Re: NFS+krb5 ID mapping always maps to nobody

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Malte Zacharias <kernel-ml-alias@asenwelt.de>
To: linux-nfs@vger.kernel.org
Subject: Re: NFS+krb5 ID mapping always maps to nobody
Date: Mon, 27 Sep 2010 19:50:53 +0200	[thread overview]
Message-ID: <4CA0D97D.5080904@asenwelt.de> (raw)
In-Reply-To: <20100927171227.GA12033@fieldses.org>


> If you're using kerberos then it's the kerberos principal name->uid
> mapping that matters here.
> 
> So:
> 
>> [...]
>
> who did you kinit as before doing this?  (What does klist say?)

I kinit'ed as nfstest01@TADPOLE (my domain is .local, while the realm is
TADPOLE, can this be a cause of the problem?)

I repeated the same test with rpc.idmapd configured to use domain
TADPOLE, results where the same. Unfortunately I found no log mentioning
the principal used.

===============================================
nfstest01@desktop:/mnt/nfs$ klist
Ticket cache: FILE:/tmp/krb5cc_4321_CWpZhW
Default principal: nfstest01@TADPOLE

Valid starting     Expires            Service principal
09/27/10 19:42:07  09/28/10 19:42:07  krbtgt/TADPOLE@TADPOLE
	renew until 09/27/10 19:42:07
nfstest01@desktop:/mnt/nfs$ ls -l
total 8
drwxrwxrwx 2 root      root      4096 2010-07-04 16:00 heap
drwxr-x--- 2 nfstest01 nfstest01 4096 2010-09-25 22:34 nfstest01
nfstest01@desktop:/mnt/nfs$ touch heap/test
nfstest01@desktop:/mnt/nfs$ touch nfstest01/test
touch: cannot touch `nfstest01/test': Permission denied
nfstest01@desktop:/mnt/nfs$ klist
Ticket cache: FILE:/tmp/krb5cc_4321_CWpZhW
Default principal: nfstest01@TADPOLE

Valid starting     Expires            Service principal
09/27/10 19:42:07  09/28/10 19:42:07  krbtgt/TADPOLE@TADPOLE
	renew until 09/27/10 19:42:07
09/27/10 19:42:25  09/28/10 19:42:07  nfs/iris.local@TADPOLE
	renew until 09/27/10 19:42:07
===============================================


I verified that the user nfstest01 exists on both systems in the
respective /etc/passwd files.

Best Regards
Malte Zacharias

     prev parent reply	other threads:[~2010-09-27 17:50 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-09-25 22:07 NFS+krb5 ID mapping always maps to nobody Malte Zacharias
2010-09-27 17:12 ` J. Bruce Fields
2010-09-27 17:50   ` Malte Zacharias [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4CA0D97D.5080904@asenwelt.de \
    --to=kernel-ml-alias@asenwelt.de \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.