RHEL clients displays Anonymous UID and GID in the permission for the files and folder that are shared over NFS v4.1


Consider a scenario where Windows 2012 is hosting shares over NFS v4.1. Adlookup is configured for user and group mapping. RHEL 5.8 is the NFS client which is mounting the NFS shares and then accessing as a mapped user.

From the Windows side correct information is displayed on the ownership tab. Also the user who is owning the share is a mapped user. But from the Linux side, we see anonymous UID and GID when we list the permission.

Explanation: The NFS server is supposed to return “<user>@<domain>” according to the RFC to the Linux NFS client. Though the RFC also allows “<numeric_uid>” if there is no string user name. For example, on our NFS v4 server, if you are using UUUA rather than a mapping solution then we return a numeric string version of the UID and GID. Also by parallel user, does the customer means same user name. In our test environment even if the user names is same then also it shows nobody. We have not tried, but may be configuring Kerberos on the Linux side may be able to resolve the user name.  In NFS v4 – the server and client need to agree on the concepts like domain and realms. That requires idmap configuration on the client side.

Hence we need a configuration on the client side to translate from the OWNER and OWNER_GROUP strings in the replies from the server. These are going to take the form <account>@<domain>. Without such information, the client is not going to be able to interpret the OWNER and OWNER_GROUP attributes returned by the server.

 

Skip to main content