If Active File Management (AFM) is configured with Network File System version 4 (NFSv4)
as a replication protocol, all applications or protocol nodes in the cache cluster must have access
to the Lightweight Directory Access Protocol (LDAP) server. For example, for correct ID mapping,
access to an Active Directory (AD). Otherwise, you can disable the ID mapping.
Ensure that both client and server have matching UIDs and GIDs even with NFSv4. The ID mapping is
done to map an ID to a name and vice-versa. If the ID mapping is disabled, NFS clients send numeric
UIDs or GIDs in outgoing attribute calls, and NFS servers send numeric UIDs or GIDs in outgoing
attribute replies. If NFS clients send numeric UIDs or GIDs in a SETATTR
call, they
receive an NFS4ERR_BADOWNER
reply from the NFS server. Clients re-enable the ID
mapping and send user@domain strings for that a specific mount henceforth.
-
Disable ID mapping.
- Disable ID mapping with the Knfs protocol.
The ID mapping does not manage:
- Disable ID mapping with the Ganesha protocol.
- Copy the configuration
file.
# cp /var/mmfs/ces/nfs-config/gpfs.ganesha.main.conf /tmp
- Open the /tmp/gpfs.ganesha.main.conf file and add the following
information, and then save it.
NFSv4
{
delegations=FALSE;
domainname=virtual1.com;
Only_Numeric_Owners=TRUE; <-- Add Only_Numeric_Owners option
grace_period=90;
lease_lifetime=60;
minor_versions=0,1;
}
- Update the configuration file
permanently.
# mmccr fput gpfs.ganesha.main.conf /tmp/gpfs.ganesha.main.conf
- Stop and start the cluster export
services.
# mmces service stop nfs -a
# mmces service start nfs -a
- Add a domain name to an NFS client and an NFS server.
- On an NFS server, modify the /etc/idmapd.conf file with a proper domain (FQDN).
- Change the NFS server
configuration.
# mmnfs config change "IDMAPD_DOMAIN=storage1test.domain.com"
A
sample output is as
follows:
mmnfs: The NFS configuration was changed successfully.
mmnfs: NFS server restarted on all NFS nodes on which NFS server is running.
- Verify the configuration.
# mmnfs config list
A
sample output is as follows:
NFS Ganesha Configuration
=========================
DELEGATIONS: FALSE
DOMAINNAME: VIRTUAL1.COM
GRACE_PERIOD: 90
LEASE_LIFETIME: 60
....
Imapd Configuration
=========================
DOMAIN: STORAGE1TEST.TUC.STGLABS.IBM.COM
LOCAL-REALMS: localdomain
=========================
- On an NFS client, set a domain in the /etc/idmapd.conf file.
- Issue the mmdsh command on the multiple
nodes.
# mmdsh -N prt001st003,prt002st003,prt003st003
- Check the contents of the
file.
# cat /etc/idmapd.conf | grep storage
A sample
output is as follows:
prt001st003: Domain = storage1test.tuc.stglabs.ibm.com
prt003st003: Domain = storage1test.tuc.stglabs.ibm.com
prt002st003: Domain = storage1test.tuc.stglabs.ibm.com
- Restart the idmapd
service.
# systemctl restart nfs-idmapd.service