Hi, I upgraded to sssd-13.4 (kernel 4.4.0-31-generic #50-Ubuntu) -.
After upgrade I have problems with nfs4+Kerberos idmaping, using krb localauth snippet and choosing 'sss' method in /etc/idmap.conf; I get (igen!) famous nobody mapping for cross realm users; Mapping of groups is correct, as groups are in the same domain as computers.
I can mount with sec=krb5, get access to my nfs-mounted home directory, get r/w permissions, but listing a file shows wrong owner:
ausr@nat.domain@adm-lnx438:~$ ls -ld . drwxr-xr-x 3 4294967294 lnx-primary@adm.domain 28 Aug 18 2015 SSSD-GIT
ausr@nat.domain --> 4294967294 group@adm.domain --> group
In logfile: Jul 27 14:23:55 adm-lnx438 nfsidmap[22500]: key: 0x26626a54 type: uid value: ausr@nat.domain@adm.domain timeout 600 Jul 27 14:23:55 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: calling sss_nfs->name_to_uid Jul 27 14:23:55 adm-lnx438 nfsidmap[22500]: user ausr@nat.domain@adm.domain not in memcache Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: sss_nfs_name_to_uid: rc=2 msg=No such file or directory Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: sss_nfs->name_to_uid returned -2 Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: final return value is -2 Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: calling sss_nfs->name_to_uid Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: user nobody@adm.domain not in memcache Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: sss_nfs_name_to_uid: rc=2 msg=No such file or directory Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: sss_nfs->name_to_uid returned -2 Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: final return value is -2 Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: key: 0x276b113b type: gid value: lnx-primary@adm.domain timeout 600 Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: nfs4_name_to_gid: calling sss_nfs->name_to_gid Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: found group lnx-primary@adm.domain in memcache Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: sss_nfs_name_to_gid: rc=0 msg=Success Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: nfs4_name_to_gid: sss_nfs->name_to_gid returned 0 Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: nfs4_name_to_gid: final return value is 0
---- getent passwd ausr@nat.domain ausr@nat.domain:*:10002:30000000:Ausr :/home/ausr:/bin/bash
id ausr@nat.domain uid=10002(ausr@nat.domain) gid=30000000(lnx-primary@adm.domain) groups=30000000(lnx-primary@adm.domain),4(adm),24(cdrom),27(sudo),46(plugdev),113(lpadmin),131(lxd),),9002(lnx-xxx-nfs4users2@c.xxx.dk),6666(nfs4users2@nat.domain),30000006(data-adm-lnx-nfs0a-qbl-admin-id-00001@adm.domain),9999(usr-xxx-glu@c.xxx.dk),8888(nfs4users@nat.domain),30000002(lnx-ladm-clients@adm.domain)
Any ideas what could happen?
Best Longina
sssd-users@lists.fedorahosted.org