RE: NFS security

[Paul Roy <paul.roy@xxxxxxx>]

what options are you using on the export and the mount command? 





From:   "Mitchell, Dana" <dmitche@xxxxxxxxxx>
To:     Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date:   20/11/2018 20:43
Subject:        RE: NFS security
Sent by:        "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



In our testing I have USER1 on the client machine with UID(106)    and 
USER2 on the server machine with UID(106).    When USER1 accesses the nfs 
mount and gets an auth failure,  according to the audjrne  it is not USER2 
getting the failure (because USER2 does have authority to the directory) 
but is showing the userid that we have specified in the export as the 
anonyumous user.     I see no other settings or knobs that need adjusted 
in order to get it to use the UID found on the NFS server machine.

Dana

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob 
Berendt
Sent: Monday, November 19, 2018 8:54 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: RE: NFS security

Let's say your user id is DMITCHELL on both systems.
Now lets have you run the following
replacing ROB with DMITCHELL
and replacing GDIHQ and GDISYS with your lpars.

SELECT AUTHORIZATION_NAME, 
            USER_ID_NUMBER,
            GROUP_ID_NUMBER
FROM GDIHQ.QSYS2.USER_INFO
WHERE AUTHORIZATION_NAME='ROB'
;
SELECT AUTHORIZATION_NAME, 
            USER_ID_NUMBER,
            GROUP_ID_NUMBER
FROM GDISYS.QSYS2.USER_INFO
WHERE AUTHORIZATION_NAME='ROB'
;

Do your user id numbers match?

https://urldefense.proofpoint.com/v2/url?u=http-3A__ibm.biz_DB2foriServices&d=DwICAg&c=QRzMcACRvvIL_on8NFRsuQ1uiRYI1Q-OHuZzh6w2aWQ&r=OZrDe1lIb8xXIlHqolkTXRnhH3pTg17SJpwwrjJT9PQ&m=XQ7MJ4ZXjcNWLoa9moTO_iYw0l9JUWc_dw-lm9euFQk&s=LoXjstWmFRBL9sCA3OoxvvSOdt8nnhqzH2UYpIohnfA&e=


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail 
to:  2505 Dekko Drive
          Garrett, IN 46738
Ship to:  Dock 108
          6928N 400E
          Kendallville, IN 46755
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.dekko.com&d=DwICAg&c=QRzMcACRvvIL_on8NFRsuQ1uiRYI1Q-OHuZzh6w2aWQ&r=OZrDe1lIb8xXIlHqolkTXRnhH3pTg17SJpwwrjJT9PQ&m=XQ7MJ4ZXjcNWLoa9moTO_iYw0l9JUWc_dw-lm9euFQk&s=alNo3ZuqAoULgrIebAu2ha6qzqwJ-UjJ1bxA0pUFkC4&e=






From:   "Mitchell, Dana" <dmitche@xxxxxxxxxx>
To:     "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Date:   11/19/2018 09:23 AM
Subject:        RE: NFS security
Sent by:        "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



So far our attempts to verify that this works this way have failed.  Is 
there any messages anywhere that would indicate if a match was found and 
used?  Any other diagnostic data available?

Dana

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of 
Vernon Hamberg
Sent: Friday, November 16, 2018 6:13 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Re: NFS security

NFS always uses UID or GID (I think) - no matter the platform it's running 

on.

On 11/16/2018 2:52 PM, Mitchell, Dana wrote:
> Is there any doc or wisdom that explains better how to secure 
directories between two IBM I systems with an NFS export/mount.