Ubuntu Servers :: Nfs4 - Idmapper / Some Uids Are Not Mapped To Names?
Oct 5, 2010
i set up a ubuntu server (10.04) with LDAP, Kerberos and NFS4. Did a set up for a client (ubuntu desktop 10.04 32 / 64) to connect to ldap, kerberos and nfs4-mount. All is working fine except of the idmapping. Some uids are not mapped to names. the entrys, which cannot be mapped, change. so 10 minutes before the uid was mapped to the correct name, after that time (i'm not sure if it's exactly 10 minutes) the name is mapped to nobody. sometimes the gid cannot be mapped too.I mount the nfs-share via nfs4 with sec=krb5 (krb5i or krb5p result in the same problem) and after successfully mounting the device, i type ls -la. i never have problems with getent passwd or with logging in as ldap-user. i get all the entries of the ldap-db and i also get kerberos tickets. All is working fine with nfs3, but i would like to use nfs4 for security-reasons.
if i run the rpc.idmapd with many "-v" i get the following messages in the daemon.log-file:
the first part is the response to a correct name-to-uid-mapping the second part is a failed one. both user exist, both users have the same ldap-entries (except of the different descriptions, uid and so on). the responses have the same timestamp, so the reply is in (nearly) the same second.
restarting the idmap-daemon every 5 minutes or other workarounds are not practicable in normal operating environment.
i'm trying to setup a nfs4 server and client. i followed the instructions in
[URL]
The SERVER is on 192.168.89.1 running Xubuntu 10.04, and the CLIENT is on 192.168.89.128 running Ubuntu 10.10. Firewall is disabled on both the server and the client for testing purposes. /etc/default/nfs-kernel-server on the SERVER:
Code:
# Number of servers to start up RPCNFSDCOUNT=8 # Runtime priority of server (see nice(1))
[code]....
because we want UID/GUID to be mapped from names. This way, server and client do not need the users to share same UID/GUID. In that case,
1. Should i set those 2 fields to "no" and "yes" respectively instead?
2. Or else, how do i make sure that the uid on the server is mapped to something useful on the client instead of nobody and nogroup?
Before I go prodding about on this server does anyone have any experience of sharing a single folder over NFS3 (for compatibility) and NFS4 (for newer clients)??
I can not use nfs from F10 client to F12 server. nfs mount on F10 to F12 times out anf nfs4 mount gives "mount.nfs4: mounting localhost:/home failed, reason given by server: No such file or directory" I have tried to close firewall and set selinux to permissive mode on both client and server with same result. Samba works fine. On server [root@flokipal ~]# mount -t nfs4 localhost:/home /media/tonlist mount.nfs4: mounting localhost:/home failed, reason given by server: No such file or directory
but
[root@flokipal ~]# mount -t nfs localhost:/home /media/tonlist [root@flokipal ~]#
I am connecting servers using NFS4 the shared directories are on servers running Debian 4 while the one who read from them is Debian 5.0.3. The problem is one of these shared servers suddenly stop responding and you cannot list it from Debian 5 server, also df hang, and the web application that is using it does not respond to requests that use this shared directory since it is blocked. Then the load on the server start to increase until the server cannot respond (over 90). I have found many entries in the syslog that refer to this like:
ma25555 kernel: [1200285.732919] nfs: server 10.xxx.xxx.xxx not responding, still trying Dec 31 08:16:33 ma25555 kernel: [1200289.815378] INFO: task java:9702 blocked for more than 120 seconds. Dec 31 08:16:33 ma25555 kernel: [1200289.835249] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. code....
I have tried the connection between the 2 servers using ping for one day and all are OK (zero lost)
There are 3 other servers that are running Debian 4 and are working fine.
I am trying to mount cifs through fstab but it is not working. I have an Ubuntu samba server and a Kubuntu client. The share from the server is one dir with subdirs having different permissions and owners/groups. When I do AS ROOT:
Code: smbmount //192.168.0.254/share /media/maps/share -o username=toshko%pass the output of the "mount" command is as follows: Code: //192.168.0.254/share on /media/maps/share type cifs (rw,mand) The result is messed up owners with different uids and groups:
I have been learning Linux for the past few months and just recently started with Bash programming. Using scripts it is possible to find users with duplicate UIDs but is there any way or script why which duplicate UIDs can be prevented altogether.
For clairification, I can ping. I have tried several IP addresses and 100% success rate. When I noticed the problem I was trying to run sudo apt-get update && apt-get upgrade After some time I noticed these error messages to start with
[Code]
I tried to ping the adddress security.ubuntu.com from my Windows machine to verify that I could connect and was surprised when I could. I then pinged the address 91.189.92.167 which is what my windows machine resolved the name as and it went though.
My thoughts on this are that when my Ubuntu Router came up, for some reason it did not incorporate the ISP's DHCP servers into the ip address it obtained. Sadly I know to view ALL IP infomation in windows via ipconfig /all command but I do not know what this is in the *nix world. need commands that I can use to check and troubleshoot this apparently DHCP issue so I Can start to update my server and expand on its services?
I have been logging into a server remotely and trying to set up a mailing list on it. The server is the newest version of ubuntu server: uname -a: Linux Themis 2.6.28-11-server #42-Ubuntu SMP Fri Apr 17 02:48:10 UTC 2009 i686 GNU/Linux.I noticed I could not download packages with apt-get or ping domain names, and I can't even ping 127.0.0.1.And do you think there is something wrong with the network card?
I am currently using a script to backup my Ubuntu 10.04.1 system. The mySQL databases are backed up separately from the the system / data.
My problem is with the mySQL incremental / binary log backups.
The problem is that the binary log file(s) are always named xxxx-bin.1.
Up to about a month ago the binary logs were named xxxx-bin.000001, xxxx-bin.000002, etc.
I did make some changes at about the time that this change in file naming ocurred, but I can not identify what, if any, setting I may have changed that has caused all of the binary log files to always have the same name.
My back up script uses both mysqldump and mysqladmin flush-logs to create the binary logs.
All of the setting for mysqldump and mysqladmin are contained in the my.cnf file.
The my.cnf file contents that are relavent are as follows:
Code:
The statements in the backup script that do the backup are:
mysqladmin flush-logs
or
mysqldump | gzip > $DB_BACKUP_DIR/$ARCHIVE_FILE #Note: delete-master-logs in my.cnf
I am sure this information is out there somewhere, but Googling apache access.log and hostname does not give you any good leads... so I hope someone here might be able to provide me with a quick answer...I am setting up a cluster of web servers, so I would like to name the access.log and error.log with the hostname of the individual servers to be able to distinguish one from another.
After pissing around with Kubuntu all evening, I wish I had hair to pull out in screaming frustration. After trying everything from Xbindkeys to animal sacrifices and voodoo spells to get my multimedia keys working, I now find that both the Windows key and the End key are mapped as F14. Problem is that it's the End key opening the K Menu, not the Windows key.
How can two keys get mapped as the same thing?! And how do I get the End key back to just the End key? I'm close to calling it quits on Linux and putting Windows back on my laptop.
How does a filename is mapped to its inode ??? If I want to make our own system call and use a filename as argument how can I get its inode ,if I want to use some of member of inode structure in code. Basically I want to get the fd of the file.
I was playing around with my keyboard shortcuts and accidentally mapped a command to the Ctrl+C shortcut. Now I can't stop programs running in the terminal with Ctrl+C and I have no idea of how to restore this functionality.
I have installed Kubuntu 10.10 on a macbook3.1 and everything (almost) is working fine. My sole problem is that the left control key, despite being mapped to:
Using Samba I have looked into the file that stores all my web sites, there were a few strange files that get larger and larger all the time. File names are _Za01716 and _Za01820, they are nearly 50mb in size now. I know these are not Log files so what are they and can I delete them?
I have installed a new device in linux.If I enter lspci, i can see the information of this device.But, I donot which file in dev is mapped to this device.
I'm facing a problem in mapping SAN disks connected through LSI HBAs on my servers, I even unable to list them via hbacmd it shows (HBAAPI[14809]: Encounterd and error loading: /usr/lib/libqlsdm.so) the mapper is showing errors also, below are some details from various logs:
rm.log HBANYWARE VERSION: 5.0.44.1 (03-21-2011 16:22:09) InitDiagEnv found 0 adapters (03-21-2011 16:22:09) In LoadRMLibraries (03-21-2011 16:22:10) HBAAPI found 0 local adapters (03-21-2011 16:22:10) Local Adapter Count = 0, CNA count = 0 (03-21-2011 16:22:10) Error calling getOperatingMode fdisk -l - does not show San disks
How can I get my HBAs working, below are the details of my server: Dell R710 OS: Citrix XenServer Host 5.6.0-31188p kernel: 2.6.27.42-0.1.1.xs5.6.0.44.111158xen #1 SMP Mon May 3 21:26:51 EDT 2010 i686 i686 i386 GNU/Linux HBAs: LSI Logic / Symbios Logic SAS2008 PCI-Express Fusion-MPT SAS-2 [Falcon] (rev 03)
I wanted to use NFS4 with id mapping. I followed the write up at [URL] and basically have everything working.
The problem is that I cannot write a file unless I have group write permissions. On the server the user has uid = 1000, gid = 1000. On the client the user has uid =1699, gid = 1000. Both have the same user name.
On the client the directory listing properly shows the user name and the group name. If the file on the server is 644, the client cannot write to the file. If it is 664 on the server, then the client can write to the file.
/etc/export on server contains:
Code: /export 172.24.84.0/24(rw,fsid=0,insecure,no_subtree_check,async) /export/myuser 172.24.84.0/24(rw,nohide,insecure,no_subtree_check,async) /etc/fstab on client contains:
[root@serv03 /]# ls -l /media/exPort/mMusic total 16 drwxrwxr-x 11 databank lhome 4096 Jun 23 21:25 iTunes drwxrwxr-x 3 databank lhome 4096 Aug 19 2010 Network Trash Folder drwxrwxr-x 3 databank lhome 4096 Aug 13 2010 Streaming Radio
[code]....
But it doesn't work - neither it throws any errors in, nor does it mount the share. All I need is to mount "/mMusic" (i.e. /media/exPort/mMusic) as "serv03:/media/nMedia/mMusic" so that tree looks like this:
So I have a few Ubuntu (Hardy till I can find a replacement for Xen) boxes that I am trying move from nfs3 to nfs4.I set it up according to this guide: URL...However I ran into trouble when the client see's all users/groups as nobody/nogroup.The current set up is that all the boxes have synced uids/gids and all users with root access can be trusted. I read some reports that said the only way this could be fixed was by using Kerberos. However I would really prefer not having to move to Kerberos as I have heard that it is very intensive to set up. So what I am looking for here is a solution other than sticking with nfs3 or putting everything on Kerberos. However if you think that Kerberos is easier to set up than I am giving it credit for then that could be useful to hear as well.
i have registered two domain names that i want to use to connect to my ubuntu server. I was wondering how to do this i was looking at bind9 but that didn't work that great. The server is behind a router with firewall i can connect to it using the external IP address but i like to use the two domain names if that is possible.
I'm using Linux in a large multi-user network. Let A be some group which I'm am member of, but which is not my primary group. According to chmod(2) I should be able to chgrp a file to group A. Trying to do so succeeds on a local as well as on a NFSv3 mount, but not on a NFSv4/Kerberos mount (EPERM). Are there any special considerations regarding chgrp when using NFSv4 mounts?
