Hi
I'm trying very hard to find resources for how to set up ACLs on NFS with IdM provided identities.
Things work fine with local users and groups, but the translation service (idmapd?) is causing me trouble.
For reference, I'm running Rocky Linux 8.9 (equivalent to RHEL 8.9).
Bo Lind via FreeIPA-users wrote:
Hi
I'm trying very hard to find resources for how to set up ACLs on NFS with IdM provided identities.
Things work fine with local users and groups, but the translation service (idmapd?) is causing me trouble.
For reference, I'm running Rocky Linux 8.9 (equivalent to RHEL 8.9).
It's been a million years since I did any NFS work but from memory idmapd.conf is configured with the domain by default. The default mapping method is nsswitch.conf. So assuming the domain is correct it should just work.
I assume you ran ipa-client-automount on the NFS clients to configure idmapd.conf?
rob
I figured it out, everything actually works out of the box.
This script should get things going:
#!/bin/bash
# This script presumes a RL 8.4+ "Minimal Install" ready machine which has been prepped # for OTP install in IPA. Also, /export is the dir/volume being exported as NFS.
dnf upgrade -y
dnf install -y ipa-client ipa-client-install -U -w myonetimepassword
dnf install -y nfs-utils nfs4-acl-tools
cat <<EOF > /etc/exports /export *(rw,sec=sys,no_subtree_check,root_squash,async) EOF
systemctl enable --now nfs-idmapd.service systemctl enable --now nfs-server.service
exportfs -arv
firewall-cmd --permanent --add-service=nfs firewall-cmd --permanent --add-service=rpc-bind firewall-cmd --permanent --add-service=mountd firewall-cmd --reload
reboot
freeipa-users@lists.fedorahosted.org