Trying to set up nfs server with netgroups in LDAP

[pjewiec]

Hi,

I am trying to set up the following configuration on Ubuntu 10.04.2.
My nfs server has the following share in /etc/exports:

Code:

/export/mail @mail(rw,secure,no_root_squash,sync,no_subtree_check)

nfsserver$ grep netgroup /etc/nsswitch.conf 
netgroup:   files ldap

nfsserver$ grep netgroup /etc/ldap.conf
nss_base_netgroup ou=Netgroup,dc=xxx,dc=xxx

nfsserver$ getent netgroup mail
mail                  (backup01, , xxx.xxx)

Now when I try to mount this from client host I am getting:

Code:

mount.nfs: access denied by server while mounting nfsserver:/export/mail

At the same time nfs server reports the following error message:

Code:

mountd[14460]: refused mount request from backup01.xxx.xxx for /export/mail (/): not exported

I am only able to mount this when I put local netgroup definitions, getent netgroup mail > /etc/netgroup solves this problem however I would rather like to store my netgroups in LDAP.

Does anyone have any ideas? Seems that netgroups in LDAP are not working here. Is there anything I missed?

[luvshines]

Can you post the netgroup entry as defined in LDAP ?

Also, once you define netgroup in LDAP, does your 'getent netgroup <netgroup-name>' name works ?

[pjewiec]

Hi,

I am not sure what you mean but information you requested has already been provided in my previous post, I just replaced my domain name with 'x'es.
Once groups are in LDAP, getent netgroup shows correct values (output in my previous post).

[luvshines]

Hi,
I am not sure what you mean but information you requested has already been provided in my previous post, I just replaced my domain name with 'x'es.-

I am asking for the ldif entry for the netgroup defined in LDAP.
The post only contains the NFS export entry

Once groups are in LDAP, getent netgroup shows correct values (output in my previous post).

This information contradicts with what you posted earlier

I am only able to mount this when I put local netgroup definitions, ... I would rather like to store my netgroups in LDAP. Does anyone have any ideas? Seems that netgroups in LDAP are not working here

[glauche]

I can confirm this:

nsswitch setup is fine, getent netgroup returns the desired entries in the format

mynetgroup (myhost.f.q.d.n, , )

A sample ldif entry looks like this:

Code:

# LDIF Export for cn=mynetgroup,ou=netgroup,dc=x,dc=y,dc=z 
# Server: MY LDAP (ldap.x.y.z) # Suchbereich: base # Suchfilter: (objectClass=*) 
# Anzahl der Eintraege: 1 
# # Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on October 26, 2012 3:49 pm 
# Version: 1.2.0.4  version: 1  
# Eintrag 1: cn=mynetgroup,ou=netgroup,dc=x,dc=y,dc=z dn: cn=mynetgroup,ou=netgroup,dc=x,dc=y,dc=z cn: mynetgroup nisnetgrouptriple: (myhost.f.q.d.n,,) objectclass: nisNetgroup objectclass: top

Yet I get one of the following error messages when trying to mount the exported volume:

refused mount request from myhost.f.q.d.n for /some/share (/): no export entry

or

refused mount request from 1.2.3.4 for /some/share (/some/share): unmatched host

The log message "no export entry" seems to appear in conjunction with the myhost.f.q.d.n, while the "unmatched host" seems to appear with raw IP addresses.

The same LDAP/netgroup settings have been working fine for NFS servers under Gentoo Linux.

[luvshines]

refused mount request from myhost.f.q.d.n for /some/share (/): no export entry

or

refused mount request from 1.2.3.4 for /some/share (/some/share): unmatched host

Please check if NFS server can lookup(nslookup) 'myhost.f.q.d.n' in both the forward and backward direction, I mean hostname to IP and IP to hostname. This is a primary requirement for netgroups to work