Bug 730160
Summary: | rpc.idmapd: name does not map into domain | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Dimitri Maziuk <dmaziuk> |
Component: | nfs-utils | Assignee: | Steve Dickson <steved> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | yanfu,wang <yanwang> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.3 | CC: | bfields, sadekok, tom |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-03-08 17:05:38 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dimitri Maziuk
2011-08-12 00:04:38 UTC
Question, what is the Method variable set to in the [Translation] section of /etc/idmapd.conf. The default is nsswitch which means uids and gids will be looked up in /etc/password and /etc/groups. To have rpc.idmapd do LDAP lookups set to Method=umich_ldap It is the default. LDAP is the reason I used "ls -n" instead of "ls -l", it has nothing to do with idmapd.conf. (In reply to comment #3) > It is the default. LDAP is the reason I used "ls -n" instead of "ls -l", it has > nothing to do with idmapd.conf. Ok.. Could you please set Verbosity = 3 in the [General] section of the /etc/idmapd.conf file and then restart the rpc.idmapd daemon with 'service rpcidmapd restart" command. Then using the dmesg command, please post or attach the debug logs from rpc.idmapd. root@squid log]# service rpcidmapd restart Stopping RPC idmapd: [ OK ] Starting RPC idmapd: rpc.idmapd: libnfsidmap: using (default) domain: bmrb.wisc.edu rpc.idmapd: libnfsidmap: loaded plugin /usr/lib64/libnfsidmap/nsswitch.so for method nsswitch [ OK ] [root@squid log]# mount koi-internal:/vol/cvs/software /mnt [root@squid log]# ls -n /mnt/ total 976 drwxrwxr-x 8 99 99 4096 Nov 4 2002 adit-nmr drwxrwxr-x 28 99 99 4096 Dec 22 2005 adit-nmr-prog ... ----------------------- /var/log/messages: ------------------------ Aug 17 13:35:12 squid rpc.idmapd[6768]: libnfsidmap: using (default) domain: bmrb.wisc.edu Aug 17 13:35:12 squid rpc.idmapd[6768]: libnfsidmap: loaded plugin /usr/lib64/libnfsidmap/nsswitch.so for method nsswitch Aug 17 13:35:12 squid rpc.idmapd[6769]: Expiration time is 600 seconds. Aug 17 13:35:12 squid rpc.idmapd[6769]: Opened /proc/net/rpc/nfs4.nametoid/channel Aug 17 13:35:12 squid rpc.idmapd[6769]: Opened /proc/net/rpc/nfs4.idtoname/channel Aug 17 13:35:24 squid rpc.idmapd[6769]: New client: d Aug 17 13:35:24 squid rpc.idmapd[6769]: Opened /var/lib/nfs/rpc_pipefs//nfs/clntd/idmap Aug 17 13:35:24 squid rpc.idmapd[6769]: New client: e Aug 17 13:35:24 squid rpc.idmapd[6769]: nss_getpwnam: name 'root' does not map into domain 'bmrb.wisc.edu' Aug 17 13:35:24 squid rpc.idmapd[6769]: Client d: (user) name "root" -> id "99" Aug 17 13:35:24 squid rpc.idmapd[6769]: Client d: (group) name "nobody" -> id "99" Aug 17 13:35:24 squid rpc.idmapd[6769]: New client: f Aug 17 13:35:24 squid rpc.idmapd[6769]: nss_getpwnam: name 'nobody' does not map into domain 'bmrb.wisc.edu' Aug 17 13:35:24 squid rpc.idmapd[6769]: Client d: (user) name "nobody" -> id "99" Aug 17 13:35:24 squid rpc.idmapd[6769]: Stale client: e Aug 17 13:35:24 squid rpc.idmapd[6769]: #011-> closed /var/lib/nfs/rpc_pipefs//nfs/clnte/idmap ----------------------- Furthermore, I took a closer look at netapp config and added options nfs.v4.id.domain bmrb.wisc.edu That got rid of the "root" lookup, here's the log: ----------------------- Aug 17 13:42:31 squid rpc.idmapd[6769]: New client: 19 Aug 17 13:42:31 squid rpc.idmapd[6769]: Client 18: (user) name "root.edu" -> id "0" Aug 17 13:42:31 squid rpc.idmapd[6769]: Client 18: (group) name "nobody" -> id "99" Aug 17 13:42:31 squid rpc.idmapd[6769]: New client: 1a Aug 17 13:42:31 squid rpc.idmapd[6769]: nss_getpwnam: name 'nobody' does not map into domain 'bmrb.wisc.edu' Aug 17 13:42:31 squid rpc.idmapd[6769]: Client 18: (user) name "nobody" -> id "99" Aug 17 13:42:31 squid rpc.idmapd[6769]: Stale client: 19 Aug 17 13:42:31 squid rpc.idmapd[6769]: #011-> closed /var/lib/nfs/rpc_pipefs//nfs/clnt19/idmap (In reply to comment #6) > ----------------------- > /var/log/messages: > ------------------------ > > Aug 17 13:35:12 squid rpc.idmapd[6768]: libnfsidmap: using (default) domain: > bmrb.wisc.edu > > Aug 17 13:35:24 squid rpc.idmapd[6769]: nss_getpwnam: name 'root' > does not map into domain 'bmrb.wisc.edu' > > Aug 17 13:35:24 squid rpc.idmapd[6769]: nss_getpwnam: name 'nobody' does not > map into domain 'bmrb.wisc.edu' The problem is the client and server are in different DNS domians. Added a "Domain = netapp.com" in the /etc/idmapd.conf on the client. This should fix the problem. > > > ----------------------- > Furthermore, I took a closer look at netapp config and added > options nfs.v4.id.domain bmrb.wisc.edu > > That got rid of the "root" lookup, here's the log: > ----------------------- > > Aug 17 13:42:31 squid rpc.idmapd[6769]: nss_getpwnam: name 'nobody' does not > map into domain 'bmrb.wisc.edu' > Aug 17 13:42:31 squid rpc.idmapd[6769]: Client 18: (user) name "nobody" -> id > "99" > Actually you probably want to back this change out so you do get the @netapp.com domain part. (In reply to comment #8) > The problem is the client and server are in different DNS domians. > Added a "Domain = netapp.com" in the /etc/idmapd.conf on the client. > This should fix the problem. I think you misunderstand. NetApp is one of the top storage hardware companies, I don't own it nor their DNS domain. We at bmrb.wisc.edu *use* one of their filers. (I should think if it was in a different dns domain from our entire university, maybe we'd have noticed an nfs problem long ago already.) I think it's pretty clear from #6 that NetApp's ONTAP 7.3.6 software is incorrectly sending "netapp.com" by default instead of its DNS domain for nfsv4 id. The problem with idmapd, though, is that it quietly mounts the filesystem with unusable ownership and permissions. It should either fail to mount or fall back on v3 which has worked properly ever since we got that NetApp. Whether that can be fixed, or has to be left alone and called a "feature", is another question. (In reply to comment #9) > (In reply to comment #8) > > > The problem is the client and server are in different DNS domians. > > Added a "Domain = netapp.com" in the /etc/idmapd.conf on the client. > > This should fix the problem. > > I think you misunderstand. NetApp is one of the top storage hardware companies, > I don't own it nor their DNS domain. We at bmrb.wisc.edu *use* one of their > filers. (I should think if it was in a different dns domain from our entire > university, maybe we'd have noticed an nfs problem long ago already.) > > I think it's pretty clear from #6 that NetApp's ONTAP 7.3.6 software is > incorrectly sending "netapp.com" by default instead of its DNS domain for nfsv4 > id. Understood... but if added the "Domain = netapp.com" string to the /etc/idmapd.conf file, are the ids mapped properly? > > The problem with idmapd, though, is that it quietly mounts the filesystem with > unusable ownership and permissions. It should either fail to mount or fall back > on v3 which has worked properly ever since we got that NetApp. Whether that can > be fixed, or has to be left alone and called a "feature", is another question. Newer filers (ONTAP 8.3 I believe) and RHEL6.3 clients will support a notion of unmapped ids. Where the client will actually send the ASCII numeric string of the id (aka "3606") instead of the "user@domain" string. We are hoping this will help with the pain you are experiencing.... (In reply to comment #10) > Understood... but if added the "Domain = netapp.com" string to the > /etc/idmapd.conf file, are the ids mapped properly? I didn't try because once the verbose logs pointed me in the right direction, I found "options nfs.v4.id.domain" in netapp config and fixed it that way. > Newer filers (ONTAP 8.3 I believe) and RHEL6.3 clients will support a notion of > unmapped ids. Where the client will actually send the ASCII numeric string of > the id (aka "3606") instead of the "user@domain" string. We are hoping this > will help with the pain you are experiencing.... The real pain is that 8.x series s/w is not available for low-end filers and we have one of those. Personally I'm hoping ceph and btrfs soon let me forget everything I ever knew about netapp and nfs v4 both. ;) |