nfsv4 username format issue

General support questions
xq10907
Posts: 23
Joined: 2017/08/08 03:33:41

nfsv4 username format issue

Postby xq10907 » 2018/04/10 09:20:59

Hi centoers, i configured a nfsv4 server on centos7.4,then mount its nfs4 dir from a ubuntu16,create some files on mounted dir their owner showed as nobody
there is redundant domain name in username format via /var/log/messages see below

Code: Select all

Apr 10 01:39:38 ark-centos7-ker rpc.idmapd[659]: Server : (user) id "1712439536" -> name "qa1@qa.arkivio.com@qa.arkivio.com"


here is sssd.conf i used in nfsv4 server,it joined domain with ssssd,realm
[sssd]
#working on centos7 2016-12-14,integrated netapp sssd.conf contents
#it's valid since 2018-3-4
config_file_version = 2
#services = nss, pam, pac, ssh, ifp
services = nss, pam, sudo
#domains = QA
domains = qa.arkivio.com
#debug_level = 0 - Set this to troubleshoot; 0-10 are valid values
#debug_level = 0
debug_level = 9
#ldap_sasl_authid = host/ark-centos-smb4.qa.arkivio.com@QA.ARKIVIO.COM
#following added on 20180312 to make nfs4_sefacl WORKING
default_domain_suffix = qa.arkivio.com

[nss]
#filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
filter_groups = root
filter_users = root
reconnection_retries = 3

[pam]
reconnection_retries = 3

[domain/qa.arkivio.com]
#ad_domain = qa.arkivio.com
#krb5_realm = QA.ARKIVIO.COM
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
#krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u@%d
access_provider = ad
#following added on 20180315
auth_provider = ad



ubuntu16 is joined with winbind,net ads join command
here is its smb.conf
[global]
workgroup = QA
kerberos method = secrets and keytab
security = ADS
realm = QA.ARKIVIO.COM
encrypt passwords = yes
log file = /var/log/samba/%m.log
log level = 4
netbios name = UBUNTUB
idmap config *:backend = rid
idmap config *:range = 5000-100000

allow trusted domains = yes
winbind trusted domains only = no
winbind use default domain = no
#winbind enum users  = yes
winbind enum groups = yes
winbind refresh tickets = yes

template shell = /bin/bash


i believe nfsv4 should use userformat as qa1@qa.arkivio.com rather than qa1@qa.arkivio.com@qa.arkivio.com,any idea what is missing here?
thanks

hunter86_bg
Posts: 1037
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: nfsv4 username format issue

Postby hunter86_bg » 2018/04/12 04:03:58

Have you tried with (samba):

Code: Select all

winbind use default domain = yes

Another opition could be (sssd.conf):

Code: Select all

[domain/qa.arkivio.com]
use_fully_qualified_names = False

xq10907
Posts: 23
Joined: 2017/08/08 03:33:41

Re: nfsv4 username format issue

Postby xq10907 » 2018/04/13 09:24:56

Thanks MAGIC hunter86_bg!!

After setting

Code: Select all

use_fully_qualified_names = False
in my nfs4 server sssd.conf,nobody ownership disappeared which has blocked me several days...
i can not find other word to express my appreciation