Nfs4 idmapping: new kernel sends numeric

Nfs4 idmapping: new kernel sends numeric

[Spelic]

Hi all
we have an ubuntu 10.04 NFS4 client and an ubuntu 13.04 NFS4 server. LDAP.
The serverside filesystem sees perfect UID/GIDs for files, but sends 
numeric ones to client side. Client side then maps to nobody/nogroup. Or 
this is what it seems

This is a packet from server to client due to an "ls -l"

0000  00 25 64 fc 69 c6 52 54  00 15 36 aa 08 00 45 00   .%d.i.RT ..6...E.
0010  00 f4 68 22 40 00 40 06  42 39 c0 a8 07 30 c0 a8   ..h"@.@. B9...0..
0020  07 28 08 01 03 58 8c 62  27 4e 16 ac d1 51 80 18   .(...X.b 'N...Q..
0030  00 bd 90 8f 00 00 01 01  08 0a 1c c8 49 28 05 6c   ........ ....I(.l
0040  11 d3 80 00 00 bc 62 a6  2a c7 00 00 00 01 00 00   ......b. *.......
0050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
0060  00 00 00 00 00 00 00 00  00 02 00 00 00 16 00 00   ........ ........
0070  00 00 00 00 00 09 00 00  00 00 00 00 00 02 00 10   ........ ........
0080  01 1a 00 30 a2 3a 00 00  00 78 00 00 00 01 51 ee   ...0.:.. .x....Q.
0090  5a 4f 27 aa 8d 2b 00 00  00 00 49 3e 00 00 45 91   ZO'..+.. ..I>..E.
00a0  00 63 f4 8c 43 f5 b7 45  af ac 40 80 06 ce 00 00   .c..C..E ..@.....
00b0  00 00 01 c0 00 02 00 00  01 a4 00 00 00 01 00 00   ........ ........
00c0  00 04 31 30 33 37 00 00  00 02 32 30 00 00 00 00   ..1037.. ..20....
00d0  00 00 00 00 00 00 00 00  00 00 49 3e 10 00 00 00   ........ ..I>....
00e0  00 00 51 ee 5a 3d 11 04  0b e0 00 00 00 00 51 ee   ..Q.Z=.. ......Q.
00f0  5a 4f 27 aa 8d 2b 00 00  00 00 51 ee 5a 4f 27 aa   ZO'..+.. ..Q.ZO'.
0100  8d 2b .+


The 1037 and 20 you see are the numeric uid and gid being sent to client 
side for one file, but I suspect client side wants usernames and 
groupnames as strings, not as numbers. So remaps to nobody.

Curiously when clientside creates a file I don't see numeric uid or 
string usernames passing at all, but the filesystem at serverside has 
correct uid/gid for the file being created so somehow they are passed. I 
don't really know how to read the NFS4 packets...

Is it an /etc/request-key.conf  problem? I just installed keyutils but 
doesn't appear to help.

This is idmapd.conf on both sides
============================
[General]

Verbosity = 10
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if id differs from FQDN minus hostname
Domain = localdomain

[Mapping]

Nobody-User = nobody
Nobody-Group = nogroup

[Translation]

Method = nsswitch
============================

Thanks for any help

Re: Nfs4 idmapping: new kernel sends numeric

[J. Bruce Fields]

On Fri, Jul 26, 2013 at 01:13:03AM +0200, Spelic wrote:
> Hi all
> we have an ubuntu 10.04 NFS4 client and an ubuntu 13.04 NFS4 server. LDAP.
> The serverside filesystem sees perfect UID/GIDs for files, but sends
> numeric ones to client side. Client side then maps to
> nobody/nogroup. Or this is what it seems

The client *should* be able to map those id's.  I think this might be a
bug in older idmapd?

You can work around this by turning off the new server behavior by
setting the nfsd.nfs4_disable_idmapping module parameter to 0.

--b.

> 
> This is a packet from server to client due to an "ls -l"
> 
> 0000  00 25 64 fc 69 c6 52 54  00 15 36 aa 08 00 45 00   .%d.i.RT ..6...E.
> 0010  00 f4 68 22 40 00 40 06  42 39 c0 a8 07 30 c0 a8   ..h"@.@. B9...0..
> 0020  07 28 08 01 03 58 8c 62  27 4e 16 ac d1 51 80 18   .(...X.b 'N...Q..
> 0030  00 bd 90 8f 00 00 01 01  08 0a 1c c8 49 28 05 6c   ........ ....I(.l
> 0040  11 d3 80 00 00 bc 62 a6  2a c7 00 00 00 01 00 00   ......b. *.......
> 0050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00   ........ ........
> 0060  00 00 00 00 00 00 00 00  00 02 00 00 00 16 00 00   ........ ........
> 0070  00 00 00 00 00 09 00 00  00 00 00 00 00 02 00 10   ........ ........
> 0080  01 1a 00 30 a2 3a 00 00  00 78 00 00 00 01 51 ee   ...0.:.. .x....Q.
> 0090  5a 4f 27 aa 8d 2b 00 00  00 00 49 3e 00 00 45 91   ZO'..+.. ..I>..E.
> 00a0  00 63 f4 8c 43 f5 b7 45  af ac 40 80 06 ce 00 00   .c..C..E ..@.....
> 00b0  00 00 01 c0 00 02 00 00  01 a4 00 00 00 01 00 00   ........ ........
> 00c0  00 04 31 30 33 37 00 00  00 02 32 30 00 00 00 00   ..1037.. ..20....
> 00d0  00 00 00 00 00 00 00 00  00 00 49 3e 10 00 00 00   ........ ..I>....
> 00e0  00 00 51 ee 5a 3d 11 04  0b e0 00 00 00 00 51 ee   ..Q.Z=.. ......Q.
> 00f0  5a 4f 27 aa 8d 2b 00 00  00 00 51 ee 5a 4f 27 aa   ZO'..+.. ..Q.ZO'.
> 0100  8d 2b .+
> 
> 
> The 1037 and 20 you see are the numeric uid and gid being sent to
> client side for one file, but I suspect client side wants usernames
> and groupnames as strings, not as numbers. So remaps to nobody.
> 
> Curiously when clientside creates a file I don't see numeric uid or
> string usernames passing at all, but the filesystem at serverside
> has correct uid/gid for the file being created so somehow they are
> passed. I don't really know how to read the NFS4 packets...
> 
> Is it an /etc/request-key.conf  problem? I just installed keyutils
> but doesn't appear to help.
> 
> This is idmapd.conf on both sides
> ============================
> [General]
> 
> Verbosity = 10
> Pipefs-Directory = /run/rpc_pipefs
> # set your own domain here, if id differs from FQDN minus hostname
> Domain = localdomain
> 
> [Mapping]
> 
> Nobody-User = nobody
> Nobody-Group = nogroup
> 
> [Translation]
> 
> Method = nsswitch
> ============================
> 
> Thanks for any help
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Nfs4 idmapping: new kernel sends numeric

[Spelic]

On 26/07/2013 17:41, J. Bruce Fields wrote:
> You can work around this by turning off the new server behavior by 
> setting the nfsd.nfs4_disable_idmapping module parameter to 0. --b.
>

Thanks Bruce, it works great!