Utter Newb trying to set up NFSv4 with id mapping...

T

Tronmech

Dabbler
Joined
Aug 5, 2018
Messages
15
I'm a little (OK a LOT) lost... I'm trying to integrate a TrueNAS core server into a test Linux environment where everything uses sssd to Active directory. When I try to change the group, or set the nfsv4 acl on a file I own, I get NFS4ERR_BADOWNER or general permission denied messages.

What I've done so far:
  1. Downloaded TrueNAS core.
  2. Installed it on a Virtualbox VM with 2 virtual disks.
  3. Did the first configuration and set it up to have a pool named "MainPool"
  4. Shared that out via NFS, and set the NFS server to use v4, and allowed it to use > 16 groups.
  5. Verified that the NFS export is accessible and mounts as NFSv4.
  6. Set a static IP address, a DNS server (my AD DC), and a static route. (Seriously, why was the latter not set by DHCP, and why does DHCP override static DNS?)
  7. Using the web UI, I attached to the AD domain (SWTEST.LOCAL is the DNS name)
  8. Went into id mapping configuration and set it to use sssd's uid/gid algorithm.
  9. Cleared the caches as directed.
  10. using the console shell, I ran getent passwd and got my AD users. I then verified the UID/GID of a known account.
  11. Created writable storage in my pool
    1. created a "data" directory
    2. chowned the data directory to "SWTEST\\Administrator"
    3. chgrp'd it to "SWTEST\\Domain Users"
  12. Automounted the export as Linux user logged into the domain.
  13. did an ls -la of MainPool. The "data" directory is nobody/nobody.
  14. Went back into services, and reconfigured nfsv4 to use nfs3 id's.
  15. Restart/remount/etc.
  16. Now I can see the files with the right user info, and create a file. But I cannot chgrp the file to another group that I am a member of.
I have a feeling that I need to revert back to NFSv4 ID mapping and set the nfs4 domain, but I can't find how to. I'm also trying to set up a file with a complex ACL on the NAS console, and can't seem to get the hang of how to specify the NFSv4 ACL's using BSD's setfacl command.
 
T

Tronmech

Dabbler
Joined
Aug 5, 2018
Messages
15
This is "interesting," and not in a good way... I used a network trace to get the what is being sent back to my Linux client fromthe TrueNAS core host..
The ls -l on Unix is printing:
-rw-rw-r--. 1 brian.cowan domain users 0 Apr 11 16:10 foo

The network trace shows the names coming in as "SWTEST\brian.cowan@swtest.local" and "SWTEST\Domain Users@swtest.local" and my attempt to chgrp the file to another group that the trueNAS host KNOWS I am a member of shoots me the error NFS4_BADOWNER.

Is there some way to strip the AD domain name here and would it help? For the record, this is an AUTH_SYS NFS mount, and the UID sent is the exact UID of the file owner.
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Utter Newb trying to set up NFSv4 with id mapping..."

Similar threads

D
NFS ACLs & User Mapping (please help)
Replies
1
Views
2K
Ashkaan
A
J
NFSv4 ACL and groups member of groups
Replies
4
Views
1K
JumpingMarc
J
N
  • Locked
NFSv4 on FreeNAS 9.3-STABLE: no ID mapping on Ubuntu 14.04 client
Replies
10
Views
4K
neubert
N
S
  • Locked
how to set NFSv4 permissions?
Replies
8
Views
10K
cyberjock
C
BPplays
nfsv4 group ACLs not working
Replies
0
Views
269
BPplays
BPplays
Top