Hello all,

It is my first post here. I have question regarding the NFS plus automount home directory - permission

scenario :

1) I can mount the /ldaphome/ldapuser from nfs server to client - has rw permissions

2) Automount is working as expected.

3) Server shows right permission for the files and folder

4) Authentication with ldap server setup

5) However, the permission of the files in client server CANNOT change and displays as xxxxx number.

server -

[root@server /]# id ldapuser
uid=500(ldapuser) gid=100(users) groups=100(users)
[root@server /]# grep ldapuser /etc/passwd | awk -F: '{print $6}'
/ldaphome/ldapuser

root@server /]# cat /etc/exports
/ldaphome 192.168.1.100(rw,no_root_squash,sync)
[root@server /]# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.1 server.example.com server
[root@server /]# /etc/init.d/rpcidmapd status
rpc.idmapd (pid 1094) is running...
Client
------
[ldapuser@client ~]$ grep ldapuser /etc/passwd
[ldapuser@client ~]$ id ldapuser
uid=500(ldapuser) gid=100(users) groups=100(users)
[ldapuser@client ~]$ ll file
-rw-r--r-- 1 4294967294 4294967294 0 Apr 21 10:03 file
[ldapuser@client ~]$ ll file
-rw-r--r-- 1 4294967294 4294967294 0 Apr 21 10:03 file
[ldapuser@client ~]$ chown ldapuser:users file
chown: changing ownership of `file': Invalid argument

Both client and server are centOS 6.2 version.

Did I any missed key information here? Comments are appreciated.

Thanks

On client side I was started the "rpcidmap" services, now it shows as nobody user instead on random number.

[ldapuser@client ~]$ ll file
-rw-r--r-- 1 nobody nobody 0 Apr 21 10:03 file

But still how do I map the real username and group to the cliet side ?

I've run into this recently. Looks like you're running NFS version 4, which has additional security protocols and requires access map goodies to make it work (I've been meaning to look into the details, but have not had the chance; unfortunately, I've never been able to get idmapd working quite correctly). Try using NFS version 3 and see if that clears up the issue. To do so, you must add nfsvers=3 to the options in your automount configuration file to force version 3 (also be sure portmapper is running on both client and server). The big downside is that NFSv3 is quite a bit less secure than version 4 in terms of ID mapping. However, for a small network with only trusted clients it works well for me (which, I guess, is why I've never looked at all the bits and pieces necessary to get v4 working). YMMV.

Thank you for your quick reply - btmiller. I have solved this with single user and group by placing these values in mapping section for both server and client's idmapd.conf file. Now I am looking for bigger picture for multiple users.