PowerStore: Netgroups on LDAP server do not work as NFS host
Summary: LDAP lookup for netgroup members on SDNAS is case-sensitive, and does not support domain name in the third column.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
- The netgroups are granted access permissions in the "Host Access" list, but the group members still receive "Access denied" error while mounting the NFS exports.
- The lookup for the netgroups succeeds on the SDNAS. Example:
/opt/sdnas # .server_config SDNAS01 -v "ns_ldap lookup netgroup=nasadmins"
SDNAS01 : commands processed: 1
output is complete
1622558613: LDAP: 6: Netgroup: nasadmins - triples:
1622558613: LDAP: 6: (F52-Hammer-76,,prem.nas.unified)
Command succeeded
SDNAS01 : commands processed: 1
output is complete
1622558613: LDAP: 6: Netgroup: nasadmins - triples:
1622558613: LDAP: 6: (F52-Hammer-76,,prem.nas.unified)
Command succeeded
Cause
There are two possible reasons in this situation:
- The LDAP lookup is case-sensitive on the current SDNAS version (1.0.2.9.3.205). If there is any case mismatch for the host names in the DNS, host file, and LDAP, this group member is invalid. For example, if the member "(F52-Hammer-76,,prem.nas.unified)" name in DNS or host file is all lower case, "(f52-hammer-76.prem.nas.unified)," it is considered as a mismatch which leads to mount failure.
- The format of the netgroup member on the LDAP server is "(host,,domain)", but the current SDNAS version only supports the format "(host,,)." This means that the domain name in the third column should be removed from the LDAP.
Resolution
In a future version, SDNAS will support case-nonsensitive lookup and both formats of group members. There are two workarounds for current versions:
- Ensure that no case mismatch exists in the DNS, local files, and LDAP server.
- Ensure that the members of the netgroups are configured in the format "(host,,)" without the domain name.
Affected Products
PowerStoreArticle Properties
Article Number: 000187737
Article Type: Solution
Last Modified: 22 Jun 2021
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.