[Freeipa-users] nfsidmap oddity
Sumit Bose
sbose at redhat.com
Fri Aug 26 12:55:30 UTC 2016
On Fri, Aug 26, 2016 at 08:39:05AM -0400, William Muriithi wrote:
> Morning
>
> I have been struggling with nfsidmap issue for a couple of days and
> wouldn't mind a fresh eyes.
>
> Essentially, I have a FreeIPA that has a trust relationship with AD.
> The AD is on domain example-corp.example.com while FreeIPA manages
> eng.example.com. The problem is, when I login using AD account, the
> nfsidmap seem to think I am on the FreeIPA account. I have changed
> the idnapd.conf to use AD domain but that doesn't help.
>
> vi /etc/idmapd.conf
>
> Domain = example-corp.example.com
Which translation method do you use? SSSD provides an own method which
should be more flexible than the default ones, see iman sss_rpcidmapd
for details.
HTH
bye,
Sumit
>
>
>
> [william at cacti ~]$ ssh 'william at example-corp'@platinum.eng.example.com
>
> william at example-corp@platinum.eng.example.com's password:
>
> Last login: Tue Aug 23 11:45:33 2016 from 192.168.20.28
>
> [william at example-corp.example.com@platinum ~]$ env | grep USER
>
> USER=william at example-corp.example.com
>
> [william at example-corp.example.com@platinum ~]$ su
>
> Password:
>
> [root at platinum william]# tail /var/log/messages
>
> Aug 26 08:18:13 platinum nfsidmap[17780]: nss_getpwnam: name
> 'root at eng.example.com' does not map into domain
> 'example-corp.example.com'
>
> Aug 26 08:18:13 platinum nfsidmap[17784]: nss_getpwnam: name
> 'william at eng.example.com' does not map into domain
> 'example-corp.example.com'
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list