Network and Storage Protocols

LDAP requirement for NFSv4 export ?

TMATTHEWS
4,881 Views

Hello all,

We are attempting to export an NFSv4 share to a Solaris 10 client, but we are seeing our file ownership being set to 'nobody'.

Our Solaris 10 clients are integrated with AD for user lookups and authentication, and the nfs.v4.id_domain is set correctly to match the NFSMAPID_DOMAIN of the Solaris client.

On the filer, these commands fail to return the expected result, I believe due to us not having configured LDAP :

filer> priv set advanced

filer*> options ldap

filer*> getXXbyYY getpwbyname_r c000619

Could not get passwd entry for name = c000619

filer*> getXXbyYY getpwbyname_r c000619@xxxxxxxxxxxxxxxxxx

Could not get passwd entry for name = c000619@xxxxxxxxxxxxxxxxxx

filer*> getXXbyYY getgrbyname sysadmin

Could not get group entry for name = sysadmin

filer*> getXXbyYY getgrlist c000619

Could not get password entry for name = c000619

Is LDAP configuration a necessity for successful mapping of ID's when using NFSv4 exports ?

1 ACCEPTED SOLUTION

aborzenkov
4,881 Views

Yes, that's correct. If you are using LDAP already for Unix, it makes sense to use the same server for filer.

View solution in original post

3 REPLIES 3

aborzenkov
4,881 Views

Filer must be able to resolve user name to user UID. How exactly it does it (local /etc/passwd, LDAP, NIS or whatever) is irrelevant. But if you want to make sure that the same UID resolves to the same user name, the best is to make central user database and let both filer and server to use it.

TMATTHEWS
4,881 Views

Thanks aborzenkov, so if I understand you correctly....

As we are using AD as the central user database (our Solaris clients use Quest Authentication Services to query AD for user accounts),

the filer needs to be configured to also look at AD for user mapping by using the 'ldap.ADdomain' and associated LDAP settings ?

And we should ensure that nsswitch.conf on the filer is set to check both 'files' and 'ldap' for lookups?

Kind regards,

Tom

aborzenkov
4,882 Views

Yes, that's correct. If you are using LDAP already for Unix, it makes sense to use the same server for filer.

Public