RILINDO FOSTER wrote:
I did that. It didn't help. :(
On Jun 2, 2011, at 6:07 PM, Tom H wrote:
On Thu, Jun 2, 2011 at 2:01 PM, RILINDO FOSTER rilindo@me.com wrote:
On Jun 2, 2011, at 11:56 AM, Tom H wrote:
I was asking about "Domain" in "idmapd.conf" because there might be a difference between CentOS 5 and SL 6.
It is actually commented out in SL6.
There you go. Comment it out on CentOS and restart idmapd - and cross your fingers.
As far as I know, that needs to be there. And hostname must be recognizable via DNS by NFS server. If NFS server can not verify your fqdn (hostname + domain from /etc/idmapd.conf) server will deny your requests. NFS via ssh is one of the options.
Here are my notes on NFS4 for CentOS:
NFS4 on CentOS 5.x:
SERVER SIDE:
• Create /nfs4exports with subfolders: extra and home. • In /etc/fstab put : /extra /nfs4exports/extra bind bind 0 0 /home /nfs4exports/home bind bind 0 0
• A u /etc/exports staviti: /nfs4exports A.B.C.D/255.255.255.W(rw,fsid=0,sync,no_root_squash,no_subtree_check) /nfs4exports/extra A.B.C.D/255.255.255.W(rw,no_subtree_check,nohide,sync,no_root_squash) /nfs4exports/home A.B.C.D/255.255.255.W(rw,no_subtree_check,nohide,sync,no_root_squash)
• In /etc/sysconfig/nfs put: LOCKD_TCPPORT=32803 # UDP port rpc.lockd should listen on. LOCKD_UDPPORT=32769 RPCNFSDARGS="-N 2 -N 3" MOUNTD_PORT=892 STATD_PORT=662 # Outgoing port statd should used. The default is port # is random STATD_OUTGOING_PORT=2020 # Specify callout program
Never remove root squashing, it lowers root to nfsnobody level. There is also an all_squash option.
/etc/idmapd.conf: [General]
Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = <domaninname, mydomain.com>
[Mapping]
Nobody-User = drlove73 Nobody-Group = drlove73
[Translation] Method = nsswitch
idmapd.conf must be the same on the client
CLIENT SIDE - autofs:
/etc/auto.<servername>: /autofsmounts/<servername> /etc/auto.<servername> --timeout=10
/etc/auto.<servername>: extra -fstype=nfs4,rw,proto=tcp <server IP or fqdn>:/extra home -fstype=nfs4,rw,proto=tcp <server IP or fqdn>:/home
/etc/idmapd.conf: [General]
Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = <domaninname, mydomain.com>
[Mapping]
Nobody-User = drlove73 Nobody-Group = drlove73
[Translation] Method = nsswitch
Create /autofsmounts/vmaster
test : showmount -e <ipaddress or fqdn>
Create /vmaster and, once they show, create inside symlinks from : /autofsmounts/vmaster/extra /autofsmounts/vmaster/home
Ljubomir