In our testing I have USER1 on the client machine with UID(106) and USER2 on the server machine with UID(106). When USER1 accesses the nfs mount and gets an auth failure, according to the audjrne it is not USER2 getting the failure (because USER2 does have authority to the directory) but is showing the userid that we have specified in the export as the anonyumous user. I see no other settings or knobs that need adjusted in order to get it to use the UID found on the NFS server machine.
Dana
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob Berendt
Sent: Monday, November 19, 2018 8:54 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: RE: NFS security
Let's say your user id is DMITCHELL on both systems.
Now lets have you run the following
replacing ROB with DMITCHELL
and replacing GDIHQ and GDISYS with your lpars.
SELECT AUTHORIZATION_NAME,
USER_ID_NUMBER,
GROUP_ID_NUMBER
FROM GDIHQ.QSYS2.USER_INFO
WHERE AUTHORIZATION_NAME='ROB'
;
SELECT AUTHORIZATION_NAME,
USER_ID_NUMBER,
GROUP_ID_NUMBER
FROM GDISYS.QSYS2.USER_INFO
WHERE AUTHORIZATION_NAME='ROB'
;
Do your user id numbers match?
https://urldefense.proofpoint.com/v2/url?u=http-3A__ibm.biz_DB2foriServices&d=DwICAg&c=QRzMcACRvvIL_on8NFRsuQ1uiRYI1Q-OHuZzh6w2aWQ&r=OZrDe1lIb8xXIlHqolkTXRnhH3pTg17SJpwwrjJT9PQ&m=XQ7MJ4ZXjcNWLoa9moTO_iYw0l9JUWc_dw-lm9euFQk&s=LoXjstWmFRBL9sCA3OoxvvSOdt8nnhqzH2UYpIohnfA&e=
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.dekko.com&d=DwICAg&c=QRzMcACRvvIL_on8NFRsuQ1uiRYI1Q-OHuZzh6w2aWQ&r=OZrDe1lIb8xXIlHqolkTXRnhH3pTg17SJpwwrjJT9PQ&m=XQ7MJ4ZXjcNWLoa9moTO_iYw0l9JUWc_dw-lm9euFQk&s=alNo3ZuqAoULgrIebAu2ha6qzqwJ-UjJ1bxA0pUFkC4&e=
From: "Mitchell, Dana" <dmitche@xxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Date: 11/19/2018 09:23 AM
Subject: RE: NFS security
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
So far our attempts to verify that this works this way have failed. Is
there any messages anywhere that would indicate if a match was found and
used? Any other diagnostic data available?
Dana
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Vernon Hamberg
Sent: Friday, November 16, 2018 6:13 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Re: NFS security
NFS always uses UID or GID (I think) - no matter the platform it's running
on.
On 11/16/2018 2:52 PM, Mitchell, Dana wrote:
Is there any doc or wisdom that explains better how to secure
directories between two IBM I systems with an NFS export/mount.
Attention: This electronic document and associated attachments (if any)
may contain confidential information of the sender (SHAZAM Network) and is
intended solely for use by the addressee(s). Review by unintended
individuals is prohibited. If you are not the intended recipient: (i) do
not read, transmit, copy, disclose, store, or utilize this communication
in any manner; (ii) please reply to the sender immediately, state that you
received it in error and permanently delete this message and any
attachment(s) from your computer and destroy the material in its entirety
if in hard copy format. If you are the intended recipient, please use
discretion in any email reply to ensure that you do not send confidential
information as we cannot secure it through this medium. By responding to
us through internet e-mail, you agree to hold SHAZAM, Inc. and all
affiliated companies harmless for any unintentional dissemination of
information contained in your message. Thank you.
As an Amazon Associate we earn from qualifying purchases.