nss_getpwnam: name '<email address hidden>@XX.XX.EDU' domain 'XX.XX.EDU': resulting localname '(null)'
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libnfsidmap (Debian) |
Fix Released
|
Unknown
|
|||
libnfsidmap (Ubuntu) |
Fix Released
|
Undecided
|
Andreas Hasenack | ||
nfs-utils (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
uid and gid appear to not map properly from nfsidmap in a nfsv4 with sec=krb5. UID and GID are mapping properly on CentOS server and CentOS client. Ubuntu nfs client file permissions are honored, but display in `ls -lan` command are incorrect.
$ cat /var/log/syslog |grep nfsidmap
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: key: 0x24a1c64d type: uid value: <email address hidden>@XX.XX.EDU timeout 600
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling nsswitch-
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name '<email address hidden>@XX.XX.EDU' domain 'XX.XX.EDU': resulting localname '(null)'
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name '<email address hidden>@XX.XX.EDU' does not map into domain 'XX.XX.EDU'
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: nsswitch-
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: final return value is -22
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling nsswitch-
$
$ mount -v -t nfs4 -o sec=krb5 SP19SRV.
$ su userX
$ ls -la /mnt
total 4
drwxr-xr-x 5 nobody 4294967294 50 Feb 28 18:04 .
drwxr-xr-x 24 root root 4096 Mar 7 22:34 ..
drwxr-xr-x 2 nobody 4294967294 125 Mar 8 16:27 userX
$
Problem:
nfsmapid isn't showing proper file permissions on the ubuntu nfsv4 client with sec=krb
Client:
mount -v -t nfs4 -o sec=krb5 SP19SRV.
$ ls -la
total 4
drwxr-xr-x 5 nobody 4294967294 50 Feb 28 18:04 .
drwxr-xr-x 24 root root 4096 Mar 7 20:58 ..
drwxr-xr-x 2 nobody 4294967294 112 Mar 7 14:30 username
<email address hidden>
$ cat /etc/idmapd.conf
[General]
Verbosity = 9
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if it differs from FQDN minus hostname
Domain = XX.XXX.EDU
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
$ cat /etc/default/
STATDOPTS=
# Do you want to start the gssd daemon? It is required for Kerberos mounts.
NEED_GSSD="yes"
NEED_IDMAPD="yes"
# I've tried commenting out NEED_IDMAPD as well.
My nfs server is a Centos 7.
Both machines were joined to active directory with sssd. NFSv4 with krb security works on my centos server and client. The nfs server mount works on the ubuntu client and file permissions are honored. But, the ls -la command is showing the incorrect file permissions.
uid and gid's appear to be in sync from sssd. Note in /etc/sssd/sssd.conf ldap_id_mapping = False though I don't think that should matter since ids are the same on both client and server from the ldap attributes in AD.
Centos 7 servers /var/log/messages with idmapd.conf verbosity:
Mar 8 16:38:32 sp19srv rpc.idmapd[1224]: Server : (group) id "65534" -> name "<email address hidden>"
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=user
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling nsswitch-
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: nsswitch-
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final return value is 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "3872" -> name "<email address hidden>@XX.XX.EDU"
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=group
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: calling nsswitch-
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: nsswitch-
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: final return value is 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (group) id "110" -> name "some group <email address hidden>@XX.XX.EDU"
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=user
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling nsswitch-
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: nsswitch-
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final return value is 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "0" -> name "<email address hidden>"
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=group
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: calling nsswitch-
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: nsswitch-
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: final return value is 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (group) id "0" -> name "<email address hidden>"
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=user
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling nsswitch-
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: nsswitch-
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final return value is 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "1630" -> name "<email address hidden>@XX.XX.EDU"
Please let me know if you need any additional information, thanks,
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: nfs-common 1:1.3.4-2.1ubuntu5
ProcVersionSign
Uname: Linux 4.15.0-46-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Fri Mar 8 17:48:13 2019
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: nfs-utils
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile.
Related branches
- Christian Ehrhardt (community): Approve
- Canonical Server Core Reviewers: Pending requested
-
Diff: 73 lines (+40/-1)4 files modifieddebian/changelog (+7/-0)
debian/control (+2/-1)
debian/patches/03-uid-map-krb5.patch (+30/-0)
debian/patches/series (+1/-0)
- Canonical Server Core Reviewers: Pending requested
- Christian Ehrhardt : Pending requested
-
Diff: 59 lines (+38/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/03-uid-map-krb5.patch (+30/-0)
debian/patches/series (+1/-0)
- Christian Ehrhardt (community): Approve
- Canonical Server Core Reviewers: Pending requested
-
Diff: 59 lines (+38/-0)3 files modifieddebian/changelog (+7/-0)
debian/patches/03-uid-map-krb5.patch (+30/-0)
debian/patches/series (+1/-0)
description: | updated |
description: | updated |
Changed in libnfsidmap (Debian): | |
status: | Unknown → New |
Changed in nfs-utils (Ubuntu): | |
status: | New → Invalid |
Changed in libnfsidmap (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Andreas Hasenack (ahasenack) |
Changed in libnfsidmap (Debian): | |
status: | New → Fix Released |
I was able to find a solution to this issue that will require a patch/update to the libnfsidmap to version 0.26.
Please see reference to another user that experience the issue.
https://<email address hidden> /thread/ SIA6J7IZRWX2FVG HKMS5F3HB7DE3MC FC/
I confirmed after custom compiling and using the newer lib's .so file that the naming convention was normal. One directory timed out when I did a chown but after fixing the file permissions to a user inside AD it seems to be working alright.
Can you please patch libnfsidmap to use version 0.26 to fix this bug? Thanks!