NFS Mapping a Disabled Account – How to Fix

nfs

Does Linux (non-AD joined) care if a mapped NFS users account is disabled in Active Directory?

For instance, I have an AD user account mapped in NFS to a Linux mount point. When I disabled that user account in AD, everything still works. Of course, when I delete that same user account in AD, access fails.

Does NFS access to the Linux mount point only relate to the UID mapping (irrespective of the accounts status in AD)?

Best Answer

How is Linux meant to access the account status in AD if it is not joined to the domain? Unless it is in the domain, or otherwise told to look to the domain for authentication, all it knows about is its own user database. So yes, NFS access to the mount point will depend only on the user credentials within Linux, unless you've established some way for that non-member Linux machine to query the AD DC for authentication. Which generally does mean the UID mapping, and the user credentials for that UID.

Related Solutions

NFS – User Mapping Configuration Guide

Check that domain in /etc/idmapd.conf is the same on the client and server. Check that rpc.idmapd is running on the client and the server. And, of course, user should exist on the client and server. NFSv4 uses user principals on the wire and it's responsibility the client and server to provide a propper mapping. As you use AUTH_SYS local uid/gid propogated to the server on create, but 'ls' rquires mapping to work.

Nginx – Permission denied with nginx and nfs

In RHEL 7, the same SELinux policies that apply to Apache also apply to nginx. So you can use the same booleans:

httpd_use_nfs                  (off  ,  off)  Allow httpd to use nfs

Set the correct boolean to allow the web server to use NFS.

setsebool -P httpd_use_nfs 1

Best Answer

Related Solutions

NFS – User Mapping Configuration Guide

Nginx – Permission denied with nginx and nfs

Related Topic