wonder if you have a user defined on client box, with UID=1000 ? <br>rpc.idmapd man page didn't say how it'd map remote UID to local UID/name.<br><br><br><div class="gmail_quote">2008/3/23 Michael B. Trausch <<a href="mailto:mike@trausch.us">mike@trausch.us</a>>:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">On Sun, 2008-03-23 at 00:27 -0400, Brian Pitts wrote:<br>
> Are you actually going to use any kerberized services, or could you<br>
> get away with a simpler setup like OpenLDAP + NFSv3 ?<br>
<br>
</div>One of the reasons that I was looking to use NFSv4 was that it has<br>
in-protocol support for file locks and all that, and the last time I<br>
tried an NFSv3 setup under Ubuntu, some of the functionality was rather<br>
curtailed. This included various random breakages surrounding file<br>
locking issues and so forth, and (probably fixed by now) GNOME being<br>
broken in strange ways.<br>
<br>
However, NFSv4 would be worth it from everything that I have read, and<br>
have the added bonus of being able to be used when I am out of town,<br>
albeit a bit slowly (so I'd probably still just take an rsync of my home<br>
when I go away and rsync it back when I get back). OpenLDAP+NFSv3 might<br>
work, if all the bugs have been fixed, but my understanding is that some<br>
of the bugs were issues (particularly file-locking issues) were due to<br>
the way that NFSv3 works inherently.<br>
<br>
I could see leveraging Kerberos for other things in the long run though,<br>
seeing that there is a good amount of software that seems to support<br>
using it for various things.<br>
<br>
For now, I am back to just running locally, because I do have other<br>
things that I have to do and I can't spend (all) my time trying to<br>
figure out the nuances of what's broken currently. I would like to just<br>
get it working though, and what I am probably going to wind up doing is<br>
creating a new subnetwork for a few virtual machines and try to use<br>
those as a sandbox to get things working, and then if I can get it<br>
working there, try again on my main network.<br>
<br>
Part of it, by the way, is that I would like to (in the long run) be<br>
able to actually require that the network be signed into in some form or<br>
fashion so that the NFS mounts can be used. NFSv3 is too easy to get<br>
into, and I wouldn't want to have it so that my next door neighbor can<br>
simply crack the key on my wireless router (which we all know is trivial<br>
anyway) and get access to the shares by saying "hey, I am UID 1000!".<br>
Kerberos would at least make sure that doesn't happen, by requiring that<br>
access be authenticated by having the ticket to access the filesystem.<br>
The only filesystem that I intend on having open (e.g., not relying on<br>
Kerberos for its use) is one that I plan on using eventually to support<br>
netbooting and having a root partition via NFS. Though, I am a ways<br>
away from that...<br>
<div><div></div><div class="Wj3C7c"><br>
--- Mike<br>
<br>
--<br>
Michael B. Trausch <a href="mailto:mike@trausch.us">mike@trausch.us</a><br>
home: 404-592-5746, 1 <a href="http://www.trausch.us" target="_blank">www.trausch.us</a><br>
cell: 678-522-7934 im: <a href="mailto:mike@trausch.us">mike@trausch.us</a>, jabber<br>
Ubuntu Unofficial Backports Project: <a href="http://backports.trausch.us/" target="_blank">http://backports.trausch.us/</a><br>
<br>
</div></div><br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
<br></blockquote></div><br>