千万个美丽的未来,抵不上一个温暖的现在,每一个真实的现在,都是我们曾经幻想的未来!
Apr
20
Environment
SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Desktop 10
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Situation
An NFS client is successfully mounting an NFS v4 file system. However, upon executing "ls -al," all the file user and group ownership is showing as "nobody" or as "4294967294", instead of the values that are shown when viewed directly on the remote NFS server.
Resolution
For user names to be displayed correctly, the NFS v4 server must have knowledge of the same user and group accounts as the NFS client. If users and groups are centrally managed, this works automatically. With previous NFS protocol versions, it was sufficient to create identical user accounts on all clients accessing an NFS server. These accounts didn't need to exist on the server itself because the files were only served by user ID. However, with NFSv4, identity tracking has been redesigned and now uses a identity mapping daemon (idmapd). It's crucial that server and client have access to identical account information, or idmapd cannot properly do it's job and may display ownership as "nobody" or equivalent high values.
Both the NFS server and the NFS client must run idmapd and have good idmapd.conf files. Even when the same accounts are known to both the servers and clients, idmapd configuration problems can prevent proper ownership from being displayed.
Check the /etc/idmapd.conf file. The [General] section should have a Domain setting. This typically matches the DNS domain name, but does not necessarily have to. NFS servers and NFS clients which interact with each other should have their idmap domains set identically. It can also be helpful for there to be a [Translation] section which specifies the method of translating between names and IDs. Typically, it is best to point to nsswitch methodology.
So, for example, a typical idmapd.conf file might look like the following:
[General]
Verbosity=7
Pipefs-Directory=/var/lib/nfs/rpc_pipefs
Domain=test.novell2.com
[Mapping]
Nobody-User=nobody
Nobody-Group=nobody
[Translation]
Method=nsswitch
If changes are made to this file on any system, or if a system is already configured this way and still does not function correctly, try restarting idmapd. On some versions of SLES (typically SLE 10) this can be done with:
rcidmapd restart
On other versions (typically SLE 11), idmapd isn't setup to stop and start independently of NFS services, so the necessary commands would be:
If the system is an nfs client:
rcnfs restart
If the system is an NFS server:
rcnfsserver restart
If the system is both an NFS server and an NFS client:
rcnfs stop
rcnfsserver stop
(repeat the above commands if messages indicate something could not be stopped or is busy)
rcnfsserver start
rcnfs start
Disclaimer
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Desktop 10
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
Situation
An NFS client is successfully mounting an NFS v4 file system. However, upon executing "ls -al," all the file user and group ownership is showing as "nobody" or as "4294967294", instead of the values that are shown when viewed directly on the remote NFS server.
Resolution
For user names to be displayed correctly, the NFS v4 server must have knowledge of the same user and group accounts as the NFS client. If users and groups are centrally managed, this works automatically. With previous NFS protocol versions, it was sufficient to create identical user accounts on all clients accessing an NFS server. These accounts didn't need to exist on the server itself because the files were only served by user ID. However, with NFSv4, identity tracking has been redesigned and now uses a identity mapping daemon (idmapd). It's crucial that server and client have access to identical account information, or idmapd cannot properly do it's job and may display ownership as "nobody" or equivalent high values.
Both the NFS server and the NFS client must run idmapd and have good idmapd.conf files. Even when the same accounts are known to both the servers and clients, idmapd configuration problems can prevent proper ownership from being displayed.
Check the /etc/idmapd.conf file. The [General] section should have a Domain setting. This typically matches the DNS domain name, but does not necessarily have to. NFS servers and NFS clients which interact with each other should have their idmap domains set identically. It can also be helpful for there to be a [Translation] section which specifies the method of translating between names and IDs. Typically, it is best to point to nsswitch methodology.
So, for example, a typical idmapd.conf file might look like the following:
[General]
Verbosity=7
Pipefs-Directory=/var/lib/nfs/rpc_pipefs
Domain=test.novell2.com
[Mapping]
Nobody-User=nobody
Nobody-Group=nobody
[Translation]
Method=nsswitch
If changes are made to this file on any system, or if a system is already configured this way and still does not function correctly, try restarting idmapd. On some versions of SLES (typically SLE 10) this can be done with:
rcidmapd restart
On other versions (typically SLE 11), idmapd isn't setup to stop and start independently of NFS services, so the necessary commands would be:
If the system is an nfs client:
rcnfs restart
If the system is an NFS server:
rcnfsserver restart
If the system is both an NFS server and an NFS client:
rcnfs stop
rcnfsserver stop
(repeat the above commands if messages indicate something could not be stopped or is busy)
rcnfsserver start
rcnfs start
Disclaimer
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
Jul
13
今天碰到一个问题,NFS4.1的客户端在挂在服务器后,挂载目录下的文件及目录的uid和gid都变为4294967294,这应该是相当于-1的数。搜索了一下找到了几种解决的办法。
解决方法:安装pnfs-nfs-utils,据说有很多依赖的包要装,没有尝试,有兴趣的可以去试试是否可行。
网上有其他的解决办法:如
You need to change the /etc/default/nfs-common file (on both your server and client):
setNEED_IDMAPD to yes.
sometimes set client is ok.
不过在Cent OS 6.2的系统下没有找到这个文件,就不继续深究了。
有一种最简单的解决办法就是在NFS的客户端启动rpcidmapd服务,然后你再看挂载的目录用户和组都是对的了,前提是你挂载的那个磁盘目录所属的用户和组,客户端也有。
解决方法:安装pnfs-nfs-utils,据说有很多依赖的包要装,没有尝试,有兴趣的可以去试试是否可行。
网上有其他的解决办法:如
You need to change the /etc/default/nfs-common file (on both your server and client):
setNEED_IDMAPD to yes.
sometimes set client is ok.
不过在Cent OS 6.2的系统下没有找到这个文件,就不继续深究了。
有一种最简单的解决办法就是在NFS的客户端启动rpcidmapd服务,然后你再看挂载的目录用户和组都是对的了,前提是你挂载的那个磁盘目录所属的用户和组,客户端也有。