2013-02-13 15:57:06 |
Norbert Muda |
bug |
|
|
added bug |
2013-02-13 16:01:49 |
Norbert Muda |
description |
I'm running a nfs4 server exporting a directory /home (ext4,usrquota). This server is running Ubuntu 12.04 amd64(up-to-date). This directory is handling 662 homedirs for ldap authenticated users.
/etc/exports is :
/exports 192.168.0.0/24(rw,fsid=0,no_subtree_check)
Important lines in /etc/idmapd.conf :
domain=my-domain.org
[Translation]
Method=nsswitch.
In /etc/default/nfs-common :
NEED_IDMAPD=yes
In /etc/default/nfs-kernel-server :
RPCNFSDCOUNT=75
RPCMOUNTDOPTS=--manage-gids
2 Clients (rhel6 x86 & Ubuntu 12.04.2 i686) are mounting this nfs4 exported directory with no problems :
When doing ls -l /home on this clients, I have :
...
drwx------ 4 user100 oldusers 4096 sept. 21 2011 user100
drwx------ 4 user101 oldusers 4096 sept. 21 2011 user101
drwx------ 37 user102 oldusers 4096 oct. 1 19:06 user102
drwx------ 36 user103 users 4096 févr. 5 21:08 user103
drwx------ 36 user104 users 4096 févr. 8 14:03 user104
drwx------ 30 user105 users 4096 févr. 4 18:01 user105
drwx------ 28 user106 oldusers 4096 oct. 5 2011 user106
drwx------ 37 user107 oldusers 4096 janv. 8 14:52 user107
drwx------ 31 user108 users 4096 déc. 4 11:52 user108
drwx------ 4 user109 oldusers 4096 sept. 21 2011 user109
drwx--x--x 45 user110 oldusers 4096 janv. 22 15:53 user109
drwx------ 31 user111 users 4096 janv. 29 12:03 user110
...
uid/gid mapping works fine, authldap works fine, ...
All Clients running Ubuntu 12.10 i686 or Ubuntu 12.10 amd64 are experiencing the same problem :
The config files are the same that used in ubuntu 12.04.
Auth ldap is correctly configured, user can log in.
This is the /etc/fstab entry for /home :
192.168.0.1:/ /home nfs rw,nfsvers=4 0 0
Important lines in /etc/idmapd.conf :
domain=my-domain.org
[Translation]
Method=nsswitch
In /etc/default/nfs-common :
NEED_IDMAPD=yes
/etc/nsswitch.conf is :
passwd: files ldap
group: files ldap
shadow: files ldap
When doing ls -l /home there is a strange problem :
drwx------ 4 4294967294 oldusers 4096 sept. 21 2011 user100
drwx------ 4 user101 oldusers 4096 sept. 21 2011 user101
drwx------ 37 user102 oldusers 4096 oct. 1 19:06 user102
drwx------ 36 4294967294 users 4096 févr. 5 21:08 user103
drwx------ 36 4294967294 users 4096 févr. 8 14:03 user104
drwx------ 30 4294967294 users 4096 févr. 4 18:01 user105
drwx------ 28 4294967294 oldusers 4096 oct. 5 2011 user106
drwx------ 37 4294967294 oldusers 4096 janv. 8 14:52 user107
drwx------ 31 4294967294 users 4096 déc. 4 11:52 user108
drwx------ 4 user109 oldusers 4096 sept. 21 2011 user109
drwx--x--x 45 4294967294 oldusers 4096 janv. 22 15:53 user110
drwx------ 31 4294967294 users 4096 janv. 29 12:03 user111
for 571 homedirs (this number varies at each reboot)/662, the owner is the value 4294967294. For the 91 remaining homedirs,
the owner is correct. The gidnumber is correctly mapped for all (only 5 differents values used for gidNumber).
In /var/log/syslog, I can see :
For example : user110 is mapped as 4294967294.
but the command "id user110" returns :
uid=31124(user110) gid=666(oldusers) groupes=666(oldusers)
user110 logs in (auth ldap) from tty1. He runs "ls -l /home/user110/" :
drwxr-xr-x 8 4294967294 oldusers 4096 janv. 19 2012 Bureau
drwxr-xr-x 3 4294967294 oldusers 4096 déc. 2 2011 Documents
drwxr-xr-x 2 4294967294 oldusers 4096 déc. 2 2011 Images
Then, he runs "touch /home/user110/test" :
drwxr-xr-x 8 4294967294 oldusers 4096 janv. 19 2012 Bureau
drwxr-xr-x 3 4294967294 oldusers 4096 déc. 2 2011 Documents
drwxr-xr-x 2 4294967294 oldusers 4096 déc. 2 2011 Images
drwxr-xr-x 2 4294967294 oldusers 0 févr. 13 16:01 test
On the nfs server, If i do a ls -l in the same directory :
drwxr-xr-x 8 user110 oldusers 4096 janv. 19 2012 Bureau
drwxr-xr-x 3 user110 oldusers 4096 déc. 2 2011 Documents
drwxr-xr-x 2 user110 oldusers 4096 déc. 2 2011 Images
drwxr-xr-x 2 user110 oldusers 0 févr. 13 16:01 test
I can see that the "test" file is owned by the correct user.
I've tried without & with nscd, same results.
I've tried using sssd & pam_sss for ldap auth and having exactly the same results :
In /var/log/syslog, I have :
...
rpc.idmapd[561]: nss_getpwnam: name 'user109@my-domain.org' domain 'my-domain.org': resulting localname 'user109'
rpc.idmapd[561]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
rpc.idmapd[561]: nfs4_name_to_uid: final return value is 0
rpc.idmapd[561]: Client 0: (user) name "user109@my-domain.org" -> id "55101"
rpc.idmapd[561]: nfs4_name_to_uid: calling nsswitch->name_to_uid
rpc.idmapd[561]: nss_getpwnam: name 'user102@my-domain.org' domain 'my-domain.org': resulting localname 'user102'
rpc.idmapd[561]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
rpc.idmapd[561]: nfs4_name_to_uid: final return value is 0
rpc.idmapd[561]: Client 0: (user) name "user102@my-domain.org" -> id "55199"
...
only for the correctly mapped entries. No warnings or errors (rate limit disabled in rsyslog.conf) and verbosity set to 5 in idmapd.conf. It seems that rpc.idmapd never does mapping for other entries. |
I'm running a nfs4 server exporting a directory /home (ext4,usrquota). This server is running Ubuntu 12.04 amd64(up-to-date). This directory is handling 662 homedirs for ldap authenticated users.
/etc/exports is :
/exports 192.168.0.0/24(rw,fsid=0,no_subtree_check)
Important lines in /etc/idmapd.conf :
domain=my-domain.org
[Translation]
Method=nsswitch.
In /etc/default/nfs-common :
NEED_IDMAPD=yes
In /etc/default/nfs-kernel-server :
RPCNFSDCOUNT=75
RPCMOUNTDOPTS=--manage-gids
2 Clients (rhel6 x86 & Ubuntu 12.04.2 i686) are mounting this nfs4 exported directory with no problems :
When doing ls -l /home on this clients, I have :
...
drwx------ 4 user100 oldusers 4096 sept. 21 2011 user100
drwx------ 4 user101 oldusers 4096 sept. 21 2011 user101
drwx------ 37 user102 oldusers 4096 oct. 1 19:06 user102
drwx------ 36 user103 users 4096 févr. 5 21:08 user103
drwx------ 36 user104 users 4096 févr. 8 14:03 user104
drwx------ 30 user105 users 4096 févr. 4 18:01 user105
drwx------ 28 user106 oldusers 4096 oct. 5 2011 user106
drwx------ 37 user107 oldusers 4096 janv. 8 14:52 user107
drwx------ 31 user108 users 4096 déc. 4 11:52 user108
drwx------ 4 user109 oldusers 4096 sept. 21 2011 user109
drwx--x--x 45 user110 oldusers 4096 janv. 22 15:53 user109
drwx------ 31 user111 users 4096 janv. 29 12:03 user110
...
uid/gid mapping works fine, authldap works fine, ...
All Clients running Ubuntu 12.10 i686 or Ubuntu 12.10 amd64 are experiencing the same problem :
The config files are the same that used in ubuntu 12.04.
Auth ldap is correctly configured, user can log in.
This is the /etc/fstab entry for /home :
192.168.0.1:/ /home nfs rw,nfsvers=4 0 0
Important lines in /etc/idmapd.conf :
domain=my-domain.org
[Translation]
Method=nsswitch
In /etc/default/nfs-common :
NEED_IDMAPD=yes
/etc/nsswitch.conf is :
passwd: files ldap
group: files ldap
shadow: files ldap
When doing ls -l /home there is a strange problem :
drwx------ 4 4294967294 oldusers 4096 sept. 21 2011 user100
drwx------ 4 user101 oldusers 4096 sept. 21 2011 user101
drwx------ 37 user102 oldusers 4096 oct. 1 19:06 user102
drwx------ 36 4294967294 users 4096 févr. 5 21:08 user103
drwx------ 36 4294967294 users 4096 févr. 8 14:03 user104
drwx------ 30 4294967294 users 4096 févr. 4 18:01 user105
drwx------ 28 4294967294 oldusers 4096 oct. 5 2011 user106
drwx------ 37 4294967294 oldusers 4096 janv. 8 14:52 user107
drwx------ 31 4294967294 users 4096 déc. 4 11:52 user108
drwx------ 4 user109 oldusers 4096 sept. 21 2011 user109
drwx--x--x 45 4294967294 oldusers 4096 janv. 22 15:53 user110
drwx------ 31 4294967294 users 4096 janv. 29 12:03 user111
for 571 homedirs (this number varies at each reboot)/662, the owner is the value 4294967294. For the 91 remaining homedirs,
the owner is correct. The gidnumber is correctly mapped for all (only 5 differents values used for gidNumber).
In /var/log/syslog, I can see :
For example : user110 is mapped as 4294967294.
but the command "id user110" returns :
uid=31124(user110) gid=666(oldusers) groupes=666(oldusers)
user110 logs in (auth ldap) from tty1. He runs "ls -l /home/user110/" :
drwxr-xr-x 8 4294967294 oldusers 4096 janv. 19 2012 Bureau
drwxr-xr-x 3 4294967294 oldusers 4096 déc. 2 2011 Documents
drwxr-xr-x 2 4294967294 oldusers 4096 déc. 2 2011 Images
Then, he runs "touch /home/user110/test" :
drwxr-xr-x 8 4294967294 oldusers 4096 janv. 19 2012 Bureau
drwxr-xr-x 3 4294967294 oldusers 4096 déc. 2 2011 Documents
drwxr-xr-x 2 4294967294 oldusers 4096 déc. 2 2011 Images
drwxr-xr-x 2 4294967294 oldusers 0 févr. 13 16:01 test
On the nfs server, If i do a ls -l in the same directory :
drwxr-xr-x 8 user110 oldusers 4096 janv. 19 2012 Bureau
drwxr-xr-x 3 user110 oldusers 4096 déc. 2 2011 Documents
drwxr-xr-x 2 user110 oldusers 4096 déc. 2 2011 Images
drwxr-xr-x 2 user110 oldusers 0 févr. 13 16:01 test
I can see that the "test" file is owned by the correct user.
I've tried without & with nscd, same results.
I've tried using sssd, libnss-sss & pam_sss for ldap auth and having exactly the same results :
In /var/log/syslog, I have :
...
rpc.idmapd[561]: nss_getpwnam: name 'user109@my-domain.org' domain 'my-domain.org': resulting localname 'user109'
rpc.idmapd[561]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
rpc.idmapd[561]: nfs4_name_to_uid: final return value is 0
rpc.idmapd[561]: Client 0: (user) name "user109@my-domain.org" -> id "55101"
rpc.idmapd[561]: nfs4_name_to_uid: calling nsswitch->name_to_uid
rpc.idmapd[561]: nss_getpwnam: name 'user102@my-domain.org' domain 'my-domain.org': resulting localname 'user102'
rpc.idmapd[561]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
rpc.idmapd[561]: nfs4_name_to_uid: final return value is 0
rpc.idmapd[561]: Client 0: (user) name "user102@my-domain.org" -> id "55199"
...
only for the correctly mapped entries. No warnings or errors (rate limit disabled in rsyslog.conf) and verbosity set to 5 in idmapd.conf. It seems that rpc.idmapd never does mapping for other entries. |
|
2013-02-14 08:13:29 |
Launchpad Janitor |
nfs-utils (Ubuntu): status |
New |
Confirmed |
|
2013-02-14 08:14:12 |
Rafael Luque |
bug |
|
|
added subscriber Rafael Luque |
2013-09-26 14:50:47 |
jtlb |
bug |
|
|
added subscriber jtlb |
2014-01-01 10:51:57 |
Joerg Delker |
bug |
|
|
added subscriber Joerg Delker |
2014-01-01 11:15:18 |
Joerg Delker |
bug watch added |
|
https://bugzilla.redhat.com/show_bug.cgi?id=876705 |
|
2014-05-27 20:48:16 |
Vertago1 |
attachment added |
|
this fixes the issue https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1124250/+attachment/4120932/+files/30-nfsv4-quota.conf |
|
2014-07-10 19:11:17 |
Alex Gottschalk |
bug |
|
|
added subscriber Alex Gottschalk |
2014-07-11 12:08:31 |
Bryan Quigley |
bug |
|
|
added subscriber Bryan Quigley |
2014-07-11 12:10:33 |
Bryan Quigley |
bug task added |
|
fedora |
|
2014-08-20 02:09:22 |
Nate Crawford |
bug |
|
|
added subscriber Nate Crawford |
2014-09-11 13:55:12 |
Carl Hetherington |
bug |
|
|
added subscriber Carl Hetherington |
2014-09-11 21:08:31 |
Brandon Pierce |
bug |
|
|
added subscriber Brandon Pierce |
2014-09-12 08:47:17 |
Dariusz Gadomski |
nfs-utils (Ubuntu): assignee |
|
Dariusz Gadomski (dgadomski) |
|
2014-09-12 14:05:44 |
Andrew Phillips |
bug |
|
|
added subscriber Andrew Phillips |
2014-09-15 18:25:48 |
John Jendro |
bug |
|
|
added subscriber John Jendro |
2014-09-20 20:10:47 |
William Van Hevelingen |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758870 |
|
2014-09-20 20:10:47 |
William Van Hevelingen |
bug task added |
|
nfs-utils (Debian) |
|
2014-09-21 00:42:38 |
Bug Watch Updater |
nfs-utils (Debian): status |
Unknown |
Incomplete |
|
2014-09-24 11:46:38 |
Dariusz Gadomski |
bug |
|
|
added subscriber Dariusz Gadomski |
2014-09-24 14:49:27 |
Dave Chiluk |
bug task added |
|
linux (Ubuntu) |
|
2014-09-24 14:49:38 |
Dave Chiluk |
linux (Ubuntu): status |
New |
Confirmed |
|
2014-09-24 14:49:45 |
Dave Chiluk |
linux (Ubuntu): importance |
Undecided |
Low |
|
2014-09-24 14:56:15 |
Dave Chiluk |
nominated for series |
|
Ubuntu Trusty |
|
2014-09-24 14:56:15 |
Dave Chiluk |
nominated for series |
|
Ubuntu Utopic |
|
2014-09-29 16:00:07 |
Carl Hetherington |
attachment added |
|
0001-Invalidate-expired-keys-when-they-are-requested-in-o.patch https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1124250/+attachment/4219275/+files/0001-Invalidate-expired-keys-when-they-are-requested-in-o.patch |
|
2014-09-29 16:31:12 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2014-09-29 16:31:13 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Joseph Salisbury |
2014-09-29 16:31:34 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
2014-09-29 18:33:01 |
Chris J Arges |
bug task added |
|
nfs-utils (Ubuntu Trusty) |
|
2014-09-29 18:33:01 |
Chris J Arges |
bug task added |
|
linux (Ubuntu Trusty) |
|
2014-09-29 18:33:09 |
Chris J Arges |
bug task added |
|
nfs-utils (Ubuntu Utopic) |
|
2014-09-29 18:33:09 |
Chris J Arges |
bug task added |
|
linux (Ubuntu Utopic) |
|
2014-09-29 19:04:52 |
Dave Chiluk |
linux (Ubuntu Utopic): status |
Confirmed |
Won't Fix |
|
2014-09-29 19:04:56 |
Dave Chiluk |
linux (Ubuntu Trusty): status |
New |
Won't Fix |
|
2014-09-29 19:05:01 |
Dave Chiluk |
linux (Ubuntu Trusty): importance |
Undecided |
Low |
|
2014-09-30 13:48:29 |
Carl Hetherington |
attachment added |
|
nfs_patch2.patch https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1124250/+attachment/4220337/+files/nfs_patch2.patch |
|
2014-10-17 13:17:31 |
Michael |
bug |
|
|
added subscriber Michael |
2014-10-27 05:27:31 |
Launchpad Janitor |
nfs-utils (Ubuntu Trusty): status |
New |
Confirmed |
|
2015-02-24 16:04:36 |
Bug Watch Updater |
nfs-utils (Debian): status |
Incomplete |
Confirmed |
|
2015-02-26 10:09:08 |
stef |
bug |
|
|
added subscriber stef |
2015-03-02 19:06:01 |
Bug Watch Updater |
nfs-utils (Debian): status |
Confirmed |
Fix Released |
|
2015-03-20 11:48:06 |
mtemp |
bug |
|
|
added subscriber mtemp |
2015-03-20 16:00:26 |
David Wagner |
bug |
|
|
added subscriber David Wagner |
2015-03-26 18:05:13 |
Chris J Arges |
linux (Ubuntu Utopic): status |
Won't Fix |
In Progress |
|
2015-03-26 18:05:16 |
Chris J Arges |
linux (Ubuntu Trusty): status |
Won't Fix |
In Progress |
|
2015-03-26 18:14:01 |
Dariusz Gadomski |
description |
I'm running a nfs4 server exporting a directory /home (ext4,usrquota). This server is running Ubuntu 12.04 amd64(up-to-date). This directory is handling 662 homedirs for ldap authenticated users.
/etc/exports is :
/exports 192.168.0.0/24(rw,fsid=0,no_subtree_check)
Important lines in /etc/idmapd.conf :
domain=my-domain.org
[Translation]
Method=nsswitch.
In /etc/default/nfs-common :
NEED_IDMAPD=yes
In /etc/default/nfs-kernel-server :
RPCNFSDCOUNT=75
RPCMOUNTDOPTS=--manage-gids
2 Clients (rhel6 x86 & Ubuntu 12.04.2 i686) are mounting this nfs4 exported directory with no problems :
When doing ls -l /home on this clients, I have :
...
drwx------ 4 user100 oldusers 4096 sept. 21 2011 user100
drwx------ 4 user101 oldusers 4096 sept. 21 2011 user101
drwx------ 37 user102 oldusers 4096 oct. 1 19:06 user102
drwx------ 36 user103 users 4096 févr. 5 21:08 user103
drwx------ 36 user104 users 4096 févr. 8 14:03 user104
drwx------ 30 user105 users 4096 févr. 4 18:01 user105
drwx------ 28 user106 oldusers 4096 oct. 5 2011 user106
drwx------ 37 user107 oldusers 4096 janv. 8 14:52 user107
drwx------ 31 user108 users 4096 déc. 4 11:52 user108
drwx------ 4 user109 oldusers 4096 sept. 21 2011 user109
drwx--x--x 45 user110 oldusers 4096 janv. 22 15:53 user109
drwx------ 31 user111 users 4096 janv. 29 12:03 user110
...
uid/gid mapping works fine, authldap works fine, ...
All Clients running Ubuntu 12.10 i686 or Ubuntu 12.10 amd64 are experiencing the same problem :
The config files are the same that used in ubuntu 12.04.
Auth ldap is correctly configured, user can log in.
This is the /etc/fstab entry for /home :
192.168.0.1:/ /home nfs rw,nfsvers=4 0 0
Important lines in /etc/idmapd.conf :
domain=my-domain.org
[Translation]
Method=nsswitch
In /etc/default/nfs-common :
NEED_IDMAPD=yes
/etc/nsswitch.conf is :
passwd: files ldap
group: files ldap
shadow: files ldap
When doing ls -l /home there is a strange problem :
drwx------ 4 4294967294 oldusers 4096 sept. 21 2011 user100
drwx------ 4 user101 oldusers 4096 sept. 21 2011 user101
drwx------ 37 user102 oldusers 4096 oct. 1 19:06 user102
drwx------ 36 4294967294 users 4096 févr. 5 21:08 user103
drwx------ 36 4294967294 users 4096 févr. 8 14:03 user104
drwx------ 30 4294967294 users 4096 févr. 4 18:01 user105
drwx------ 28 4294967294 oldusers 4096 oct. 5 2011 user106
drwx------ 37 4294967294 oldusers 4096 janv. 8 14:52 user107
drwx------ 31 4294967294 users 4096 déc. 4 11:52 user108
drwx------ 4 user109 oldusers 4096 sept. 21 2011 user109
drwx--x--x 45 4294967294 oldusers 4096 janv. 22 15:53 user110
drwx------ 31 4294967294 users 4096 janv. 29 12:03 user111
for 571 homedirs (this number varies at each reboot)/662, the owner is the value 4294967294. For the 91 remaining homedirs,
the owner is correct. The gidnumber is correctly mapped for all (only 5 differents values used for gidNumber).
In /var/log/syslog, I can see :
For example : user110 is mapped as 4294967294.
but the command "id user110" returns :
uid=31124(user110) gid=666(oldusers) groupes=666(oldusers)
user110 logs in (auth ldap) from tty1. He runs "ls -l /home/user110/" :
drwxr-xr-x 8 4294967294 oldusers 4096 janv. 19 2012 Bureau
drwxr-xr-x 3 4294967294 oldusers 4096 déc. 2 2011 Documents
drwxr-xr-x 2 4294967294 oldusers 4096 déc. 2 2011 Images
Then, he runs "touch /home/user110/test" :
drwxr-xr-x 8 4294967294 oldusers 4096 janv. 19 2012 Bureau
drwxr-xr-x 3 4294967294 oldusers 4096 déc. 2 2011 Documents
drwxr-xr-x 2 4294967294 oldusers 4096 déc. 2 2011 Images
drwxr-xr-x 2 4294967294 oldusers 0 févr. 13 16:01 test
On the nfs server, If i do a ls -l in the same directory :
drwxr-xr-x 8 user110 oldusers 4096 janv. 19 2012 Bureau
drwxr-xr-x 3 user110 oldusers 4096 déc. 2 2011 Documents
drwxr-xr-x 2 user110 oldusers 4096 déc. 2 2011 Images
drwxr-xr-x 2 user110 oldusers 0 févr. 13 16:01 test
I can see that the "test" file is owned by the correct user.
I've tried without & with nscd, same results.
I've tried using sssd, libnss-sss & pam_sss for ldap auth and having exactly the same results :
In /var/log/syslog, I have :
...
rpc.idmapd[561]: nss_getpwnam: name 'user109@my-domain.org' domain 'my-domain.org': resulting localname 'user109'
rpc.idmapd[561]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
rpc.idmapd[561]: nfs4_name_to_uid: final return value is 0
rpc.idmapd[561]: Client 0: (user) name "user109@my-domain.org" -> id "55101"
rpc.idmapd[561]: nfs4_name_to_uid: calling nsswitch->name_to_uid
rpc.idmapd[561]: nss_getpwnam: name 'user102@my-domain.org' domain 'my-domain.org': resulting localname 'user102'
rpc.idmapd[561]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
rpc.idmapd[561]: nfs4_name_to_uid: final return value is 0
rpc.idmapd[561]: Client 0: (user) name "user102@my-domain.org" -> id "55199"
...
only for the correctly mapped entries. No warnings or errors (rate limit disabled in rsyslog.conf) and verbosity set to 5 in idmapd.conf. It seems that rpc.idmapd never does mapping for other entries. |
[Impact]
* This bug is likely to cause an incorrect UID/GID mapping for NFS shares in case of large numbers of differend UIDs/GIDs or in case of expired UID/GID mappings (stored as keys in the kernel).
[Test Case]
1. Setup a nfs4 server exporting /home with a large number of different users and ldap-based authentication.
2. Mount the share on a ldap-connected client machine.
3. List the mounted /home directory.
4. Wait more than 10 minutes (the default key expiration time) and list it again with ls -l.
Expected result - all directories are listed with correct UIDs/GIDs.
Actual result - some of the directories may be listed with incorrect UID/GID of 4294967294.
[Regression Potential]
* This issue has been merged upstream in the 3.18 kernel and is also present in Debian's 3.16 kernel.
[Other Info]
* Original bug description:
I'm running a nfs4 server exporting a directory /home (ext4,usrquota). This server is running Ubuntu 12.04 amd64(up-to-date). This directory is handling 662 homedirs for ldap authenticated users.
/etc/exports is :
/exports 192.168.0.0/24(rw,fsid=0,no_subtree_check)
Important lines in /etc/idmapd.conf :
domain=my-domain.org
[Translation]
Method=nsswitch.
In /etc/default/nfs-common :
NEED_IDMAPD=yes
In /etc/default/nfs-kernel-server :
RPCNFSDCOUNT=75
RPCMOUNTDOPTS=--manage-gids
2 Clients (rhel6 x86 & Ubuntu 12.04.2 i686) are mounting this nfs4 exported directory with no problems :
When doing ls -l /home on this clients, I have :
...
drwx------ 4 user100 oldusers 4096 sept. 21 2011 user100
drwx------ 4 user101 oldusers 4096 sept. 21 2011 user101
drwx------ 37 user102 oldusers 4096 oct. 1 19:06 user102
drwx------ 36 user103 users 4096 févr. 5 21:08 user103
drwx------ 36 user104 users 4096 févr. 8 14:03 user104
drwx------ 30 user105 users 4096 févr. 4 18:01 user105
drwx------ 28 user106 oldusers 4096 oct. 5 2011 user106
drwx------ 37 user107 oldusers 4096 janv. 8 14:52 user107
drwx------ 31 user108 users 4096 déc. 4 11:52 user108
drwx------ 4 user109 oldusers 4096 sept. 21 2011 user109
drwx--x--x 45 user110 oldusers 4096 janv. 22 15:53 user109
drwx------ 31 user111 users 4096 janv. 29 12:03 user110
...
uid/gid mapping works fine, authldap works fine, ...
All Clients running Ubuntu 12.10 i686 or Ubuntu 12.10 amd64 are experiencing the same problem :
The config files are the same that used in ubuntu 12.04.
Auth ldap is correctly configured, user can log in.
This is the /etc/fstab entry for /home :
192.168.0.1:/ /home nfs rw,nfsvers=4 0 0
Important lines in /etc/idmapd.conf :
domain=my-domain.org
[Translation]
Method=nsswitch
In /etc/default/nfs-common :
NEED_IDMAPD=yes
/etc/nsswitch.conf is :
passwd: files ldap
group: files ldap
shadow: files ldap
When doing ls -l /home there is a strange problem :
drwx------ 4 4294967294 oldusers 4096 sept. 21 2011 user100
drwx------ 4 user101 oldusers 4096 sept. 21 2011 user101
drwx------ 37 user102 oldusers 4096 oct. 1 19:06 user102
drwx------ 36 4294967294 users 4096 févr. 5 21:08 user103
drwx------ 36 4294967294 users 4096 févr. 8 14:03 user104
drwx------ 30 4294967294 users 4096 févr. 4 18:01 user105
drwx------ 28 4294967294 oldusers 4096 oct. 5 2011 user106
drwx------ 37 4294967294 oldusers 4096 janv. 8 14:52 user107
drwx------ 31 4294967294 users 4096 déc. 4 11:52 user108
drwx------ 4 user109 oldusers 4096 sept. 21 2011 user109
drwx--x--x 45 4294967294 oldusers 4096 janv. 22 15:53 user110
drwx------ 31 4294967294 users 4096 janv. 29 12:03 user111
for 571 homedirs (this number varies at each reboot)/662, the owner is the value 4294967294. For the 91 remaining homedirs,
the owner is correct. The gidnumber is correctly mapped for all (only 5 differents values used for gidNumber).
In /var/log/syslog, I can see :
For example : user110 is mapped as 4294967294.
but the command "id user110" returns :
uid=31124(user110) gid=666(oldusers) groupes=666(oldusers)
user110 logs in (auth ldap) from tty1. He runs "ls -l /home/user110/" :
drwxr-xr-x 8 4294967294 oldusers 4096 janv. 19 2012 Bureau
drwxr-xr-x 3 4294967294 oldusers 4096 déc. 2 2011 Documents
drwxr-xr-x 2 4294967294 oldusers 4096 déc. 2 2011 Images
Then, he runs "touch /home/user110/test" :
drwxr-xr-x 8 4294967294 oldusers 4096 janv. 19 2012 Bureau
drwxr-xr-x 3 4294967294 oldusers 4096 déc. 2 2011 Documents
drwxr-xr-x 2 4294967294 oldusers 4096 déc. 2 2011 Images
drwxr-xr-x 2 4294967294 oldusers 0 févr. 13 16:01 test
On the nfs server, If i do a ls -l in the same directory :
drwxr-xr-x 8 user110 oldusers 4096 janv. 19 2012 Bureau
drwxr-xr-x 3 user110 oldusers 4096 déc. 2 2011 Documents
drwxr-xr-x 2 user110 oldusers 4096 déc. 2 2011 Images
drwxr-xr-x 2 user110 oldusers 0 févr. 13 16:01 test
I can see that the "test" file is owned by the correct user.
I've tried without & with nscd, same results.
I've tried using sssd, libnss-sss & pam_sss for ldap auth and having exactly the same results :
In /var/log/syslog, I have :
...
rpc.idmapd[561]: nss_getpwnam: name 'user109@my-domain.org' domain 'my-domain.org': resulting localname 'user109'
rpc.idmapd[561]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
rpc.idmapd[561]: nfs4_name_to_uid: final return value is 0
rpc.idmapd[561]: Client 0: (user) name "user109@my-domain.org" -> id "55101"
rpc.idmapd[561]: nfs4_name_to_uid: calling nsswitch->name_to_uid
rpc.idmapd[561]: nss_getpwnam: name 'user102@my-domain.org' domain 'my-domain.org': resulting localname 'user102'
rpc.idmapd[561]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0
rpc.idmapd[561]: nfs4_name_to_uid: final return value is 0
rpc.idmapd[561]: Client 0: (user) name "user102@my-domain.org" -> id "55199"
...
only for the correctly mapped entries. No warnings or errors (rate limit disabled in rsyslog.conf) and verbosity set to 5 in idmapd.conf. It seems that rpc.idmapd never does mapping for other entries. |
|
2015-03-26 18:14:13 |
Dariusz Gadomski |
tags |
patch |
cts patch |
|
2015-03-26 18:36:27 |
Chris J Arges |
bug task deleted |
nfs-utils (Ubuntu) |
|
|
2015-03-26 18:36:34 |
Chris J Arges |
bug task deleted |
nfs-utils (Ubuntu Trusty) |
|
|
2015-03-26 18:36:38 |
Chris J Arges |
bug task deleted |
nfs-utils (Ubuntu Utopic) |
|
|
2015-03-26 18:37:03 |
Chris J Arges |
linux (Ubuntu Trusty): assignee |
|
Dariusz Gadomski (dgadomski) |
|
2015-03-26 18:37:08 |
Chris J Arges |
linux (Ubuntu Utopic): assignee |
|
Dariusz Gadomski (dgadomski) |
|
2015-03-26 18:40:14 |
Chris J Arges |
linux (Ubuntu): status |
Confirmed |
Fix Released |
|
2015-04-01 10:09:01 |
Andy Whitcroft |
linux (Ubuntu Utopic): status |
In Progress |
Fix Committed |
|
2015-04-01 10:09:05 |
Andy Whitcroft |
linux (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
2015-04-15 10:29:27 |
Jonathon F |
bug |
|
|
added subscriber J Fernyhough |
2015-04-17 14:03:53 |
Brad Figg |
tags |
cts patch |
cts patch verification-needed-trusty |
|
2015-04-17 14:04:07 |
Brad Figg |
tags |
cts patch verification-needed-trusty |
cts patch verification-needed-trusty verification-needed-utopic |
|
2015-04-28 18:02:05 |
Luis Henriques |
bug |
|
|
added subscriber Luis Henriques |
2015-04-29 12:04:56 |
Brad Figg |
tags |
cts patch verification-needed-trusty verification-needed-utopic |
cts patch verification-done-trusty verification-done-utopic |
|
2015-04-29 15:36:00 |
Launchpad Janitor |
linux (Ubuntu Utopic): status |
Fix Committed |
Fix Released |
|
2015-04-29 15:36:00 |
Launchpad Janitor |
cve linked |
|
2015-2666 |
|
2015-04-29 15:36:00 |
Launchpad Janitor |
cve linked |
|
2015-2922 |
|
2015-04-29 15:36:01 |
Launchpad Janitor |
linux (Ubuntu Utopic): status |
Fix Committed |
Fix Released |
|
2015-04-29 15:38:53 |
Launchpad Janitor |
linux (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2015-04-29 15:38:54 |
Launchpad Janitor |
linux (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2015-05-06 13:23:37 |
Markus Kuhn |
bug |
|
|
added subscriber Markus Kuhn |
2015-05-07 12:20:02 |
marz_cyclone |
bug |
|
|
added subscriber marz_cyclone |
2015-06-16 13:59:36 |
Margarita Manterola |
bug |
|
|
added subscriber Goobuntu Team |
2015-09-14 14:34:03 |
Bug Watch Updater |
nfs-utils (Debian): status |
Fix Released |
Confirmed |
|
2017-10-28 07:43:05 |
Bug Watch Updater |
fedora: status |
Unknown |
Won't Fix |
|
2017-10-28 07:43:05 |
Bug Watch Updater |
fedora: importance |
Unknown |
Critical |
|
2017-10-28 07:43:11 |
Bug Watch Updater |
bug watch added |
|
https://bugzilla.redhat.com/show_bug.cgi?id=847084 |
|
2017-10-28 07:43:11 |
Bug Watch Updater |
bug watch added |
|
https://bugzilla.redhat.com/show_bug.cgi?id=740024 |
|
2021-02-25 12:18:23 |
Bug Watch Updater |
nfs-utils (Debian): status |
Confirmed |
Fix Released |
|
2021-02-26 17:41:04 |
mtemp |
removed subscriber mtemp |
|
|
|