Mapping IDs with the AFM Network File System version 4

If Active File Management (AFM) is configured with Network File System version 4 (NFSv4) as a replication protocol, all applications or protocol nodes in the cache cluster must have access to the Lightweight Directory Access Protocol (LDAP) server. For example, for correct ID mapping, access to an Active Directory (AD). Otherwise, you can disable the ID mapping.

Ensure that both client and server have matching UIDs and GIDs even with NFSv4. The ID mapping is done to map an ID to a name and vice-versa. If the ID mapping is disabled, NFS clients send numeric UIDs or GIDs in outgoing attribute calls, and NFS servers send numeric UIDs or GIDs in outgoing attribute replies. If NFS clients send numeric UIDs or GIDs in a SETATTR call, they receive an NFS4ERR_BADOWNER reply from the NFS server. Clients re-enable the ID mapping and send user@domain strings for that a specific mount henceforth.

  1. Disable ID mapping.
    1. Disable ID mapping with the Knfs protocol.

      The ID mapping does not manage:

      • On an NFS client
        # echo 'Y' > /sys/module/nfs/parameters/nfs4_disable_idmapping
      • On an NFS server
        # echo 'Y' > /sys/module/nfsd/parameters/nfs4_disable_idmapping
    2. Disable ID mapping with the Ganesha protocol.
      1. Copy the configuration file.
        # cp /var/mmfs/ces/nfs-config/gpfs.ganesha.main.conf /tmp
      2. Open the /tmp/gpfs.ganesha.main.conf file and add the following information, and then save it.
        NFSv4
        {
               delegations=FALSE;
               domainname=virtual1.com;
               Only_Numeric_Owners=TRUE;                <-- Add Only_Numeric_Owners option
               grace_period=90;
               lease_lifetime=60;
               minor_versions=0,1;
        }
      3. Update the configuration file permanently.
        # mmccr fput gpfs.ganesha.main.conf /tmp/gpfs.ganesha.main.conf
      4. Stop and start the cluster export services.
        # mmces service stop nfs -a
        # mmces service start nfs -a
  2. Add a domain name to an NFS client and an NFS server.
    • On an NFS server, modify the /etc/idmapd.conf file with a proper domain (FQDN).
      1. Change the NFS server configuration.
        # mmnfs config change "IDMAPD_DOMAIN=storage1test.domain.com"

        A sample output is as follows:

        mmnfs: The NFS configuration was changed successfully.
        mmnfs: NFS server restarted on all NFS nodes on which NFS server is running.
      2. Verify the configuration.
        # mmnfs config list
        A sample output is as follows:
        NFS Ganesha Configuration
        =========================
        DELEGATIONS: FALSE
        DOMAINNAME: VIRTUAL1.COM
        GRACE_PERIOD: 90
        LEASE_LIFETIME: 60
        ....
        Imapd Configuration
        =========================
        DOMAIN: STORAGE1TEST.TUC.STGLABS.IBM.COM
        LOCAL-REALMS: localdomain
        =========================
    • On an NFS client, set a domain in the /etc/idmapd.conf file.
      1. Issue the mmdsh command on the multiple nodes.
        # mmdsh -N prt001st003,prt002st003,prt003st003
      2. Check the contents of the file.
        # cat /etc/idmapd.conf | grep storage

        A sample output is as follows:

        prt001st003:  Domain = storage1test.tuc.stglabs.ibm.com
        prt003st003:  Domain = storage1test.tuc.stglabs.ibm.com
        prt002st003:  Domain = storage1test.tuc.stglabs.ibm.com
      3. Restart the idmapd service.
        # systemctl restart nfs-idmapd.service