From: Bryan Schumaker <bjschuma@gmail.com>
To: Brian De Wolf <bldewolf@csupomona.edu>
Cc: Linux NFS list <linux-nfs@vger.kernel.org>
Subject: Re: NFS uses wrong domain in SETATTR
Date: Tue, 06 Aug 2013 16:07:49 -0400 [thread overview]
Message-ID: <52015795.9060003@gmail.com> (raw)
In-Reply-To: <20130718174155.0f189280@csupomona.edu>
Hi Brian,
I'm sorry it took so long to reply to you, but you haven't been forgotten! I've set up kerberos using freeipa on my own test system but I haven't been able to reproduce the bug you're seeing. I had it working by using my kerberos domain set in /etc/idmap.conf and I saw the new domain go over the wire when I changed it in idmap.conf. Do I need to do anything more to mimic your setup?
- Bryan
On 07/18/2013 08:41 PM, Brian De Wolf wrote:
> Hello,
>
> Found another problem related to idmapping, I think. One of our users
> reported chgrp had stopped working (under 3.4.44, coming from 3.2.11).
> I reproduced it under krb5i (I can send the cap if necessary). The
> SETATTR call is failing because it is not using the domain as set in
> idmapd.conf, but the domain of the host instead.
>
> So, for example, our domain is csupomona.edu. Trying to run "chgrp
> csupomona testfile" should set the group to csupomona@csupomona.edu,
> but the NFS layer is sending csupomona@unx.csupomona.edu (the subdomain
> of the host).
>
> The idmapper seems to know what's going on, as the -vvv output produces:
>
> nfsidmap[3598]: key: 0x3df841e type: group value: 17730 timeout 600
> nfsidmap[3598]: libnfsidmap: using domain: csupomona.edu
> nfsidmap[3598]: libnfsidmap: loaded plugin /usr/lib64/libnfsidmap/nsswitch.so for method nsswitch
>
> Am I missing some simple host configuration or is this a deeper issue?
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2013-08-06 20:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-19 0:41 NFS uses wrong domain in SETATTR Brian De Wolf
2013-08-06 20:07 ` Bryan Schumaker [this message]
2013-08-07 2:53 ` Brian De Wolf
2013-08-15 17:25 ` Bryan Schumaker
2013-08-16 1:40 ` Brian De Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52015795.9060003@gmail.com \
--to=bjschuma@gmail.com \
--cc=bldewolf@csupomona.edu \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.