I am currently in the test phase for sharing our volumes via CIFS and NFSv4 w/ Kerberos.
Currently we have only CIFS shares on that SVM, with NTFS style on all volumes and different NTFS-ACLs.
I setup the nfs and kerberos stuff (kerberos interface, idmap-domain, name-mapping and so on) a few weeks ago.
I can mount and access all exports w/o problems, based on the NTFS-ACLs.
I encountered one cosmetic problem: When I do an "ls -l" on the nfs client, the UIDs/GIDs are shown as root or 4294967294. But only for old files before the nfs/krb setup. Every file/folder created after that display the correct uid and the gid of that owner.
I know that I don't need to care for this, as WAFL manages the access, and if its working, okay.
I just want to understand whats the reason for this behaviour.
Is there an extra database/cache created for storing these infos?
Active Directory: MS AD 2012 R2 with Identity Management for UNIX, so we can manage UIDs and GIDs on our own
Linux-Clients: CentOS 7.3 and CentOS 6.9, with all Updates installed
I think this could be realted to the diffreneces in you old and current configuration. Prior to the changes you made to name mapping etc, probably the "default unix user" or the user/group account which used to access the volumes were mappingto this ID? and after the chanes, it is now reflecting the expected values? Can't say that without examining previous and current configuration in detail.
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO. Cannot find the answer you need? No need to open a support case - just CHAT and we’ll handle it for you.
At first, I apologize for my delay. I checked to get an email when someone replies, but it wasn't the case here.
and second, thanks for your comment.
I have set the option "Map Administrators to root = true" and was annoyingly thinking that a folder where only the user has access are only files owned by this user. But some files are owned by the SVM administrators, so the mapping to root comes in play.
It seems that some of the files were copied there by an admin.