On 22 Sep 2022, at 9:45, Alan Maxwell wrote: > How would the server know what gidNumber to assign if the nfs client sent > a name? I'm not familiar with this server, but I'm guessing if you have it set to "Do not send names", then it also will try not to translate uid/gids it receives. Are you asking a theoretical question? > Is there a method in Redhat to have the nfsclient only send > uidNumbers/gidNumbers? Better to use Red Hat's support for these type of questions because this list is mostly upstream development work, but I believe that's the point of nfs4_disable_idmapping which exists on that kernel. > Doing id mapping or better name , id verification, is expected. We hope > the server would tell us, "client sent name I can't verify or lookup" Right, and that is a signal to the client that the server is not doing the "Do not send names" thing, rather trying to map values, so the client changes its behavior. If you're only sending integer gid values, what does it mean to verify a group id? If you want your server to treat the values as integer gids, then it shouldn't return an error that means "I couldn't translate this into a gid". > The nfsclient sends both a bad name and bad gidNumber, we actually think > that should be the case, even and security=sys , there should be > validation of users and groups. I'm sorry, I don't understand what you trying to say here. Ben
