Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Trying to set up nfs server with netgroups in LDAP

  1. #1
    Join Date
    Oct 2012
    Beans
    4

    Trying to set up nfs server with netgroups in LDAP

    Hi,

    I am trying to set up the following configuration on Ubuntu 10.04.2.
    My nfs server has the following share in /etc/exports:

    Code:
    /export/mail @mail(rw,secure,no_root_squash,sync,no_subtree_check)
    
    nfsserver$ grep netgroup /etc/nsswitch.conf 
    netgroup:   files ldap
    
    nfsserver$ grep netgroup /etc/ldap.conf
    nss_base_netgroup ou=Netgroup,dc=xxx,dc=xxx
    
    nfsserver$ getent netgroup mail
    mail                  (backup01, , xxx.xxx)
    Now when I try to mount this from client host I am getting:
    Code:
    mount.nfs: access denied by server while mounting nfsserver:/export/mail
    At the same time nfs server reports the following error message:

    Code:
    mountd[14460]: refused mount request from backup01.xxx.xxx for /export/mail (/): not exported
    I am only able to mount this when I put local netgroup definitions, getent netgroup mail > /etc/netgroup solves this problem however I would rather like to store my netgroups in LDAP.

    Does anyone have any ideas? Seems that netgroups in LDAP are not working here. Is there anything I missed?
    Last edited by sandyd; October 26th, 2012 at 05:15 PM. Reason: code tags

  2. #2
    Join Date
    Sep 2010
    Location
    Indian Capital City
    Beans
    887
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Trying to set up nfs server with netgroups in LDAP

    Can you post the netgroup entry as defined in LDAP ?

    Also, once you define netgroup in LDAP, does your 'getent netgroup <netgroup-name>' name works ?
    When you have eliminated the impossible, whatever remains, however improbable, must be the truth !!
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Mark it [SOLVED] if the issue has been resolved

  3. #3
    Join Date
    Oct 2012
    Beans
    4

    Re: Trying to set up nfs server with netgroups in LDAP

    Hi,

    I am not sure what you mean but information you requested has already been provided in my previous post, I just replaced my domain name with 'x'es.
    Once groups are in LDAP, getent netgroup shows correct values (output in my previous post).

  4. #4
    Join Date
    Sep 2010
    Location
    Indian Capital City
    Beans
    887
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Trying to set up nfs server with netgroups in LDAP

    Quote Originally Posted by pjewiec View Post
    Hi,
    I am not sure what you mean but information you requested has already been provided in my previous post, I just replaced my domain name with 'x'es.-
    I am asking for the ldif entry for the netgroup defined in LDAP.
    The post only contains the NFS export entry

    Once groups are in LDAP, getent netgroup shows correct values (output in my previous post).
    This information contradicts with what you posted earlier
    I am only able to mount this when I put local netgroup definitions, ... I would rather like to store my netgroups in LDAP. Does anyone have any ideas? Seems that netgroups in LDAP are not working here
    When you have eliminated the impossible, whatever remains, however improbable, must be the truth !!
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Mark it [SOLVED] if the issue has been resolved

  5. #5
    Join Date
    Oct 2012
    Beans
    3

    Re: Trying to set up nfs server with netgroups in LDAP

    I can confirm this:

    nsswitch setup is fine, getent netgroup returns the desired entries in the format

    mynetgroup (myhost.f.q.d.n, , )

    A sample ldif entry looks like this:

    Code:
    # LDIF Export for cn=mynetgroup,ou=netgroup,dc=x,dc=y,dc=z 
    # Server: MY LDAP (ldap.x.y.z) # Suchbereich: base # Suchfilter: (objectClass=*) 
    # Anzahl der Eintraege: 1 
    # # Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on October 26, 2012 3:49 pm 
    # Version: 1.2.0.4  version: 1  
    # Eintrag 1: cn=mynetgroup,ou=netgroup,dc=x,dc=y,dc=z dn: cn=mynetgroup,ou=netgroup,dc=x,dc=y,dc=z cn: mynetgroup nisnetgrouptriple: (myhost.f.q.d.n,,) objectclass: nisNetgroup objectclass: top
    Yet I get one of the following error messages when trying to mount the exported volume:

    refused mount request from myhost.f.q.d.n for /some/share (/): no export entry

    or

    refused mount request from 1.2.3.4 for /some/share (/some/share): unmatched host

    The log message "no export entry" seems to appear in conjunction with the myhost.f.q.d.n, while the "unmatched host" seems to appear with raw IP addresses.

    The same LDAP/netgroup settings have been working fine for NFS servers under Gentoo Linux.
    Last edited by sandyd; October 26th, 2012 at 05:14 PM. Reason: fixed font + formatting

  6. #6
    Join Date
    Sep 2010
    Location
    Indian Capital City
    Beans
    887
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Trying to set up nfs server with netgroups in LDAP

    Quote Originally Posted by glauche View Post
    refused mount request from myhost.f.q.d.n for /some/share (/): no export entry

    or

    refused mount request from 1.2.3.4 for /some/share (/some/share): unmatched host
    Please check if NFS server can lookup(nslookup) 'myhost.f.q.d.n' in both the forward and backward direction, I mean hostname to IP and IP to hostname. This is a primary requirement for netgroups to work
    When you have eliminated the impossible, whatever remains, however improbable, must be the truth !!
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Mark it [SOLVED] if the issue has been resolved

  7. #7
    Join Date
    Oct 2012
    Beans
    3

    Re: Trying to set up nfs server with netgroups in LDAP

    Yes, DNS lookups are ok in both ways. However, there is another evidence that netgroups are not supposed to work with nfs in ubuntu:

    https://help.ubuntu.com/community/SettingUpNFSHowTo#NIS

    states that netgroup support is only available together with NIS.

    When I run
    Code:
    exportfs
    on the server to list the exported shares, I get the netgroup shares listed correctly. However,
    Code:
    showmount -e server
    from a client does not list the netgroup shares on the same server.

  8. #8
    Join Date
    Sep 2010
    Location
    Indian Capital City
    Beans
    887
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Trying to set up nfs server with netgroups in LDAP

    Nope !! That's not the case, it works just fine

    This is what showmount displays from my client
    Code:
    showmount -e 192.168.56.1
    Export list for 192.168.56.1:
    /tmp/nfs  *
    /tmp/nfs2 @mynetgrp
    getent on NFS server shows and forward/backward lookup works
    Code:
    # NFS export entry looks like
    /tmp/nfs2 @mynetgrp(rw,no_root_squash)
    
    # getnet netgroup returns
    getent netgroup mynetgrp
    mynetgrp (luvshines-server.clone.com,,)
    
    ~$ nslookup 192.168.56.101
    Server:	        192.168.56.111
    Address:	192.168.56.111#53
    
    101.56.168.192.in-addr.arpa	name = luvshines-server.clone.com.
    
    ~$ nslookup luvshines-server
    Server:		9.122.122.27
    Address:	9.122.122.27#53
    
    Name:	luvshines-server.clone.com
    Address: 192.168.56.101
    mount from client works fine and NFS server shows
    Code:
    luvshines rpc.mountd[3144]: authenticated mount request from luvshines-server.clone.com:902 for /tmp/nfs2 (/tmp/nfs2)
    Things to be taken care:
    1. I switched off firewall on NFS server so that showmount worked
    2. Had to restart nfs service after nsswitch.conf changes so that NFS service acknowleges the change. This is expected, read the man page of nsswitch
    When you have eliminated the impossible, whatever remains, however improbable, must be the truth !!
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Mark it [SOLVED] if the issue has been resolved

  9. #9
    Join Date
    Oct 2012
    Beans
    3

    Re: Trying to set up nfs server with netgroups in LDAP

    Quote Originally Posted by luvshines View Post
    2. Had to restart nfs service after nsswitch.conf changes so that NFS service acknowleges the change. This is expected, read the man page of nsswitch
    This was the step I was missing...

    Thanks for reminding me!

    Volkmar

  10. #10
    Join Date
    Oct 2012
    Beans
    4

    Re: Trying to set up nfs server with netgroups in LDAP

    I can also confirm that this was the case. Thank you everyone.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •