|
Export file permission using NFS
Hello all,
It is my first post here. I have question regarding the NFS plus automount home directory - permission scenario : 1) I can mount the /ldaphome/ldapuser from nfs server to client - has rw permissions 2) Automount is working as expected. 3) Server shows right permission for the files and folder 4) Authentication with ldap server setup 5) However, the permission of the files in client server CANNOT change and displays as xxxxx number. server - [root@server /]# id ldapuser uid=500(ldapuser) gid=100(users) groups=100(users) [root@server /]# grep ldapuser /etc/passwd | awk -F: '{print $6}' /ldaphome/ldapuser root@server /]# cat /etc/exports /ldaphome 192.168.1.100(rw,no_root_squash,sync) [root@server /]# cat /etc/hosts 127.0.0.1 localhost.localdomain localhost 192.168.1.1 server.example.com server [root@server /]# /etc/init.d/rpcidmapd status rpc.idmapd (pid 1094) is running... Client ------ [ldapuser@client ~]$ grep ldapuser /etc/passwd [ldapuser@client ~]$ id ldapuser uid=500(ldapuser) gid=100(users) groups=100(users) [ldapuser@client ~]$ ll file -rw-r--r-- 1 4294967294 4294967294 0 Apr 21 10:03 file [ldapuser@client ~]$ ll file -rw-r--r-- 1 4294967294 4294967294 0 Apr 21 10:03 file [ldapuser@client ~]$ chown ldapuser:users file chown: changing ownership of `file': Invalid argument Both client and server are centOS 6.2 version. Did I any missed key information here? Comments are appreciated. Thanks |
On client side I was started the "rpcidmap" services, now it shows as nobody user instead on random number.
[ldapuser@client ~]$ ll file -rw-r--r-- 1 nobody nobody 0 Apr 21 10:03 file But still how do I map the real username and group to the cliet side ? |
I've run into this recently. Looks like you're running NFS version 4, which has additional security protocols and requires access map goodies to make it work (I've been meaning to look into the details, but have not had the chance; unfortunately, I've never been able to get idmapd working quite correctly). Try using NFS version 3 and see if that clears up the issue. To do so, you must add nfsvers=3 to the options in your automount configuration file to force version 3 (also be sure portmapper is running on both client and server). The big downside is that NFSv3 is quite a bit less secure than version 4 in terms of ID mapping. However, for a small network with only trusted clients it works well for me (which, I guess, is why I've never looked at all the bits and pieces necessary to get v4 working). YMMV.
|
Thank you for your quick reply - btmiller. I have solved this with single user and group by placing these values in mapping section for both server and client's idmapd.conf file. Now I am looking for bigger picture for multiple users.
|
| All times are GMT -5. The time now is 10:28 AM. |