LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-12-2012, 12:58 AM   #1
Stannley
Member
 
Registered: Jul 2010
Posts: 35

Rep: Reputation: 0
AD UIDs and GIDs not mapping on NFS Share between Redhat 5 and 6


Hi Guys

I have a folder on a Red Hat 5 machine that is shared via NFS to several Red Hat 5 servers and one new Red Hat 6 server. On the Red Hat 5 servers the UIDs and GIDs of the files / folders are correctly mapped to the AD users and groups. On the Red Hat 6 server I only see the UID and GID - they are not mapped the the usernames / group names. This results in my users not having access to the files and folders they created on the source machine.

I am able to log into the machine using my network login so I know winbind / samba is working.

Does anyone have any idea on how to get the UID's and GID's mapped correctly? Is this an incompatability between NFS on Redhat 5 and 6 or maybe winbind is set up incorrectly?

The settings for the NFS share are *(rw,sync,no_root_squash)

Thanks in advance

Simon
 
Old 10-12-2012, 01:04 AM   #2
suicidaleggroll
Senior Member
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 2,813

Rep: Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996
File permissions on Linux are by UID and GID, not user name and group name. This includes NFS shares.

If you want a user on the NFS client to have the same permissions on the share as on the NFS server, their user name must be tied with the same UID on both machines. It's relatively simple to migrate a user to a different UID, but having never used winbind I'm not sure if this will complicate things.

Last edited by suicidaleggroll; 10-12-2012 at 01:05 AM.
 
1 members found this post helpful.
Old 10-12-2012, 01:12 AM   #3
Stannley
Member
 
Registered: Jul 2010
Posts: 35

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by suicidaleggroll View Post
File permissions on Linux are by UID and GID, not user name and group name. This includes NFS shares.

If you want a user on the NFS client to have the same permissions on the share as on the NFS server, their user name must be tied with the same UID on both machines. It's relatively simple to migrate a user to a different UID, but having never used winbind I'm not sure if this will complicate things.
Thanks for that. I think your comment has clarified that it must be a winbind issue as (I assume) when a network user logs in they should have the same UID and GID on all machines. It would appear that a different UID / GID is assigned/interpretted between my Red Hat 5 and 6 servers.

Anyone know how to check / fix this?
 
Old 10-12-2012, 01:14 AM   #4
suicidaleggroll
Senior Member
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 2,813

Rep: Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996
You can check it by running "id <user>" on each machine. That will tell you the UID, primary group and GID, and all groups and GIDs the user belongs to. I imagine you'll see a discrepancy when comparing the UID and GID on your RHEL 5 machines to that your RHEL 6 machine.

Somebody else with more (read: any) winbind experience will have to comment on how to fix it.
 
1 members found this post helpful.
Old 10-12-2012, 02:20 AM   #5
Stannley
Member
 
Registered: Jul 2010
Posts: 35

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by suicidaleggroll View Post
You can check it by running "id <user>" on each machine. That will tell you the UID, primary group and GID, and all groups and GIDs the user belongs to. I imagine you'll see a discrepancy when comparing the UID and GID on your RHEL 5 machines to that your RHEL 6 machine.

Somebody else with more (read: any) winbind experience will have to comment on how to fix it.
Yep, checked a couple of users and can confirm that their UIDs are different to those in my other environments. I checked smb.conf and found that the UID and GID ranges are different to those specified in the Red hat 5 environments. I edited the smb.conf to make the uid and gid ranges the same as my other environments, restarted smb and winbind and asked a colleague to log in and he was unable to. Put it back to how it was and he was able to log in.

For your info, my uid in Red Hat 5 is 15162 and in 6 it is 16777216. The range in 5 is set as:

idmap config PFS:range = 10000 - 20000

whereas the range in 6 is:

idmap uid = 16777216-33554431
idmap gid = 16777216-33554431

When I tested manually setting the range in 6 I added another two lines beneath the authconfig end line as below:

idmap uid = 10000 - 20000
idmap gid = 10000 - 20000

Note that I did not remove the other two lines.

Just to add another level of complexity into the mix - we have 2 domain controllers, one of them is 32 bit and the other a 64 bit machine. I believe the Red Hat 5 servers are authenticating through the 32 bit machine as the version of samba on those machines will not connect to the windows 2008 server. I am wondering if that is why the Red Hat 5 servers are getting the lower uid and gid and the Red Hat 6 machine might be authenticating through the 64 bit machines and getting the higher uid and gid.

Any help would be greatly appreciated!
 
Old 10-14-2012, 10:32 PM   #6
Stannley
Member
 
Registered: Jul 2010
Posts: 35

Original Poster
Rep: Reputation: 0
I have now fixed this issue. The solution was to following the instructions in this document: http://www.redhat.com/rhecm/rest-rhe...h:resourceFile

I did make a small change - I changed the idmap range to be 10000-19999

I believe the reason that this change did not for me previously was due to the settings being cached - one of the steps in the above document was to delete the cache and then re join the domain.

Thanks to suicidaleggroll for all your help.
 
  


Reply

Tags
active directory, mapping, nfs, red hat, winbind


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Running Vhosts Under Separate UIDs/GIDs With Apache2 mpm-itk On Ubuntu 9.04 LXer Syndicated Linux News 0 06-10-2009 08:10 PM
LXer: Running Vhosts Under Separate UIDs/GIDs With Apache2 mpm-peruser On Debian Etch LXer Syndicated Linux News 0 08-24-2008 01:10 PM
LXer: Running Vhosts Under Separate UIDs/GIDs With Apache2 mpm-itk On Debian Etch LXer Syndicated Linux News 0 08-15-2008 05:00 PM
LXer: Changing UIDs and GIDs without harming your server LXer Syndicated Linux News 0 03-07-2008 06:10 PM
samba - map winbind users to nis uids and gids bkurnik Linux - Networking 0 09-20-2004 06:47 AM


All times are GMT -5. The time now is 10:52 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration