rpc.idmapd does not see LDAP users (nfs4 server)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nfs-utils (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
My setup:
Server (Ubuntu 8.04):
Kerberos server for authentication
OpenLDAP server for user and group data
NFS 4 kernel server for home directories
Client (Ubuntu 8.04, 8.10, 9.04 alpha)
libpam-krb5 for authentication
libnss-ldap for user and group data
nfs4 client for home directories
My problem: If I restart both server and client, at the client all nfs4 files/directories are reported to belong to nobody:nogroup
The problem disappears immediately, if I do
server: killall rpc.idmapd && /usr/sbin/
client: /etc/init.d/nscd restart
(I removed nscd entirely while I was looking for a solution)
To summarize: the cause of the problem is rpc.idmapd on the server, which for some reasons can't map LDAP user/group names with uids/gids when started. Perhaps libnss-ldap is not yet active? (nfs-common has an order number of 20, slapd 19, so this should be OK.)
My workaround is a small initv script (on the server) with order number 21, which contains
/usr/bin/killall rpc.idmapd && /usr/sbin/
I guess my problem has to do with another problem (slightly different setup, though) reported here:
http://
(see also http://
I can confirm this is still an issue with 8.10 server and clients and even Debian clients.
The work-around does not work normally for me in any case, neither does setting Cache=10 for idmapd.conf as suggested in the Debian bug tracker.
Further to the notes above in my case the server is also the slapd server. The server also uses libnss-ldap for name lookups.
I see there is a libnss-ldapd package in universe which is apparently a fork of the original - is that worth a shot?