I fixed the nfs stuff on openSUSE. It wasn't a bug. It wasn't opensuse. Surprize surprize. Unbelievable though this may sound, it was me. Sometimes I feel that I'm the only person ever to have done something. This was one of those days. Like, why couldn't we access our stuff exported with NFS4 mounts with Kerberos. Sigh. OK. Let's hear it. Then yell at me.
When anyone has a problem of any sort, the first place they'll look for help of course, is in their trusty old copy of /etc/idmapd.conf. So let's have a look at that file, /etc/idmapd.conf
[General]
Verbosity=0
Pipefs-Directory=/var/lib/nfs/rpc_pipefs
Domain=I.don't.know.what.the.hell.2.put.here
[Mapping]
Nobody-User=nobody
Nobody-Group=nobody
Trainspotters would then go on something like this.
In Greek and Roman Mythology, Pipefs was the name given to the tunnel beneath Hades which connected the lands of Clientium in the east and Severium in the west.
Back from the underworld, take a long hard look at this line:
In Greek and Roman Mythology, Pipefs was the name given to the tunnel beneath Hades which connected the lands of Clientium in the east and Severium in the west.
Back from the underworld, take a long hard look at this line:
Domain=I.don't.know.what.the.hell.2.put.here
Now, my fully qualified domain name is hh3.hh3.site, my hostname is hh3 and when I provisioned my Samba 4 domain, I gave the domain as --domain=CACTUS. Because I like cacti. Not to leave anyone out in the cold, my Kerberos realm is HH3.SITE. So, as with everything in Linux, I have a choice:
Domain=hh3.hh3.site
Domain=hh3.site
Domain=hh3
Domain=CACTUS
or
Domain=HH3.SITE
So it's make yer mind up or give up time. Google threw up a helpful 177 000 references to idmapd.conf, with "idmapd.conf opensuse", yes in quotes, returning zero. Not even the combined forces of the opensuse, samba nor nfs-kernel mailing lists could handle this one. Oh yes, I'd tried asking there. Did you know that there even was a mailing list for NFS? Truth is, I'd no idea how to ask a question like this. My English is not what it was. Do they even see light of day on the nfs list? Some sort of decision based upon simple logic was needed here. One option I considered was:
Domain=google.com
I tried it. But it didn't work.
I tried it. But it didn't work.
OK. Let's get it over and done with eh. Finally, and no taking the piss please, here is my /etc/idmapd.conf:
[General]
Verbosity=0
Pipefs-Directory=/var/lib/nfs/rpc_pipefs
Domain=hh3.site
[Mapping]
Nobody-User=nobody
Nobody-Group=nobody
A swift
rcnfsserver restart
followed by a
mount -t nfs4 hh3:/home /mnt -o sec=krb5
like you do, later, and here is me living to tell the tale. . .
 |
| root, the KDC, rpc.idmapd and me with XFCE looking over our shoulder |
Phew. What a day.