Ubuntu Version:
Server: Ubuntu 24.04.3 LTS
Client: Ubuntu 24.04.3 LTS
Problem Description:
idmap does not work with NFS v4 and sec=krb5. However, it does work with NFS v3.
Relevant System Information:
Server:
/etc/exports
/storage/media *(sec=krb5,rw,sync,no_subtree_check,no_root_squash)
/etc/default/nfs-kernel-server
RPCNFSDCOUNT=8
RPCNFSDPRIORITY=0
RPCMOUNTDOPTS="--manage-gids --debug all"
RPCNFSDOPTS="-H 192.168.21.10 --debug --syslog"
NEED_SVCGSSD="yes"
RPCSVCGSSDOPTS=""
share:
# ls -lsan /storage/media/
total 154
1 drwxrwsr-x 4 1982600008 1982600003 4 Sep 29 20:00 .
9 drwxr-sr-x 12 0 0 12 Sep 25 18:49 ..
105 drwxrwxr-x 624 1982600011 1982600003 624 Sep 2 10:23 movies
41 drwxrwxr-x 176 1982600009 1982600003 176 Aug 8 08:08 shows
server idmap.conf
# cat /etc/idmapd.conf
[General]
Verbosity = 6
# set your own domain here, if it differs from FQDN minus hostname
Domain = mydomain.us
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
client idmap.conf
[General]
Verbosity = 6
# set your own domain here, if it differs from FQDN minus hostname
# Domain = localdomain
Domain = mydomain.us
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
Screenshots or Error Messages:
NFS v4 does not work:
# mount -vvv -t nfs -o nfsvers=4.2 -o sec=krb5 -o hard 0-r720xd.storage.mydomain.us:/storage/media /mnt/test/; ls -lsa /mnt/test/
mount.nfs: timeout set for Mon Sep 29 20:55:20 2025
mount.nfs: trying text-based options 'nfsvers=4.2,sec=krb5,hard,addr=192.168.21.10,clientaddr=10.11.33.39'
mount.nfs: mount(2): Device or resource busy
total 146
1 drwxrwsr-x 4 nobody nogroup 4 Sep 29 20:00 .
1 drwxr-xr-x 4 root root 4 Sep 29 15:21 ..
105 drwxrwxr-x 624 nobody nogroup 624 Sep 2 10:23 movies
41 drwxrwxr-x 176 nobody nogroup 176 Aug 8 08:08 shows
NFS v3 works:
# mount -vvv -t nfs -o nfsvers=3 -o sec=krb5 -o hard 0-r720xd.storage.mydomain.us:/storage/media /mnt/test/; ls -lsa /mnt/test/
mount.nfs: timeout set for Mon Sep 29 20:56:09 2025
mount.nfs: trying text-based options 'nfsvers=3,sec=krb5,hard,addr=192.168.21.10'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 192.168.21.10 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 192.168.21.10 prog 100005 vers 3 prot UDP port 54371
total 146
1 drwxrwsr-x 4 svc_nzbget newsgroup 4 Sep 29 20:00 .
1 drwxr-xr-x 4 root root 4 Sep 29 15:21 ..
105 drwxrwxr-x 624 svc_radarr newsgroup 624 Sep 2 10:23 movies
41 drwxrwxr-x 176 svc_sonarr newsgroup 176 Aug 8 08:08 shows
idmap translates:
# ls -lsan /mnt/test/
total 146
1 drwxrwsr-x 4 1982600008 1982600003 4 Sep 29 20:00 .
1 drwxr-xr-x 4 0 0 4 Sep 29 15:21 ..
105 drwxrwxr-x 624 1982600011 1982600003 624 Sep 2 10:23 movies
41 drwxrwxr-x 176 1982600009 1982600003 176 Aug 8 08:08 shows
What I’ve Tried:
I think I’ve tried everything, I just don’t know what is keeping the client from NOT squashing the uid and gid into nobody and nogroup.
Wireshark shows the client getting the proper NFS v4 uid’s and gid’s:
