From: Sven Geggus <lists@fuchsschwanzdomain.de>
To: linux-nfs@vger.kernel.org
Subject: NFS4: ID-mapping Problem with Linux Client and NetApp Server
Date: Wed, 8 Feb 2012 15:49:23 +0100 [thread overview]
Message-ID: <20120208144923.GA16606@geggus.net> (raw)
Hello,
I'm trying to set up a couple of Active-directory integrated Linux machines
using NFS4 volumes on a NetApp Server as storage media.
So far, I'm nearly there, but the final step seems to be missing:
My client (Debian GNU/Linux with nfs-utils 1.2.5) can mount the NetApp
Emulator and Users are managed completely by AD Objects using nslcd.
Now I try to mount the NetApp Emulator vis NFS4 as root:
mount -t nfs4 -o sec=krb5 dataontap-801.<fqdn>:/vol/v_testhome1/testhome1 /mnt/
This also works, however the NetApp is printing some strange warning:
[nfsd.rpc.request.bad:warning]: Client 10.1.7.174 is sending bad rpc requests with error: RPC version mismatch or authentication error(73)
[nfsd.auth.status.bad:warning]: Client 10.1.7.174 has an authentication error 2
This is probably harmless and caused by the local root which does not have a
valid AD account.
After the mount I can successfully browse the volume as user and my machine
is even able to read/write files to/from the server.
However the files are not owned by the correct users. Server is just sending
me invalid stuff.
Here is the owner string I get from the server looking into the packets using
wireshark:
...
recc_attr: FATTR4_OWNER (36)
fattr4_owner: root@<fqdn>
length: 19
contents: root@<fqdn>
fill bytes: opaque data
recc_attr: FATTR4_OWNER_GROUP (37)
fattr4_owner_group: nobody
length: 6
contents: nobody
fill bytes: opaque data
However checking with Windows and SMB these files are not owned by root but
rather by the user which is trying to access the server.
On a Linux machine I would now try to run the server side rpc.idmapd with
verbose options, but unfortunately with NetApp I don't know exactly what to do.
So, any hint what I am missing here?
Client side userid mapping seems to work fine, as I can seen something like
this wehen running rpc.idmapd in verbose mode:
rpc.idmapd: Client 11: (user) name "root@<fqdn>" -> id "0"
rpc.idmapd: Client 11: (group) name "nobody" -> id "65534"
Regards
Sven
--
"A strategy for rewarding artists that regulates 'copies' makes as much sense
in the digital age as a strategy for controlling greenhouse gases that
regulates breathing." (Lawrence Lessig)
/me is giggls@ircnet, http://sven.gegg.us/ on the Web
next reply other threads:[~2012-02-08 15:11 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-08 14:49 Sven Geggus [this message]
2012-02-08 15:33 ` NFS4: ID-mapping Problem with Linux Client and NetApp Server Bryan Schumaker
2012-02-08 16:12 ` Sven Geggus
2012-02-08 18:06 ` Bryan Schumaker
2012-02-09 8:51 ` Sven Geggus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120208144923.GA16606@geggus.net \
--to=lists@fuchsschwanzdomain.de \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox