[Bug 1819197] Re: nss_getpwnam: name 'userX at xx.xx.edu@XX.XX.EDU' domain 'XX.XX.EDU': resulting localname '(null)'
Michael
1819197 at bugs.launchpad.net
Fri Mar 15 16:42:08 UTC 2019
This appears to be directly related to:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581199
They submitted a patch there that does an additional modification to nss.c
for
The patch fixes the problem if not using kerberos.
I checked the latest version (0.23, in testing and unstable packages.
doesn't apply for oldstable and stable ones) from citi's website and it
seems there's an additional fix to make for function
"nss_gss_princ_to_ids" in nss.c file on line 279 :
/////////////////////////////////////////////////
/* get princ's realm */
princ_realm = strstr(princ, "@");
if (princ_realm == NULL)
return -EINVAL;
princ_realm++;
////////////////////////////////////////////////
https://bugs.debian.org/cgi-
bin/bugreport.cgi?att=1;bug=581199;filename=libnfsidmap_0.25-5ubuntu1.debdiff;msg=15
Michael Barkdoll
On Fri, Mar 15, 2019 at 8:42 AM Michael Barkdoll <mabarkdoll at gmail.com>
wrote:
> Thank you for confirming the bug, it looks like libnfsidmap's code base
> was imported into nfs-utils by Redhat on 10/26/2017 by Justin Mitchell, it
> already had the line modification inside nss.c at that point.
>
> I found where the commit was made, it was on the master branch of
> https://github.com/Distrotech/libnfsidmap
>
> You can see it here:
> https://github.com/Distrotech/libnfsidmap/commits/master/nss.c
>
> https://github.com/Distrotech/libnfsidmap/commit/309a89975a50bf53c408233a1bb5b10fd579ca30#diff-61814500c84b4fbb0fbdc21f11f4ea2c
>
>
>
> <https://github.com/Distrotech/libnfsidmap/commit/309a89975a50bf53c408233a1bb5b10fd579ca30#diff-61814500c84b4fbb0fbdc21f11f4ea2c>
>
> On Fri, Mar 15, 2019 at 7:20 AM Bug Watch Updater <
> 1819197 at bugs.launchpad.net> wrote:
>
>> ** Changed in: libnfsidmap (Debian)
>> Status: Unknown => New
>>
>> --
>> You received this bug notification because you are subscribed to the bug
>> report.
>> https://bugs.launchpad.net/bugs/1819197
>>
>> Title:
>> nss_getpwnam: name 'userX at xx.xx.edu@XX.XX.EDU' domain 'XX.XX.EDU':
>> resulting localname '(null)'
>>
>> Status in libnfsidmap package in Ubuntu:
>> New
>> Status in nfs-utils package in Ubuntu:
>> New
>> Status in libnfsidmap package in Debian:
>> New
>>
>> Bug description:
>> uid and gid appear to not map properly from nfsidmap in a nfsv4 with
>> sec=krb5. UID and GID are mapping properly on CentOS server and
>> CentOS client. Ubuntu nfs client file permissions are honored, but
>> display in `ls -lan` command are incorrect.
>>
>> $ cat /var/log/syslog |grep nfsidmap
>> Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: key: 0x24a1c64d type: uid
>> value: userY at xx.xx.edu@XX.XX.EDU timeout 600
>> Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling
>> nsswitch->name_to_uid
>> Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name
>> 'userX at xx.xx.edu@XX.XX.EDU' domain 'XX.XX.EDU': resulting localname
>> '(null)'
>> Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name
>> 'userX at xx.xx.edu@XX.XX.EDU' does not map into domain 'XX.XX.EDU'
>> Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid:
>> nsswitch->name_to_uid returned -22
>> Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: final
>> return value is -22
>> Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling
>> nsswitch->name_to_uid
>> $
>> $ mount -v -t nfs4 -o sec=krb5 SP19SRV.XX.XX.EDU:/export /mnt
>> $ su userX
>> $ ls -la /mnt
>> total 4
>> drwxr-xr-x 5 nobody 4294967294 50 Feb 28 18:04 .
>> drwxr-xr-x 24 root root 4096 Mar 7 22:34 ..
>> drwxr-xr-x 2 nobody 4294967294 125 Mar 8 16:27 userX
>> $
>>
>> Problem:
>> nfsmapid isn't showing proper file permissions on the ubuntu nfsv4
>> client with sec=krb
>>
>> Client:
>> mount -v -t nfs4 -o sec=krb5 SP19SRV.XX.XX.EDU:/export /mnt
>>
>> $ ls -la
>> total 4
>> drwxr-xr-x 5 nobody 4294967294 50 Feb 28 18:04 .
>> drwxr-xr-x 24 root root 4096 Mar 7 20:58 ..
>> drwxr-xr-x 2 nobody 4294967294 112 Mar 7 14:30 username
>> username at xx.xx.edu@ubuntuclient:/mnt
>>
>> $ cat /etc/idmapd.conf
>> [General]
>>
>> Verbosity = 9
>> Pipefs-Directory = /run/rpc_pipefs
>> # set your own domain here, if it differs from FQDN minus hostname
>> Domain = XX.XXX.EDU
>>
>> [Mapping]
>>
>> Nobody-User = nobody
>> Nobody-Group = nogroup
>>
>> $ cat /etc/default/nfs-common
>> STATDOPTS=
>>
>> # Do you want to start the gssd daemon? It is required for Kerberos
>> mounts.
>> NEED_GSSD="yes"
>> NEED_IDMAPD="yes"
>>
>> # I've tried commenting out NEED_IDMAPD as well.
>>
>> My nfs server is a Centos 7.
>>
>> Both machines were joined to active directory with sssd. NFSv4 with
>> krb security works on my centos server and client. The nfs server
>> mount works on the ubuntu client and file permissions are honored.
>> But, the ls -la command is showing the incorrect file permissions.
>>
>> uid and gid's appear to be in sync from sssd. Note in
>> /etc/sssd/sssd.conf ldap_id_mapping = False though I don't think that
>> should matter since ids are the same on both client and server from
>> the ldap attributes in AD.
>>
>> Centos 7 servers /var/log/messages with idmapd.conf verbosity:
>> Mar 8 16:38:32 sp19srv rpc.idmapd[1224]: Server : (group) id "65534"
>> -> name "nfsnobody at XX.XX.EDU"
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5
>> authtype=user
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling
>> nsswitch->uid_to_name
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name:
>> nsswitch->uid_to_name returned 0
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final
>> return value is 0
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "3872" ->
>> name "userX at xx.xx.edu@XX.XX.EDU"
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5
>> authtype=group
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: calling
>> nsswitch->gid_to_name
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name:
>> nsswitch->gid_to_name returned 0
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: final
>> return value is 0
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (group) id "110" ->
>> name "some group gid at xx.xx.edu@XX.XX.EDU"
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5
>> authtype=user
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling
>> nsswitch->uid_to_name
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name:
>> nsswitch->uid_to_name returned 0
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final
>> return value is 0
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "0" ->
>> name "root at XX.XX.EDU"
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5
>> authtype=group
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: calling
>> nsswitch->gid_to_name
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name:
>> nsswitch->gid_to_name returned 0
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: final
>> return value is 0
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (group) id "0" ->
>> name "root at XX.XX.EDU"
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5
>> authtype=user
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling
>> nsswitch->uid_to_name
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name:
>> nsswitch->uid_to_name returned 0
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final
>> return value is 0
>> Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "1630" ->
>> name "userX at xx.xx.edu@XX.XX.EDU"
>>
>> Please let me know if you need any additional information, thanks,
>>
>> ProblemType: Bug
>> DistroRelease: Ubuntu 18.04
>> Package: nfs-common 1:1.3.4-2.1ubuntu5
>> ProcVersionSignature: Ubuntu 4.15.0-46.49-generic 4.15.18
>> Uname: Linux 4.15.0-46-generic x86_64
>> ApportVersion: 2.20.9-0ubuntu7.5
>> Architecture: amd64
>> Date: Fri Mar 8 17:48:13 2019
>> ProcEnviron:
>> TERM=xterm-256color
>> PATH=(custom, no user)
>> LANG=C.UTF-8
>> SHELL=/bin/bash
>> SourcePackage: nfs-utils
>> UpgradeStatus: No upgrade log present (probably fresh install)
>> mtime.conffile..etc.default.nfs-common: 2019-03-07T21:45:28.468860
>>
>> To manage notifications about this bug go to:
>>
>> https://bugs.launchpad.net/ubuntu/+source/libnfsidmap/+bug/1819197/+subscriptions
>>
>
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1819197
Title:
nss_getpwnam: name 'userX at xx.xx.edu@XX.XX.EDU' domain 'XX.XX.EDU':
resulting localname '(null)'
Status in libnfsidmap package in Ubuntu:
New
Status in nfs-utils package in Ubuntu:
New
Status in libnfsidmap package in Debian:
New
Bug description:
uid and gid appear to not map properly from nfsidmap in a nfsv4 with
sec=krb5. UID and GID are mapping properly on CentOS server and
CentOS client. Ubuntu nfs client file permissions are honored, but
display in `ls -lan` command are incorrect.
$ cat /var/log/syslog |grep nfsidmap
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: key: 0x24a1c64d type: uid value: userY at xx.xx.edu@XX.XX.EDU timeout 600
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling nsswitch->name_to_uid
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name 'userX at xx.xx.edu@XX.XX.EDU' domain 'XX.XX.EDU': resulting localname '(null)'
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nss_getpwnam: name 'userX at xx.xx.edu@XX.XX.EDU' does not map into domain 'XX.XX.EDU'
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: nsswitch->name_to_uid returned -22
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: final return value is -22
Mar 8 16:38:34 ubuntuclient nfsidmap[24736]: nfs4_name_to_uid: calling nsswitch->name_to_uid
$
$ mount -v -t nfs4 -o sec=krb5 SP19SRV.XX.XX.EDU:/export /mnt
$ su userX
$ ls -la /mnt
total 4
drwxr-xr-x 5 nobody 4294967294 50 Feb 28 18:04 .
drwxr-xr-x 24 root root 4096 Mar 7 22:34 ..
drwxr-xr-x 2 nobody 4294967294 125 Mar 8 16:27 userX
$
Problem:
nfsmapid isn't showing proper file permissions on the ubuntu nfsv4 client with sec=krb
Client:
mount -v -t nfs4 -o sec=krb5 SP19SRV.XX.XX.EDU:/export /mnt
$ ls -la
total 4
drwxr-xr-x 5 nobody 4294967294 50 Feb 28 18:04 .
drwxr-xr-x 24 root root 4096 Mar 7 20:58 ..
drwxr-xr-x 2 nobody 4294967294 112 Mar 7 14:30 username
username at xx.xx.edu@ubuntuclient:/mnt
$ cat /etc/idmapd.conf
[General]
Verbosity = 9
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if it differs from FQDN minus hostname
Domain = XX.XXX.EDU
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
$ cat /etc/default/nfs-common
STATDOPTS=
# Do you want to start the gssd daemon? It is required for Kerberos mounts.
NEED_GSSD="yes"
NEED_IDMAPD="yes"
# I've tried commenting out NEED_IDMAPD as well.
My nfs server is a Centos 7.
Both machines were joined to active directory with sssd. NFSv4 with
krb security works on my centos server and client. The nfs server
mount works on the ubuntu client and file permissions are honored.
But, the ls -la command is showing the incorrect file permissions.
uid and gid's appear to be in sync from sssd. Note in
/etc/sssd/sssd.conf ldap_id_mapping = False though I don't think that
should matter since ids are the same on both client and server from
the ldap attributes in AD.
Centos 7 servers /var/log/messages with idmapd.conf verbosity:
Mar 8 16:38:32 sp19srv rpc.idmapd[1224]: Server : (group) id "65534" -> name "nfsnobody at XX.XX.EDU"
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=user
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling nsswitch->uid_to_name
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: nsswitch->uid_to_name returned 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final return value is 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "3872" -> name "userX at xx.xx.edu@XX.XX.EDU"
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=group
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: calling nsswitch->gid_to_name
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: nsswitch->gid_to_name returned 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: final return value is 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (group) id "110" -> name "some group gid at xx.xx.edu@XX.XX.EDU"
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=user
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling nsswitch->uid_to_name
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: nsswitch->uid_to_name returned 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final return value is 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "0" -> name "root at XX.XX.EDU"
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=group
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: calling nsswitch->gid_to_name
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: nsswitch->gid_to_name returned 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_gid_to_name: final return value is 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (group) id "0" -> name "root at XX.XX.EDU"
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfsdcb: authbuf=gss/krb5 authtype=user
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: calling nsswitch->uid_to_name
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: nsswitch->uid_to_name returned 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: nfs4_uid_to_name: final return value is 0
Mar 8 16:38:34 sp19srv rpc.idmapd[1224]: Server : (user) id "1630" -> name "userX at xx.xx.edu@XX.XX.EDU"
Please let me know if you need any additional information, thanks,
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: nfs-common 1:1.3.4-2.1ubuntu5
ProcVersionSignature: Ubuntu 4.15.0-46.49-generic 4.15.18
Uname: Linux 4.15.0-46-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Fri Mar 8 17:48:13 2019
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: nfs-utils
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.default.nfs-common: 2019-03-07T21:45:28.468860
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnfsidmap/+bug/1819197/+subscriptions
More information about the foundations-bugs
mailing list