I have a Synology DiskStation (DSM 6.0.2) that exports shared directories via NFSv4. I specified a NFSv4 domain ITET-PHO
.
On another Linux machine (Debian Wheezy), I want to mount this export using idmapping. There I have the following configuration of /etc/idmapd.conf
:
[General]
Verbosity = 2
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if id differs from FQDN minus hostname
Domain = ITET-PHO
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
[Translation]
Method = static
[Static]
erikhe@ITET-PHO = erik
So I attempt to statically map the user erikhe
on the Synology, which is in the domain ITET-PHO
to the local user erik
. All other users should be mapped to nobody
. However, when I mount the shared directory, I just see the UID numbers from the Synology:
drwxr-xr-x 4 1566874442 1566573057 4096 Okt 5 10:21 erikhe-301898
Also all the other UIDs are shown instead of nobody
. In the log-file I see that idmap is doing something. This is when doing service nfs-common restart
:
Oct 5 15:11:07 sisyphous systemd[1]: Stopping LSB: NFS support files common to client and server...
Oct 5 15:11:07 sisyphous nfs-common[6520]: Stopping NFS common utilities: idmapd statd.
Oct 5 15:11:07 sisyphous systemd[1]: Stopped LSB: NFS support files common to client and server.
Oct 5 15:11:07 sisyphous systemd[1]: Starting LSB: NFS support files common to client and server...
Oct 5 15:11:07 sisyphous rpc.statd[6539]: Version 1.2.8 starting
Oct 5 15:11:07 sisyphous sm-notify[6540]: Version 1.2.8 starting
Oct 5 15:11:07 sisyphous sm-notify[6540]: Already notifying clients; Exiting!
Oct 5 15:11:07 sisyphous rpc.idmapd[6551]: libnfsidmap: using domain: ITET-PHO
Oct 5 15:11:07 sisyphous nfs-common[6530]: Starting NFS common utilities: statd idmapdrpc.idmapd: libnfsidmap: using domain: ITET-PHO
Oct 5 15:11:07 sisyphous nfs-common[6530]: rpc.idmapd: libnfsidmap: Realms list: 'ITET-PHO'
Oct 5 15:11:07 sisyphous nfs-common[6530]: rpc.idmapd: libnfsidmap: processing 'Method' list
Oct 5 15:11:07 sisyphous nfs-common[6530]: rpc.idmapd: libnfsidmap: loaded plugin /lib/x86_64-linux-gnu/libnfsidmap/static.so for method static
Oct 5 15:11:07 sisyphous rpc.idmapd[6551]: libnfsidmap: Realms list: 'ITET-PHO'
Oct 5 15:11:07 sisyphous rpc.idmapd[6551]: libnfsidmap: processing 'Method' list
Oct 5 15:11:07 sisyphous rpc.idmapd[6551]: libnfsidmap: loaded plugin /lib/x86_64-linux-gnu/libnfsidmap/static.so for method static
Oct 5 15:11:07 sisyphous rpc.idmapd[6552]: Expiration time is 600 seconds.
Oct 5 15:11:07 sisyphous rpc.idmapd[6552]: Opened /proc/net/rpc/nfs4.nametoid/channel
Oct 5 15:11:07 sisyphous nfs-common[6530]: .
Oct 5 15:11:07 sisyphous rpc.idmapd[6552]: Opened /proc/net/rpc/nfs4.idtoname/channel
Oct 5 15:11:07 sisyphous systemd[1]: Started LSB: NFS support files common to client and server.
Oct 5 15:11:07 sisyphous rpc.idmapd[6552]: New client: fa
Oct 5 15:11:07 sisyphous rpc.idmapd[6552]: New client: fb
Oct 5 15:11:07 sisyphous rpc.idmapd[6552]: Opened /run/rpc_pipefs/nfs/clntfb/idmap
And when I mount the export with mount.nfs4 cerberous:/volume1/homes /mnt/test
I get:
Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: New client: fc
Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: New client: fd
Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: New client: fe
Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: Stale client: fe
Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: #011-> closed /run/rpc_pipefs/nfs/clntfe/idmap
Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: Stale client: fd
Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: #011-> closed /run/rpc_pipefs/nfs/clntfd/idmap
Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: Stale client: fc
Oct 5 15:11:19 sisyphous rpc.idmapd[6552]: #011-> closed /run/rpc_pipefs/nfs/clntfc/idmap
How can I make the id mapping (at least static) work on Debian? ID mapping should work with Synology in general. Eventually I would like to automatically map the Synology users to LDAP users on the Linux machine.
Best Answer
Disclaimer: ID mapping without a Kerberos server only works halfway with NFSv4, it seems. I managed to get the correct usernames to show up on my client when listing files, but creating new files always creates them as user nobody because the Synology doesn't map anything in that case. This bug report and the linked thread suggest this is normal behaviour of
idmapd
when not using Kerberos for some reason. (EDIT: More detailed explanation.)However, what I did:
First, you have to enable idmapping after loading the NFS service. For that, you have to edit the file
/usr/syno/etc/rc.sysv/S83nfsd.sh
on the Synology. Find the lineand add the following line after that:
Then, still on the Synology, edit the
/etc/idmap.conf
and set theDomain
to yourITET-PHO
if not already set. Disable NFS, apply and re-enable (+apply) it afterwards in the Synology's control centre to reloadnfds
.On your client machine, create a file
/etc/modprobe.d/nfs-idmap.conf
with the following contents:Reload the
nfs
kernel module afterwards to apply the options.Also make sure,
idmapd
is running on your client. (On Ubuntu artful, I had to runsudo systemctl start nfs-idmapd
manually, I think.) And, of course, usenfsvers=4
as a mount option.(On the Synology, you can
killall idmapd
and run it in foreground usingidmapd -f -vvv
to see if it's doing anything.)