Network and Storage Protocols

NFSv4 access for users with the same name but different uid

AlexeyF
620 Views

The goal is to make an NFS share on NetApp accessible to two different hosts for a user having the same name but different uid on those hosts

 

Host1 

user10 uid=1011

 

Host2

user10 uid=1012

 

nfs path is 10.10.10.10:/vol1/exchange

 

volume vol1 that hosts the share 

User ID: 0
Group ID: 0
Security Style: unix
UNIX Permissions: ---rwxr-xr-x

 

the directory exchange that has to be writable by both has:

 

File Path: /vol1/exchange

Security Style: unix
Effective Style: unix
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 1012
UNIX Group Id: 1012
UNIX Mode Bits: 750
UNIX Mode Bits in Text: rwxr-x---
ACLs: -

 

I thought that nfsv4 can do the job. client will pass user10@mydomain.com instead of their uid and it will work

What was done:

     - created user10 on SVM with uid 1012

     - set v4-id-domain to mydomain.com

     - changed idmapd.conf on both hosts to add domain = mydomain.com

 

mount -t nfs 10.10.10.10:/vol1/exchange /mnt/exchange

But when user10 on host1 tries to make "ls /mnt/exchange" it gets Permission denied.

in logs I see 

 

Cluster1::*> vserver security trace trace-result show -volume-name vol1 -client-ip 10.10.10.2 -fields unix-user,result,security-style
node vserver seqnum security-style result unix-user
--------------- --------------- ------ ----------------- -------------------------------------------------------- ---------
Cluster1 SVM_01 365 SECURITY_MODEBITS Access is not granted for: "Modify", "Extend", "Delete" 1011
Cluster1 SVM_01 366 SECURITY_MODEBITS Access is not granted for: "Lookup", "Modify", "Extend", "Delete", "Read" 1011
2 entries were displayed.

 

 

Do I misunderstand completely how nfs4 authentication works?

 

Thanks

 

1 ACCEPTED SOLUTION

AlexeyF
504 Views

I got the explanation by browsing different sources: idmapping will not work with auth_sys.

topic may be closed. 

View solution in original post

1 REPLY 1

AlexeyF
505 Views

I got the explanation by browsing different sources: idmapping will not work with auth_sys.

topic may be closed. 

Public