NFS4 permission denied when userid does not match (even though idmap is working)

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by SystemParadox on Server Fault See other posts from Server Fault or by SystemParadox
Published on 2012-08-09T10:40:15Z Indexed on 2014/06/06 9:28 UTC
Read the original article Hit count: 658

Filed under:
|
|

I have NFS4 setup with idmapd working correctly. ls -l from the client shows the correct user names, even though the user ids differ between the machines.

However, when the user ids do not match, I get 'permission denied' errors trying access files, even though ls -l shows the correct username. When the user ids do happen to match by coincidence, everything works fine.

sudo sysctl -w sunrpc.nfsd_debug=1023 gives the following output in the server syslog for the failed file access:

nfsd_dispatch: vers 4 proc 1
nfsv4 compound op #1/3: 22 (OP_PUTFH)
nfsd: fh_verify(28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba)
nfsv4 compound op ffff88003d0f5078 opcnt 3 #1: 22: status 0
nfsv4 compound op #2/3: 3 (OP_ACCESS)
nfsd: fh_verify(28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba)
nfsd: fh_verify - just checking
nfsv4 compound op ffff88003d0f5078 opcnt 3 #2: 3: status 0
nfsv4 compound op #3/3: 9 (OP_GETATTR)
nfsd: fh_verify(28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba)
nfsd: fh_verify - just checking
nfsv4 compound op ffff88003d0f5078 opcnt 3 #3: 9: status 0
nfsv4 compound returned 0
nfsd_dispatch: vers 4 proc 1
nfsv4 compound op #1/7: 22 (OP_PUTFH)
nfsd: fh_verify(28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba)
nfsv4 compound op ffff88003d0f5078 opcnt 7 #1: 22: status 0
nfsv4 compound op #2/7: 32 (OP_SAVEFH)
nfsv4 compound op ffff88003d0f5078 opcnt 7 #2: 32: status 0
nfsv4 compound op #3/7: 18 (OP_OPEN)
NFSD: nfsd4_open filename dom_file op_stateowner (null)
renewing client (clientid 4f96587d/0000000e)
nfsd: nfsd_lookup(fh 28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba, dom_file)
nfsd: fh_verify(28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba)
nfsd: fh_verify - just checking
nfsd: fh_lock(28: 00070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba) locked = 0 
nfsd: fh_compose(exp 08:01/22806529 srv/dom_file, ino=22809724)
nfsd: fh_verify(36: 01070001 015c0001 00000000 9853d400 2a4892a5 4918a0ba)
nfsd: fh_verify - just checking
fh_verify: srv/dom_file permission failure, acc=804, error=13
nfsv4 compound op ffff88003d0f5078 opcnt 7 #3: 18: status 13
nfsv4 compound returned 13

Is that useful to anyone? Any hints on to debug this would be greatly appreciated.

Server kernel: 2.6.32-40-server (Ubuntu 10.04)
Client kernel: 3.2.0-27-generic (Ubuntu 12.04)

Same problem with my new server running 3.2.0-27-generic (Ubuntu 12.04).

Thanks.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about nfs

Related posts about nfs-server

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle