LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   AD UIDs and GIDs not mapping on NFS Share between Redhat 5 and 6 (http://www.linuxquestions.org/questions/linux-networking-3/ad-uids-and-gids-not-mapping-on-nfs-share-between-redhat-5-and-6-a-4175431794/)

Stannley 10-12-2012 01:58 AM

AD UIDs and GIDs not mapping on NFS Share between Redhat 5 and 6
 
Hi Guys

I have a folder on a Red Hat 5 machine that is shared via NFS to several Red Hat 5 servers and one new Red Hat 6 server. On the Red Hat 5 servers the UIDs and GIDs of the files / folders are correctly mapped to the AD users and groups. On the Red Hat 6 server I only see the UID and GID - they are not mapped the the usernames / group names. This results in my users not having access to the files and folders they created on the source machine.

I am able to log into the machine using my network login so I know winbind / samba is working.

Does anyone have any idea on how to get the UID's and GID's mapped correctly? Is this an incompatability between NFS on Redhat 5 and 6 or maybe winbind is set up incorrectly?

The settings for the NFS share are *(rw,sync,no_root_squash)

Thanks in advance

Simon

suicidaleggroll 10-12-2012 02:04 AM

File permissions on Linux are by UID and GID, not user name and group name. This includes NFS shares.

If you want a user on the NFS client to have the same permissions on the share as on the NFS server, their user name must be tied with the same UID on both machines. It's relatively simple to migrate a user to a different UID, but having never used winbind I'm not sure if this will complicate things.

Stannley 10-12-2012 02:12 AM

Quote:

Originally Posted by suicidaleggroll (Post 4803608)
File permissions on Linux are by UID and GID, not user name and group name. This includes NFS shares.

If you want a user on the NFS client to have the same permissions on the share as on the NFS server, their user name must be tied with the same UID on both machines. It's relatively simple to migrate a user to a different UID, but having never used winbind I'm not sure if this will complicate things.

Thanks for that. I think your comment has clarified that it must be a winbind issue as (I assume) when a network user logs in they should have the same UID and GID on all machines. It would appear that a different UID / GID is assigned/interpretted between my Red Hat 5 and 6 servers.

Anyone know how to check / fix this?

suicidaleggroll 10-12-2012 02:14 AM

You can check it by running "id <user>" on each machine. That will tell you the UID, primary group and GID, and all groups and GIDs the user belongs to. I imagine you'll see a discrepancy when comparing the UID and GID on your RHEL 5 machines to that your RHEL 6 machine.

Somebody else with more (read: any) winbind experience will have to comment on how to fix it.

Stannley 10-12-2012 03:20 AM

Quote:

Originally Posted by suicidaleggroll (Post 4803612)
You can check it by running "id <user>" on each machine. That will tell you the UID, primary group and GID, and all groups and GIDs the user belongs to. I imagine you'll see a discrepancy when comparing the UID and GID on your RHEL 5 machines to that your RHEL 6 machine.

Somebody else with more (read: any) winbind experience will have to comment on how to fix it.

Yep, checked a couple of users and can confirm that their UIDs are different to those in my other environments. I checked smb.conf and found that the UID and GID ranges are different to those specified in the Red hat 5 environments. I edited the smb.conf to make the uid and gid ranges the same as my other environments, restarted smb and winbind and asked a colleague to log in and he was unable to. Put it back to how it was and he was able to log in.

For your info, my uid in Red Hat 5 is 15162 and in 6 it is 16777216. The range in 5 is set as:

idmap config PFS:range = 10000 - 20000

whereas the range in 6 is:

idmap uid = 16777216-33554431
idmap gid = 16777216-33554431

When I tested manually setting the range in 6 I added another two lines beneath the authconfig end line as below:

idmap uid = 10000 - 20000
idmap gid = 10000 - 20000

Note that I did not remove the other two lines.

Just to add another level of complexity into the mix - we have 2 domain controllers, one of them is 32 bit and the other a 64 bit machine. I believe the Red Hat 5 servers are authenticating through the 32 bit machine as the version of samba on those machines will not connect to the windows 2008 server. I am wondering if that is why the Red Hat 5 servers are getting the lower uid and gid and the Red Hat 6 machine might be authenticating through the 64 bit machines and getting the higher uid and gid.

Any help would be greatly appreciated!

Stannley 10-14-2012 11:32 PM

I have now fixed this issue. The solution was to following the instructions in this document: http://www.redhat.com/rhecm/rest-rhe...h:resourceFile

I did make a small change - I changed the idmap range to be 10000-19999

I believe the reason that this change did not for me previously was due to the settings being cached - one of the steps in the above document was to delete the cache and then re join the domain.

Thanks to suicidaleggroll for all your help.


All times are GMT -5. The time now is 01:11 AM.