NFS v4 id mapping

  • I have issue where I tried map tomcat:tomcat NFS share and can't make it work.
    From web UI I can't set user with specific uid and gid. I created user from shell.
    I set /etc/idmapd.conf with mydomain.org and even tried expire cache, but nothing helps it mounting as nobody:nobody
    Also tried anonuid=91,anongid=91 and it didn't worked either.
    If I am trying change permission on client getting error.
    I am using ldap on the system as authentication.


    kernel: NFS: v4 server myhost.mydomain.org does not accept raw uid/gids. Reenabling the idmapper.



    Code
    /export/WebAppData00 10.10.0.0/21(rw,no_root_squash,no_subtree_check,crossmnt,fsid=0)
    # NFSv4 - pseudo filesystem root
    /export 10.10.0.0/21(ro,fsid=0,root_squash,no_subtree_check,hide)
  • OK finally after 4.5 days poking around. Issue has being resolved.



    Problem is on NFS client which RHEL 7.0 can't see mapped user name and group.
    Resolution: Correct nfs option line to use like this and the trick clear cache on client, because NFSv4 will cache the mount params.


    Code
    'subtree_check,secure,no_root_squash,anonuid=UID,anongid=GID,fsid=0'


    Will be nice to have in Web UI ability specify if it is local user or ldap and UID with GID for new user.


    Here how I mounted on NFS with specific UID and GUI
    1. Add local user from shell
    useradd -M -s /usr/bin/nologin -u 91 tomcat
    2. Correct GUI make sure it match UID
    groupadd tomcat
    groupmod -g 91 tomcat
    usermod -g tomcat tomcat
    usermod -g users tomcat
    Check user group membership
    groups tomcat
    tomcat : tomcat users
    3. Enable ID mapper for NFS4
    /etc/default/nfs-common
    NEED_IDMAPD=yes
    4. Modify /etc/idmapd.conf set proper local domain don't use localdomain it will not work check you /etc/hosts.
    5. Go to Web interface create NFS share make sure speicy in option UID and GUI.
    6. Set permission in Web interface. Where ACL option select tomcat and group tomcat.
    7. Save apply.
    8. Got to client and create mount directory with mount options like this for NFS4.
    mount -v -t nfs4 -o soft,intr,rsize=8192,wsize=8192,proto=tcp myhostname.mydomainame.org:/ /MountFolder
    9. Then do ls -la and permission should show up under mounted directory. If not then clear cache on client as command in red.



    Clear cache on nfs client


    nfsidmap -c

  • I also had problem on the client (OpenSuse 12.3). In case it helps someone else, OpenSuse does not enable nfs client services by default. It was confusing, however, because the mount command still worked but everything was nobody:nobody. After enabling nfs client service daemons, everything worked.


    To facilitate NFS usage, it would be nice if the OpenMediaVault web GUI had the following:


    1. Ability to set/change users' UID and GID (especially to help with nfs3 users)


    2. Ability to set options and domain override in idmapd.conf


    Without this, it is difficult to configure nfs usage completely through the GUI.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!