# NFS4 and user-Mapping

## Greeny

I've tried to configure a nfs4-network-share with mapping my user1 (UID: 1000) to another user2 (UID: 1001) on the server side.

See following my config-files on server:

```
cat "/etc/exports"

/srv/nfsv4            *(rw,sync,no_root_squash,no_subtree_check,fsid=0)

/srv/nfsv4/test     *(rw,sync,no_subtree_check)
```

```
cat "/etc/idmapd.conf"

[General]

Verbosity = 10

Pipefs-Directory = /run/rpc_pipefs

Domain = localdomain

[Mapping]

Nobody-User = nobody

Nobody-Group = nogroup

[Translation]

Method = static,nsswitch

[Static]

user1@localdomain = user2
```

```
cat "/sys/module/nfsd/parameters/nfs4_disable_idmapping"

N
```

and there my confilg-files on client:

```
cat "/etc/fstab"

IP:/     /media/nfs/server     nfs4     nfsvers=4,rw,noauto,user     0 0
```

```
cat "/etc/idmapd.conf"

[General]

Verbosity = 10

Domain = localdomain

[Mapping]

Nobody-User = nobody

Nobody-Group = nobody

[Translation]

Method = static,nsswitch

[Static]

user2@localdomain = user1
```

```
cat "/sys/module/nfsd/parameters/nfs4_disable_idmapping"

N
```

The server shows me in "journalctl":

```
Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfsdcb: authbuf=* authtype=user

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_uid_to_name: calling nsswitch->uid_to_name

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_uid_to_name: nsswitch->uid_to_name returned 0

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_uid_to_name: final return value is 0

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: Server : (user) id "0" -> name "root@localdomain"

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfsdcb: authbuf=* authtype=group

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_gid_to_name: calling nsswitch->gid_to_name

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_gid_to_name: nsswitch->gid_to_name returned 0

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_gid_to_name: final return value is 0

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: Server : (group) id "0" -> name "root@localdomain"

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfsdcb: authbuf=* authtype=user

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_uid_to_name: calling nsswitch->uid_to_name

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_uid_to_name: nsswitch->uid_to_name returned 0

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_uid_to_name: final return value is 0

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: Server : (user) id "1001" -> name "user2@localdomain"

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfsdcb: authbuf=* authtype=group

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_gid_to_name: calling nsswitch->gid_to_name

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_gid_to_name: nsswitch->gid_to_name returned 0

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: nfs4_gid_to_name: final return value is 0

Dez 31 18:47:34 server-debian rpc.idmapd[8206]: Server : (group) id "1001" -> name "user2@localdomain"
```

The client shows me following codes in "journalctl --identifier=nfsidmap"

```
Dez 31 18:47:34 desktop-gentoo nfsidmap[6486]: key: 0x3f2ec707 type: uid value: root@localdomain timeout 600

Dez 31 18:47:34 desktop-gentoo nfsidmap[6486]: nfs4_name_to_uid: calling nsswitch->name_to_uid

Dez 31 18:47:34 desktop-gentoo nfsidmap[6486]: nss_getpwnam: name 'root@localdomain' domain 'localdomain': resulting localname 'root'

Dez 31 18:47:34 desktop-gentoo nfsidmap[6486]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0

Dez 31 18:47:34 desktop-gentoo nfsidmap[6486]: nfs4_name_to_uid: final return value is 0

Dez 31 18:47:34 desktop-gentoo nfsidmap[6487]: key: 0x1de2cc67 type: gid value: root@localdomain timeout 600

Dez 31 18:47:34 desktop-gentoo nfsidmap[6487]: nfs4_name_to_gid: calling nsswitch->name_to_gid

Dez 31 18:47:34 desktop-gentoo nfsidmap[6487]: nfs4_name_to_gid: nsswitch->name_to_gid returned 0

Dez 31 18:47:34 desktop-gentoo nfsidmap[6487]: nfs4_name_to_gid: final return value is 0

Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: key: 0x9f5bf15 type: uid value: user2@localdomain timeout 600

Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nfs4_name_to_uid: calling nsswitch->name_to_uid

Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nss_getpwnam: name 'user2@localdomain' domain 'localdomain': resulting localname 'user2'

Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nss_getpwnam: name 'user2' not found in domain 'localdomain'

Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nfs4_name_to_uid: nsswitch->name_to_uid returned -2

Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nfs4_name_to_uid: final return value is -2

Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nfs4_name_to_uid: calling nsswitch->name_to_uid

Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nss_getpwnam: name 'nobody@localdomain' domain 'localdomain': resulting localname 'nobody'

Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0

Dez 31 18:47:34 desktop-gentoo nfsidmap[6517]: nfs4_name_to_uid: final return value is 0

Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: key: 0x81524c3 type: gid value: user2@localdomain timeout 600

Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: nfs4_name_to_gid: calling nsswitch->name_to_gid

Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: nfs4_name_to_gid: nsswitch->name_to_gid returned -2

Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: nfs4_name_to_gid: final return value is -2

Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: nfs4_name_to_gid: calling nsswitch->name_to_gid

Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: nfs4_name_to_gid: nsswitch->name_to_gid returned 0

Dez 31 18:47:34 desktop-gentoo nfsidmap[6518]: nfs4_name_to_gid: final return value is 0
```

So it seems, that the configured static mapping isn't working.

Is there something wrong in my configurations? Or can anyone help me getting this mapping work?

----------

## LIsLinuxIsSogood

Could it be worthwhile for you to try without the domain, and just refer to users and hosts except for the local user that will have to be mentioned in both places (either by name or uid I'm not sure).

It just seems like adding the domain to the puzzle is like putting an extra piece that doesn't need to be present.

Unless somehow you think it makes things simpler, but I don't think it should.

----------

## LIsLinuxIsSogood

Also I'm not sure about this but couldn't having the nobody user and group be overriding the other mapping instructions being provided by Static.  I assume that is somehow actually not the case, but for now you could probably go very simple with the configuration until you've actually succeeded with mapping the user ids and then later add the necessary lines back for security or whatever else.  

I think all it should require is the following, from what I found online 

```
[Translation]

   Method=static

[Static]

   fred@remote = localfred
```

localfred is the local username, and fred is the username on the remote machine.

Source: https://unix.stackexchange.com/questions/286924/uid-mapping-in-nfs

----------

## piovrasca

So is this the solution? have you solved? I'm facing the same problem

Thanks

----------

