On Mon, Nov 10, 2014 at 05:24:52PM +0100, Joschi Brauchle wrote:
I am experiencing strange behaviour of some of my NFS clients running
SSSD-AD 1.12.1. Some machines seem to be losing the 'group name <-> GID'
mapping on files on an NFS share, see this example:
$ l -d SOMEFOLDER
drwxrwxr-x 17 root 4294967294 4096 Nov 6 15:31 SOMEFOLDER/
$ stat SOMEFOLDER
Size: 4096 Blocks: 8 IO Block: 65536 directory
Device: 26h/38d Inode: 27258 Links: 17
Access: (0775/drwxrwxr-x) Uid: ( 0/ root) Gid: (4294967294/
Also all files SOMEFOLDER/* are affected.
I know the group the folder is supposed to have is set correctly and other
clients show its name. Also, users who are in the missing group show the
groupname and GID just fine when doing an 'id USERNAME'.
This sounds similar to the issue Sergey Urushkin had reported to
sssd-users earlier today.
At the same time, I wonder why the GID is being reported as 4294967294,
isn't that nfsnobody or a similar 'fallback' user?
Restarting SSSD resolves the issue for some time.
My SSSD config is as follows:
config_file_version = 2
services = nss,pam
domains = default
filter_groups = root
filter_users = root
id_provider = ad
auth_provider = ad
access_provider = simple
chpass_provider = ad
ad_domain = ...
ad_enable_gc = False
ldap_id_mapping = False
enumerate = False
ignore_group_members = True
dyndns_update = False
cache_credentials = True
ldap_search_base = ...
ldap_user_search_base = ...
ldap_group_search_base = ...
ldap_user_search_scope = one
ldap_group_search_scope = one
krb5_ccachedir = /run/user/%U
krb5_ccname_template = DIR:%d/krb5cc
override_homedir = ...
simple_allow_groups = ...
Is this a known problem with 1.12.1?
I will test with 1.12.2 soon, but as the problem only appears randomly, I
thought I'd already ask now...
sssd-users mailing list