GID mapping working with NFS Ganesha and GlusterFS using sec=krb5* ?   Would love to look at a working example with sample configurations if possible.

My config:

[root@nfs01 glusterfs]# cat /etc/ganesha/ganesha.conf /etc/ganesha/export.conf|grep -v "^#"

/etc/ganesha/ganesha.conf
LOG {
        Components {
                 ALL = EVENT;
        }

        Facility {
                name = FILE;
                destination = "/var/log/ganesha/ganesha-rgw.log";
                enable = active;
        }
}

NFSv4 {
    Lease_Lifetime = 20 ;
    IdmapConf = "/etc/idmapd.conf" ;
    DomainName = "nix.mds.xyz" ;
}

NFS_KRB5 {
        PrincipalName = "nfs/nfs01.nix.mds.xyz@NIX.MDS.XYZ" ;
        KeytabPath = /etc/krb5.keytab ;
        Active_krb5 = YES ;
}


NFS_Core_Param {
        Bind_addr=192.168.0.100;
        NFS_Port=2049;
        MNT_Port=20048;
        NLM_Port=38468;
        Rquota_Port=4501;
}

%include "/etc/ganesha/export.conf"

/etc/ganesha/export.conf

EXPORT {
        Export_Id = 1 ;
        Path = "/n";

        FSAL {
                name = GLUSTER;
                hostname = "nfs01.nix.mds.xyz";
                volume = "gv01";
                # UID_GID_Mapping = NFSv4_ID_Mapping;
        }

        Access_type = RW;
        Squash = No_root_squash;
        Disable_ACL = FALSE;
        Pseudo = "/n";
        Protocols = "3", "4"; 
        Transports = "UDP", "TCP" ;
        SecType = "sys","krb5","krb5i","krb5p";     # "sys","krb5","krb5i","krb5p";
}

[root@nfs01 glusterfs]#