On the mount definitely 'soft'
I've tried both version 3 and 4 and the behavior seems to be same either way. I have a PMR open to get IBM's help
Dana
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Paul Roy
Sent: Tuesday, November 20, 2018 3:19 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: RE: NFS security
what options are you using on the export and the mount command?
From: "Mitchell, Dana" <dmitche@xxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 20/11/2018 20:43
Subject: RE: NFS security
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
In our testing I have USER1 on the client machine with UID(106) and
USER2 on the server machine with UID(106). When USER1 accesses the nfs
mount and gets an auth failure, according to the audjrne it is not USER2 getting the failure (because USER2 does have authority to the directory) but is showing the userid that we have specified in the export as the
anonyumous user. I see no other settings or knobs that need adjusted
in order to get it to use the UID found on the NFS server machine.
Dana
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob Berendt
Sent: Monday, November 19, 2018 8:54 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: RE: NFS security
Let's say your user id is DMITCHELL on both systems.
Now lets have you run the following
replacing ROB with DMITCHELL
and replacing GDIHQ and GDISYS with your lpars.
SELECT AUTHORIZATION_NAME,
USER_ID_NUMBER,
GROUP_ID_NUMBER
FROM GDIHQ.QSYS2.USER_INFO
WHERE AUTHORIZATION_NAME='ROB'
;
SELECT AUTHORIZATION_NAME,
USER_ID_NUMBER,
GROUP_ID_NUMBER
FROM GDISYS.QSYS2.USER_INFO
WHERE AUTHORIZATION_NAME='ROB'
;
Do your user id numbers match?
https://urldefense.proofpoint.com/v2/url?u=http-3A__ibm.biz_DB2foriServices&d=DwICAg&c=QRzMcACRvvIL_on8NFRsuQ1uiRYI1Q-OHuZzh6w2aWQ&r=OZrDe1lIb8xXIlHqolkTXRnhH3pTg17SJpwwrjJT9PQ&m=XQ7MJ4ZXjcNWLoa9moTO_iYw0l9JUWc_dw-lm9euFQk&s=LoXjstWmFRBL9sCA3OoxvvSOdt8nnhqzH2UYpIohnfA&e=
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.dekko.com&d=DwICAg&c=QRzMcACRvvIL_on8NFRsuQ1uiRYI1Q-OHuZzh6w2aWQ&r=OZrDe1lIb8xXIlHqolkTXRnhH3pTg17SJpwwrjJT9PQ&m=XQ7MJ4ZXjcNWLoa9moTO_iYw0l9JUWc_dw-lm9euFQk&s=alNo3ZuqAoULgrIebAu2ha6qzqwJ-UjJ1bxA0pUFkC4&e=
From: "Mitchell, Dana" <dmitche@xxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Date: 11/19/2018 09:23 AM
Subject: RE: NFS security
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
So far our attempts to verify that this works this way have failed. Is
there any messages anywhere that would indicate if a match was found and
used? Any other diagnostic data available?
Dana
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Vernon Hamberg
Sent: Friday, November 16, 2018 6:13 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Subject: Re: NFS security
NFS always uses UID or GID (I think) - no matter the platform it's running
on.
On 11/16/2018 2:52 PM, Mitchell, Dana wrote:
Is there any doc or wisdom that explains better how to secure
directories between two IBM I systems with an NFS export/mount.
midrange.com
