[Bug 1819197] Re: nss_getpwnam: name 'userX at xx.xx.edu@XX.XX.EDU' domain 'XX.XX.EDU': resulting localname '(null)'

Michael 1819197 at bugs.launchpad.net
Fri Mar 8 18:15:29 UTC 2019 

** Description changed:

  uid and gid appear to not map properly from nfsidmap in a nfsv4 with
  sec=krb5.  UID and GID are mapping properly on CentOS server and CentOS
  client.  Ubuntu nfs client file permissions are honored, but display in
  `ls -lan` command are incorrect.
  
  $ cat /var/log/syslog |grep nfsidmap
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: key: 0x24a1c64d type: uid value: siu854746381 at ad.siu.edu@AD.SIU.EDU timeout 600
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling nsswitch->name_to_uid
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name 'userX at xx.xx.edu@XX.XX.EDU' domain 'XX.XX.EDU': resulting localname '(null)'
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name 'userX at xx.xx.edu@XX.XX.EDU' does not map into domain 'XX.XX.EDU'
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: nsswitch->name_to_uid returned -22
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: final return value is -22
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling nsswitch->name_to_uid
  $
  $ mount -v -t nfs4 -o sec=krb5 SP19SRV.XX.XX.EDU:/export /mnt
  $ su userX
  $ ls -la /mnt
  total 4
  drwxr-xr-x  5 nobody 4294967294   50 Feb 28 18:04 .
  drwxr-xr-x 24 root   root       4096 Mar  7 22:34 ..
  drwxr-xr-x  2 nobody 4294967294  125 Mar  8 16:27 userX
  $
  
+ Problem:
+ nfsmapid isn't showing proper file permissions on the ubuntu nfsv4 client with sec=krb
+ 
+ Client:
+ mount -v -t nfs4 -o sec=krb5 SP19SRV.AD.SIU.EDU:/export /mnt
+ 
+ $ ls -la
+ total 4
+ drwxr-xr-x  5 nobody 4294967294   50 Feb 28 18:04 .
+ drwxr-xr-x 24 root   root       4096 Mar  7 20:58 ..
+ drwxr-xr-x  2 nobody 4294967294  112 Mar  7 14:30 username
+ username at xx.xx.edu@ubuntuclient:/mnt
+ 
+ $ cat /etc/idmapd.conf 
+ [General]
+ 
+ Verbosity = 9
+ Pipefs-Directory = /run/rpc_pipefs
+ # set your own domain here, if it differs from FQDN minus hostname
+ Domain = XX.XXX.EDU
+ 
+ [Mapping]
+ 
+ Nobody-User = nobody
+ Nobody-Group = nogroup
+ 
+ 
+ $ cat /etc/default/nfs-common 
+ STATDOPTS=
+ 
+ # Do you want to start the gssd daemon? It is required for Kerberos mounts.
+ NEED_GSSD="yes"
+ NEED_IDMAPD="yes"
+ 
+ # I've tried commenting out NEED_IDMAPD as well.
+ 
+ My nfs server is a Centos 7.
+ 
+ Both machines were joined to active directory with sssd.  NFSv4 with krb
+ security works on my centos server and client.  The nfs server mount
+ works on the ubuntu client and file permissions are honored.  But, the
+ ls -la command is showing the incorrect file permissions.
+ 
+ uid and gid's appear to be in sync from sssd.
+ 
+ Please let me know if you need any additional information, thanks,
+ 
  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: nfs-common 1:1.3.4-2.1ubuntu5
  ProcVersionSignature: Ubuntu 4.15.0-46.49-generic 4.15.18
  Uname: Linux 4.15.0-46-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: amd64
  Date: Fri Mar  8 17:48:13 2019
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: nfs-utils
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.default.nfs-common: 2019-03-07T21:45:28.468860

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1819197

Title:
  nss_getpwnam: name 'userX at xx.xx.edu@XX.XX.EDU' domain 'XX.XX.EDU':
  resulting localname '(null)'

Status in nfs-utils package in Ubuntu:
  New

Bug description:
  uid and gid appear to not map properly from nfsidmap in a nfsv4 with
  sec=krb5.  UID and GID are mapping properly on CentOS server and
  CentOS client.  Ubuntu nfs client file permissions are honored, but
  display in `ls -lan` command are incorrect.

  $ cat /var/log/syslog |grep nfsidmap
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: key: 0x24a1c64d type: uid value: siu854746381 at ad.siu.edu@AD.SIU.EDU timeout 600
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling nsswitch->name_to_uid
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name 'userX at xx.xx.edu@XX.XX.EDU' domain 'XX.XX.EDU': resulting localname '(null)'
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name 'userX at xx.xx.edu@XX.XX.EDU' does not map into domain 'XX.XX.EDU'
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: nsswitch->name_to_uid returned -22
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: final return value is -22
  Mar  8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling nsswitch->name_to_uid
  $
  $ mount -v -t nfs4 -o sec=krb5 SP19SRV.XX.XX.EDU:/export /mnt
  $ su userX
  $ ls -la /mnt
  total 4
  drwxr-xr-x  5 nobody 4294967294   50 Feb 28 18:04 .
  drwxr-xr-x 24 root   root       4096 Mar  7 22:34 ..
  drwxr-xr-x  2 nobody 4294967294  125 Mar  8 16:27 userX
  $

  Problem:
  nfsmapid isn't showing proper file permissions on the ubuntu nfsv4 client with sec=krb

  Client:
  mount -v -t nfs4 -o sec=krb5 SP19SRV.AD.SIU.EDU:/export /mnt

  $ ls -la
  total 4
  drwxr-xr-x  5 nobody 4294967294   50 Feb 28 18:04 .
  drwxr-xr-x 24 root   root       4096 Mar  7 20:58 ..
  drwxr-xr-x  2 nobody 4294967294  112 Mar  7 14:30 username
  username at xx.xx.edu@ubuntuclient:/mnt

  $ cat /etc/idmapd.conf 
  [General]

  Verbosity = 9
  Pipefs-Directory = /run/rpc_pipefs
  # set your own domain here, if it differs from FQDN minus hostname
  Domain = XX.XXX.EDU

  [Mapping]

  Nobody-User = nobody
  Nobody-Group = nogroup

  
  $ cat /etc/default/nfs-common 
  STATDOPTS=

  # Do you want to start the gssd daemon? It is required for Kerberos mounts.
  NEED_GSSD="yes"
  NEED_IDMAPD="yes"

  # I've tried commenting out NEED_IDMAPD as well.

  My nfs server is a Centos 7.

  Both machines were joined to active directory with sssd.  NFSv4 with
  krb security works on my centos server and client.  The nfs server
  mount works on the ubuntu client and file permissions are honored.
  But, the ls -la command is showing the incorrect file permissions.

  uid and gid's appear to be in sync from sssd.

  Please let me know if you need any additional information, thanks,

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: nfs-common 1:1.3.4-2.1ubuntu5
  ProcVersionSignature: Ubuntu 4.15.0-46.49-generic 4.15.18
  Uname: Linux 4.15.0-46-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: amd64
  Date: Fri Mar  8 17:48:13 2019
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=C.UTF-8
   SHELL=/bin/bash
  SourcePackage: nfs-utils
  UpgradeStatus: No upgrade log present (probably fresh install)
  mtime.conffile..etc.default.nfs-common: 2019-03-07T21:45:28.468860

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1819197/+subscriptions

More information about the foundations-bugs mailing list