The idmap service does not become effective on nfs client side

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 7

Issue

  • The idmap service does not become effective on nfs client side. "systemctl status nfs-idmap.service" shows that nfs-idmap is dead after a system reboot on RHEL7.
# systemctl status nfs-idmap.service
nfs-idmap.service - NFSv4 ID-name mapping daemon
   Loaded: loaded (/usr/lib/systemd/system/nfs-idmap.service; enabled)
   Active: inactive (dead)

Resolution

nfs-idmap.service should no longer be necessary in RHEL7's client side. And the keyring-based id mapping (using /usr/sbin/nfsidmap, as defined in /etc/request-key.d/id_resolver.conf) is a replacement the rpc.idmapd daemon.

Diagnostic Steps

id mapping using the new id mapper is working correctly:

# systemctl status nfs-idmap.service
nfs-idmap.service - NFSv4 ID-name mapping daemon
      Loaded: loaded (/usr/lib/systemd/system/nfs-idmap.service; disabled)
      Active: inactive (dead)  <--- inactive state
      CGroup: name=systemd:/system/nfs-idmap.service

# dmesg | grep id_resolver
[  256.801734] NFS: Registering the id_resolver key type
[  256.801744] Key type id_resolver registered

# grep id_resolv /proc/keys
012c9507 I--Q---     1 perm 3f010000     0     0 id_resolv gid:test100@example.com: 5
09052ecb I--Q---     1 perm 3f010000     0     0 id_resolv uid:root@example.com: 2
0b43cda6 I------     1 perm 1f030000     0     0 keyring   .id_resolver: 8/8
0c83a954 I--Q---     1 perm 3f010000     0     0 id_resolv uid:nobody@example.com: 3
0e02c34f I--Q---     1 perm 3f010000     0     0 id_resolv gid:root@example.com: 2
0fec8458 I--Q---     1 perm 3f010000     0     0 id_resolv gid:nobody: 3
253e2542 I--Q---     1 perm 3f010000     0     0 id_resolv gid:nobody@example.com: 3
2db17faf I--Q---     1 perm 3f010000     0     0 id_resolv uid:test100@example.com: 5
32b86e46 I--Q---     1 perm 3f010000     0     0 id_resolv uid:nobody: 3

* Please note that you should set Domain in /etc/idmapd.conf both nfs server and client.

# ls -l /mnt
total 0
-rw-rw-r--. 1 nobody  nobody  0 Mar 15 15:35 file
-rw-r--r--. 1 root    root    0 Mar 15 15:35 foo
-rw-r--r--. 1 root    root    0 Mar 15 15:38 foo2
-rw-r--r--. 1 test100 test100 0 Mar 15 15:12 test

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments