9:46 a.m.
Yea, use the debug for IDMAPPER:
LOG {
COMPONENTS {
IDMAPPER = Full_Debug;
}
}
Also try taking a tcpdump trace, check what's in the credentials.
Which actually reminds me, here's where ID Mapping falls down... If you are using
AUTH_SYS, the RPC credential is uid, gid, alt-groups. That credential is what is going to
be used to create files and evaluate permissions.
To get the full benefit of ID Mapping you need to use AUTH_GSS, most likely with Kerberos.
That way the RPC credential is a Kerberos token which is translated into the local user on
the server using ID Mapping.
Frank
-----Original Message-----
From: Daniel Gryniewicz [mailto:dang@redhat.com]
Sent: Friday, August 16, 2019 6:28 AM
To: support(a)lists.nfs-ganesha.org
Subject: [NFS-Ganesha-Support] Re: Using nfsidmap with NFS Ganesha on
CentOS 7
I'm not an expert on idmap, but a few quick notes that might help.
1. The log flag is IDMAPPER
2. You are running nfsv4, right? (just checking...)
3. The domains on the client and server have to match exactly, even to the case.
4. NFSIDMAP is on by default, so it's likely to be on for the CentOS SIG, but Kaleb
would know for sure
Daniel
On 8/15/19 8:21 PM, Alexander Bauer wrote:
> Hello all,
>
> I'm attempting to configure my NFS Ganesha installation with nfsidmap,
> using local usernames. This is a home environment using trusted hosts
> and no central authentication yet, so I'm finding a lot of
> documentation on NFS Ganesha in enterprise environments, or in
> environments which accommodate self-compiling it with different configure
flags.
>
> Right now, I have nfsidmap configured on my Ganesha server and on my
> NFS client, with matching domains, and users with matching names, but
> different UIDs on each. I have set the option nfs4_disable_idmapping=N
> (which disables idmapping when sec=sys) for nfsd and nfs on the server
> and client respectively. But files created from the client maintain
> the client user's UID when inspected on CephFS, rather than being
> translated to the server user's UID.
>
> I can't seem to figure out what configure flags the version in the
> CentOS SIG repo has, nor what the requirements are to allow Ganesha to
> use nfsidmap, nor what logging to enable to debug the process. Is
> there current documentation or a guide on interactions between the
> two, so that I can narrow down my issue?
>
> Thanks in advance, and warm wishes,
> Sasha
>
> _______________________________________________
> Support mailing list -- support(a)lists.nfs-ganesha.org To unsubscribe
> send an email to support-leave(a)lists.nfs-ganesha.org
>
_______________________________________________
Support mailing list -- support(a)lists.nfs-ganesha.org To unsubscribe send an
email to support-leave(a)lists.nfs-ganesha.org