Hi,

I upgraded to sssd-13.4 (kernel 4.4.0-31-generic #50-Ubuntu) –.

 

After upgrade I have problems with nfs4+Kerberos  idmaping, using krb localauth snippet   and choosing  ‘sss’ method  in /etc/idmap.conf;

I get (igen!) famous nobody mapping for cross realm users;

Mapping of groups is correct, as groups are in the same domain as computers.

 

I can mount with sec=krb5, get access to my nfs-mounted home directory, get r/w permissions, but listing a file  shows wrong owner:  

 

ausr@nat.domain@adm-lnx438:~$ ls –ld .

drwxr-xr-x 3 4294967294 lnx-primary@adm.domain     28 Aug 18  2015 SSSD-GIT

 

ausr@nat.domain 4294967294

group@adm.domain group

 

In logfile:

Jul 27 14:23:55 adm-lnx438 nfsidmap[22500]: key: 0x26626a54 type: uid value: ausr@nat.domain@adm.domain timeout 600

Jul 27 14:23:55 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: calling sss_nfs->name_to_uid

Jul 27 14:23:55 adm-lnx438 nfsidmap[22500]: user ausr@nat.domain@adm.domain not in memcache

Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: sss_nfs_name_to_uid: rc=2 msg=No such file or directory

Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: sss_nfs->name_to_uid returned -2

Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: final return value is -2

Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: calling sss_nfs->name_to_uid

Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: user nobody@adm.domain not in memcache

Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: sss_nfs_name_to_uid: rc=2 msg=No such file or directory

Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: sss_nfs->name_to_uid returned -2

Jul 27 14:23:56 adm-lnx438 nfsidmap[22500]: nfs4_name_to_uid: final return value is -2

Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: key: 0x276b113b type: gid value: lnx-primary@adm.domain timeout 600

Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: nfs4_name_to_gid: calling sss_nfs->name_to_gid

Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: found group lnx-primary@adm.domain in memcache

Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: sss_nfs_name_to_gid: rc=0 msg=Success

Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: nfs4_name_to_gid: sss_nfs->name_to_gid returned 0

Jul 27 14:23:56 adm-lnx438 nfsidmap[22504]: nfs4_name_to_gid: final return value is 0

 

----

getent passwd ausr@nat.domain

ausr@nat.domain:*:10002:30000000:Ausr :/home/ausr:/bin/bash

 

id ausr@nat.domain

uid=10002(ausr@nat.domain) gid=30000000(lnx-primary@adm.domain) groups=30000000(lnx-primary@adm.domain),4(adm),24(cdrom),27(sudo),46(plugdev),113(lpadmin),131(lxd),),9002(lnx-xxx-nfs4users2@c.xxx.dk),6666(nfs4users2@nat.domain),30000006(data-adm-lnx-nfs0a-qbl-admin-id-00001@adm.domain),9999(usr-xxx-glu@c.xxx.dk),8888(nfs4users@nat.domain),30000002(lnx-ladm-clients@adm.domain)

 

Any ideas what could happen?

 

Best

Longina