Unsolved
4 Posts
0
3307
OneFS 8.1.0.4 NFS export group limit
Hi,
I just created few NFS4 exports on our Isilon system (onefs 8.1.0.4), all exports are working fine but I do have a problem with the nfs-group limit (16).
I already changed global:
Map Lookup UID: Yes
Still the same problem, only 16 groups, any ideas?
Thanks
crklosterman
450 Posts
0
August 27th, 2018 09:00
Is there a valid auth provider configured over LDAP/NIS to permit the cluster to perform those lookups of UIDs to get the secondary supplemental groups?
Also be extremely careful using this option, because it can create some serious load on your LDAP infrastructure doing all of these lookups. In newer versions of OneFS, there may be some options to cache some of this information, but I don't know off the top of my head.
~Chris
MH2410
4 Posts
0
August 28th, 2018 07:00
Thanks Chris.
We are using Active Directory as our Authentication Providers.
I just checked the UNIX Sharing (NFS) ZONE Settings and enabled "No Names"
Seems to work with this option, now it changed nobody with real users. Do you know if this option does only ignore the nfs export user settings (Root User Mapping, ....)?
cadencep45
1 Rookie
1 Rookie
•
299 Posts
0
August 29th, 2018 04:00
the issue is the field that the NFS client ( for NFS 2/3 specifically ) uses can take a max of 16 groups.
One possible solution alluded to above is to force the isilon to disregard the NFS groups provided on every NFS request and do a lookup at the isilon side. This can be done by setting
isi nfs settings export view
Map Lookup UID: Yes
but bear in mind caveat by previous poster, its disabled by default for a reason