[Bug 829312] Re: NFS group mapping faulty

Steve Langasek steve.langasek at canonical.com
Mon Aug 29 17:12:53 UTC 2011 

Thanks for following up; closing the report as invalid.

> I don't know wether I will be setting up GSSAPI, since that is to my
> knowledge dependent on Kerberos and I have never heard anything but
> complaints about that from anyone.

I don't know about that; Kerberos is a mature single-sign-on solution
that's widely deployed.  The biggest problem with GSSAPI auth for NFS is
that it's nearly impossible to debug when things go wrong, owing to the
incredibly opaque error messages from nfs-utils itself.

** Changed in: nfs-utils (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/829312

Title:
  NFS group mapping faulty

Status in “nfs-utils” package in Ubuntu:
  Invalid

Bug description:
  I have the following setup:

  1 server running latest CentOS 5, exporting filesystems via NFSv4:
  /etc/exports:

  /exports 172.16.1.0/24(ro,insecure,sync,wdelay,no_subtree_check,crossmnt,all_squash,fsid=0)
  ...
  /exports/video \
          phosphorus.lair(rw,insecure,sync,wdelay,subtree_check,root_squash,mp=/exports/video,fsid=2) \
          salamander.lair(rw,insecure,sync,wdelay,subtree_check,root_squash,mp=/exports/video,fsid=12)
  ...

  1 client running latest Fedora 14, mounting filesystem via autofs
  1 client running latest Ubuntu 11.04, mounting filesystem via autofs

  On all three machines there are two users named scizzo (UID = 1023)
  and mahajivana (UID = 1042), who are both members of the group
  madhouse (GID = 4223). So since this is NFSv4 _and_ UIDs and GIDs are
  consistent on all machines, ID mapping should be a very easy task and
  NFS should work even without ID mapping.

  idmapd.conf on all three machines contains the same domain "Domain =
  lair".

  On the nfs mounts are files and folders owned by one of these users,
  but always owned by their shared group, which are (read- &) writeable
  by that group, one example:

  drwsrwsr-x 19 mahajivana   madhouse 4.0K Aug 15 17:38 video/

  Observed behaviour:

  The F14 client can access the NFS shares and each user is able to
  access (read & write) areas on the NFS shares that are writeable for
  their shared group, but not for the users themself.

  The U11.04 client can access the NFS shares, but they are limited to
  files and folders they own, any rights (read + write) they should gain
  through group membership are ineffective.

  I'll attach two files named nfs-success.txt and nfs-fail.txt; nfs-
  success.txt shows example commands that I ran on the the F14 client as
  well as corresponding logging information from the client and the
  server, nfs-fail.txt show the same example commands on the U11.04
  client and corresponding logs from the client and server. I hope this
  helps, if not tell me which verbosity to increase and which commands
  to run.

  Expected behaviour:

  The U11.04 client should behave like the F14 client.

  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: nfs-kernel-server (not installed)
  ProcVersionSignature: Ubuntu 2.6.38-10.46-generic 2.6.38.7
  Uname: Linux 2.6.38-10-generic x86_64
  Architecture: amd64
  Date: Fri Aug 19 11:38:52 2011
  ProcEnviron:
   LANGUAGE=en_GB:en
   PATH=(custom, user)
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  SourcePackage: nfs-utils
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/829312/+subscriptions

More information about the foundations-bugs mailing list