Server :
CentOS 7.3.1611, with NFS4 enabled.
In /etc/idmapd.conf Domain = my.domain.com
Local user is created as 'user' and a directory is exported over NFS: /home/user/Documents
Client :
Fedora 25, which has been joined to an AD Realm: my.domain.com
Login for AD users works fine. sssd.conf has been changed so the username is just 'user' rather than 'user@my.domain.com'.
So the home dir /home/user is automatically created.
I have changed /etc/idmapd.conf to have the same domain as the NFS server (my.domain.com).
Now:
On the Client machine, I want to mount /home/user/Documents over NFS4 from the CentOS NFS Server.
The mount is successful, but the UID mapping is wrong. So on the client the directory /home/user/Documents is mounted from the NFS Server, but the uid = 1002, which is the UID of 'user' on the NFS Server, but this is not the correct user 'user' on the Client (which is UID 709001103).
$ mount -t nfs4 -vvv server:/user/Documents /home/user/Documents
mount.nfs4: timeout set for Wed Mar 8 15:54:45 2017
mount.nfs4: trying text-based options 'vers=4.2,addr=192.168.95.17,clientaddr=192.168.95.28'
$ ls -l /home/user/
drwxr-xr-x. 2 user domain users 4096 Mar 8 14:26 Desktop
drwxrwxr-x. 2 1002 1002 18 Mar 8 14:36 Documents
drwxr-xr-x. 2 user domain users 4096 Mar 8 14:26 Downloads
(I don't understand the fact that ls -l shows the username as 'user domain' and not just 'user').
Any ideas on what needs to be done to ensure the user mapping between client and server are correct? Thanks in advance for any assistance.
Best Answer
By default, if mount is not using auth_gss, client and server use numeric UIDs on the wire. To enforce string principals you need to
and
on the client and server, NOTICE, on the server it's /sys/module/nfsd. to make it permanent, add this to /etc/modprobe.d/nfs.conf:
and