2012-03-01 08:19 AM
We are attempting to export an NFSv4 share to a Solaris 10 client, but we are seeing our file ownership being set to 'nobody'.
Our Solaris 10 clients are integrated with AD for user lookups and authentication, and the nfs.v4.id_domain is set correctly to match the NFSMAPID_DOMAIN of the Solaris client.
On the filer, these commands fail to return the expected result, I believe due to us not having configured LDAP :
filer> priv set advanced
filer*> options ldap
filer*> getXXbyYY getpwbyname_r c000619
Could not get passwd entry for name = c000619
filer*> getXXbyYY getpwbyname_r c000619@xxxxxxxxxxxxxxxxxx
filer*> getXXbyYY getgrbyname sysadmin
Could not get group entry for name = sysadmin
filer*> getXXbyYY getgrlist c000619
Could not get password entry for name = c000619
Is LDAP configuration a necessity for successful mapping of ID's when using NFSv4 exports ?
Solved! SEE THE SOLUTION
2012-03-01 11:10 AM
Filer must be able to resolve user name to user UID. How exactly it does it (local /etc/passwd, LDAP, NIS or whatever) is irrelevant. But if you want to make sure that the same UID resolves to the same user name, the best is to make central user database and let both filer and server to use it.
2012-03-02 03:34 AM
Thanks aborzenkov, so if I understand you correctly....
As we are using AD as the central user database (our Solaris clients use Quest Authentication Services to query AD for user accounts),
the filer needs to be configured to also look at AD for user mapping by using the 'ldap.ADdomain' and associated LDAP settings ?
And we should ensure that nsswitch.conf on the filer is set to check both 'files' and 'ldap' for lookups?