NFS4 Identity Mapping

Additional software is required to get the ID mapping working at ETH. The software is open source and can be found at https://github.com/isginf/libnfsidmap-regex.

Follow the instructions below to configure ID mapping your Linux.

Software

CentOS 7 and RHEL 7

Run the following command as root to set up a yum repository maintained by isginf for installing and updating the package libnfsidmap-regex: 

curl -s https://install.inf.ethz.ch/isginf.key > /etc/pki/rpm-gpg/RPM-GPG-KEY-isginf
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-isginf
cat > /etc/yum.repos.d/isginf.repo <<__END__
[isginf]
name=isginf Extra Packages for \$releasever - \$basearch
baseurl=http://install.inf.ethz.ch/linux/software/el7/\$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-isginf
includepkgs=libnfsidmap-regex
__END__

Then run 

yum -y install libnfsidmap-regex

Fedora

isginf does not provide ready-to-install RPMs. Instead you can build the RPM from the source RPM attached to this topic (link at the bottom).

First download the file and rename it to libnfsidmap-regex.src.rpm. Then as root install mock and configure it for the right distribution: 

dnf install -y mock redhat-lsb-core
ln -s -f fedora-$(lsb_release -r -s)-x86_64.cfg /etc/mock/default.cfg

ensure that the line 
config_opts['rpmbuild_networking'] = True
is in /etc/mock/default.cfg

Add your local user to the mock group: 

usermod -a -G mock {your local user}

You have to logout and login once again to become member of group mock. Now run mock to build an RPM: 

mock --init
mock --rebuild libnfsidmap-regex.src.rpm --enable-network

As root install the built RPM: 

dnf -y install /var/lib/mock/fedora-$(lsb_release -r -s)-x86_64/result/libnfsidmap-regex-*.x86_64.rpm

Ubuntu 16.04 or Newer

Run the following command as root to set up a repository maintained by isginf for installing and updating the package libnfsidmap-regex: 

echo "deb http://install.inf.ethz.ch/linux/software/$(. /etc/lsb-release; R=${DISTRIB_RELEASE/./}; echo ubuntu${R%%.*}) ./" > /etc/apt/sources.list.d/isginf.list
curl -s https://install.inf.ethz.ch/isginf.key |apt-key add -
apt update

Then run 

apt -y install libnfsidmap-regex

Configuration

Edit /etc/idmapd.conf as root, delete all existing text and copy-paste the content below: 

[General]
Domain = ethz.ch
Local-Realms = D, D.ETHZ.CH

[Regex]
User-Regex = ^D\\([^@]+)@ETHZ.CH$
Group-Regex = ^([^@]+)@d.ethz.ch@ethz.ch$|^D\\([^@]+)@ETHZ.CH$
Prepend-Before-User = D\ 
Append-After-User = @ETHZ.CH
Append-After-Group = @d.ethz.ch@ethz.ch

[Translation]
Method = regex, nsswitch

[Groups]
domain users = users

ISorted ascending Attachment History Action Size Date Who Comment
Unknown file formatrpm libnfsidmap-regex-20180227-1.src.rpm r1 manage 2.7 K 2018-03-07 - 13:57 StefanWalter SRPM for libnfsidmap-regex

Page URL: https://isg.inf.ethz.ch/bin/view/Main/HelpDesktopsAndLaptopsLinuxNfs4IdMapping
2019-08-22
© 2019 Eidgenössische Technische Hochschule Zürich