Date: Wed, 27 Mar 2024 18:17:30 +0100 From: Andreas Kempe <kempe@lysator.liu.se> To: Rick Macklem <rick.macklem@gmail.com> Cc: freebsd-fs@freebsd.org Subject: Re: Kerberised NFSv4 - everyone gets mapped to nobody on file access Message-ID: <ZgRUqkl1zVxMPt6K@shipon.lysator.liu.se> In-Reply-To: <CAM5tNy7YM6bRKTX3pLR8hC-a-cmxXA=wv4j0E8cBWGthbxzLdQ@mail.gmail.com> References: <ZgNiZsYl6D-GnRwI@shipon.lysator.liu.se> <CAM5tNy53suTizsOmsKvN9Zrd6LciAFrS3PEctUJjK%2BHH9QcMrw@mail.gmail.com> <CAM5tNy7YM6bRKTX3pLR8hC-a-cmxXA=wv4j0E8cBWGthbxzLdQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 26, 2024 at 05:54:38PM -0700, Rick Macklem wrote: > On Tue, Mar 26, 2024 at 5:33 PM Rick Macklem <rick.macklem@gmail.com> wrote: > > > > Take a look at a packet capture in wireshark. > > Check that the @domain part of Owner and Owner_group attributes are > > the same and it is not a string of digits. > Oh, and just fyi, you can use tcpdump to capture the packets, something like: > # tcpdump -s 0 -w out.pcap host <nfs-server> > and then you can look at out.pcap whereever it is convenient to > install wireshark. > (I run it on this windows laptop.) > Don't bother to try and look at NFS with tcpdump. It doesn't know how > to decode it. > > > If the domain is not the same, you can use the -domain command line option > > on nfsuserd to set it. > > (Since this "domain" is underdefined, I'd suggest only ascii characters and > > all alphabetics in lower case.) > > If the client sends a string of digits, check to make sure the sysctl > > vfs.nfs.enable_uidtostring is set to 0. > > I'm using lysator.liu.se as the domain on both client and server. It seems to work since listing files give correct owners. I have dumped the traffic from mounting and creating a file named test file that shows up as owned by nobody. I get the following call made NFS 438 V4 Call (Reply In 131) Open OPEN DH: 0x30a4c0aa/testfil In the OPEN (18) opcode, owner is set to 0000 af 16 00 00 93 fc 00 00 07 76 0d 00 while the server sets owner to ex. kempe@lysator.liu.se as expected when directory listings are made. vfs.nfs.enable_uidtostring is 0 on the client machine and I am not quite able to make sense of what the 12 bytes in the owner field are supposed to be. They are not the ASCII representation and nither my user's GID and UID that are both 0x7b02. // Andreas Kempe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZgRUqkl1zVxMPt6K>