0

this is a strange issue I've been struggling with some time now. I have a working ldap and authentication via pam on debian 8. I have successful tested pam_mkhomedir and I got a home directory for the logged in user with ownership username:groupname.

In the second phase of the project I created an nfs (nfsv4) mount on /home/nfs I want to put my home dirs there so I can share them across servers. The problem I face is when I use pam_mkhomdir to create the home dir it has ownership nobody:nogroup. If I create this manually logged in as an ldap user I get the correct ownership username:groupname so I am fairly sure nfs can deal with the ldap usernames.

idmap is configured to use nsswitch and

id ldapuser

returns the same info on both the nfs client and server. Also ldap login works on both of them

does anyone have an idea as to why pam_mkhomdir would default to nobody:nogroup while nfs works with ldap users?

kashian
  • 31
  • 1
  • 8
  • http://www.softpanorama.org/Net/Application_layer/NFS/Troubleshooting/nfsv4_mounts_files_as_nobody.shtml – astralfenix May 12 '16 at 12:44
  • Sadly this did not help I double checked the domains in idmap.conf cleared the nfsidmap cache but to no avail. – kashian May 12 '16 at 13:01

1 Answers1

0

pam_mkhomedir is running with root privileges and the NFS share is probably not exported with the no_root_squash option, so the root user gets mapped to NFS nobody.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • This indeed solved it. So the reason that the ldap user could do this and pam could not was basically because the ldap user was not root? – kashian May 12 '16 at 13:08
  • Yes, the `root_squash` exportfs option maps requests from uid/gid 0 to the anonymous uid/gid, but only for the uid 0, for all other users the regular file system permissions apply – HBruijn May 12 '16 at 13:39