Hi Brian, I'm sorry it took so long to reply to you, but you haven't been forgotten! I've set up kerberos using freeipa on my own test system but I haven't been able to reproduce the bug you're seeing. I had it working by using my kerberos domain set in /etc/idmap.conf and I saw the new domain go over the wire when I changed it in idmap.conf. Do I need to do anything more to mimic your setup? - Bryan On 07/18/2013 08:41 PM, Brian De Wolf wrote: > Hello, > > Found another problem related to idmapping, I think. One of our users > reported chgrp had stopped working (under 3.4.44, coming from 3.2.11). > I reproduced it under krb5i (I can send the cap if necessary). The > SETATTR call is failing because it is not using the domain as set in > idmapd.conf, but the domain of the host instead. > > So, for example, our domain is csupomona.edu. Trying to run "chgrp > csupomona testfile" should set the group to csupomona@xxxxxxxxxxxxx, > but the NFS layer is sending csupomona@xxxxxxxxxxxxxxxxx (the subdomain > of the host). > > The idmapper seems to know what's going on, as the -vvv output produces: > > nfsidmap[3598]: key: 0x3df841e type: group value: 17730 timeout 600 > nfsidmap[3598]: libnfsidmap: using domain: csupomona.edu > nfsidmap[3598]: libnfsidmap: loaded plugin /usr/lib64/libnfsidmap/nsswitch.so for method nsswitch > > Am I missing some simple host configuration or is this a deeper issue? > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
