LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

June 2015

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS June 2015

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: nfsv4 and rpcidmapd
From:	Orion Poplawski <[log in to unmask]>
Reply To:	Orion Poplawski <[log in to unmask]>
Date:	Tue, 30 Jun 2015 14:47:15 -0600
Content-Type:	text/plain
Parts/Attachments:	text/plain (77 lines)

On 06/30/2015 02:39 PM, Eve V. E. Kovacs wrote:
> Yes, kereberos is used for password authentication; account information is
> supplied by our ldap server. Passwords are not served via ldap.
> Eve
> 

Perhaps something in that configuration is forcing the full domain to get
sent.  Not sure.  idmap issues always give me headaches.

> On Tue, 30 Jun 2015, Orion Poplawski wrote:
> 
>> Date: Tue, 30 Jun 2015 15:30:41 -0500
>> From: Orion Poplawski <[log in to unmask]>
>> To: Eve V. E. Kovacs <[log in to unmask]>, [log in to unmask]
>> Subject: Re: nfsv4 and rpcidmapd
>>
>> On 06/30/2015 01:46 PM, Eve V. E. Kovacs wrote:
>>> We have an SL6 nfsv4 file server and a number of SL6 clients.
>>> We were careful to configure idmapd.conf on both the clients and the server to
>>> have the same domain name as follows:
>>>
>>> # The following should be set to the local NFSv4 domain name
>>> # The default is the host's DNS domain name.
>>> #Domain = local.domain.edu
>>> Domain = localdomain
>>>
>>> All of this worked until recently.
>>>
>>> Now, when I try to change the ownership of my file 'test' on one of the
>>> clients, I get an error:
>>> chown: changing ownership of test : Invalid argument
>>>
>>> On the server, I see errors in the log file:
>>>  rpc.idmapd[6092]: nss_getpwnam: name [log in to unmask] does not map into
>>> domain 'localdomain'
>>>
>>> This problem has various solutions posted on the internet. Some solutions
>>> claim that all that is required is to have the same domain name on the client
>>> and server. We already have this, but still have a problem. Another solution
>>> suggests changing the local NFSv4 domain name to match the DNS domain name
>>> (which looks promising, given the error message above).
>>>
>>> Has anyone else had this problem and/or know the fix?
>>
>> I would definitely recommend using the real domain name, but it does seem like
>> the client is sending the "hep.anl.gov" domain name rather than "localdomain",
>> and I'm not sure why that would be if it is configured as you described.
>> Either way *should* work.  Is kerberos involved at all?
>>
>>
>> -- 
>> Orion Poplawski
>> Technical Manager                     303-415-9701 x222
>> NWRA, Boulder/CoRA Office             FAX: 303-415-9702
>> 3380 Mitchell Lane                       [log in to unmask]
>> Boulder, CO 80301                   http://www.nwra.com
>>
> 
> ***************************************************************
> Eve Kovacs
> Argonne National Laboratory,
> Room L-177, Bldg. 360, HEP
> 9700 S. Cass Ave.
> Argonne, IL 60439 USA
> Phone: (630)-252-6208
> Fax:   (630)-252-5047
> email: [log in to unmask]
> ***************************************************************


-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       [log in to unmask]
Boulder, CO 80301                   http://www.nwra.com

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV