After NFSv4 with Kerberos, nfs-server appears in the Pascom

pixel · October 27, 2020, 9:45am

Hi@all,

i have a strange effect after Kerberos adjustment of the NFS server. I have done the NFS server customization as described in the article:

All this also works. I have installed a Pascom telephone system (19.10) on a VM. On the UCS master (4.4.6) the Pascom connector is installed. So that users with activated MD in the user management automatically appear in the Pascom.

After the Kerberos adjustment a user “Service … 102” appears there. When I look on the UCS, this user does not exist.

grafik

He shows up in the telephone system:

grafik

It does not bother me personally either. Maybe it is a bug.

with best
sven

pmhahn · November 20, 2020, 5:39pm

Before analyzing this myself please go to “Domain Modules” and open “LDAP directors” (“LDAP-Verzeichnis” in German"). Navigate to the cn=users container and see if the user is shown there.
If yes: this is expected. User accounts can be marked as internal or hidden, which are then not shown by the regular users/user module in UMC.

On the other hand you should be able to see those user accounts when using udm users/user list on the command line (when logged in to your DC Master as user root - otherwise you have to give credentials explicitly suing --bindn … and --bindpwd …).
For example on my system several accounts are marked as hidden:

# udm users/user list --filter objectFlag=hidden | grep -e ^DN -e objectFlag
objectFlag=hidden
DN: uid=join-backup,cn=users,dc=schulung,dc=ucs
  objectFlag: hidden
DN: uid=join-slave,cn=users,dc=schulung,dc=ucs
  objectFlag: hidden
DN: uid=ucs-sso,cn=users,dc=schulung,dc=ucs
  objectFlag: hidden
DN: uid=dns-dc1,cn=users,dc=schulung,dc=ucs
  objectFlag: hidden
DN: uid=dns-replica1,cn=users,dc=schulung,dc=ucs
  objectFlag: hidden

Those users are not shown in UMC and are also excepted from licence counting.

pixel · November 24, 2020, 1:44pm

The user “Service” does not appear in the LDAD directory.
grafik

The call in the terminal (on the server as root) does not show me the user either.

root@srv01:~# udm users/user list --filter objectFlag=hidden | grep -e ^DN -e objectFlag
objectFlag=hidden
DN: uid=join-backup,cn=users,dc=gehr,dc=local
  objectFlag: hidden
DN: uid=join-slave,cn=users,dc=gehr,dc=local
  objectFlag: hidden
DN: uid=ucs-sso,cn=users,dc=gehr,dc=local
  objectFlag: hidden
DN: uid=dns-srv01,cn=users,dc=gehr,dc=local
  objectFlag: hidden
DN: uid=nfs-srv01,cn=users,dc=gehr,dc=local
  objectFlag: hidden

First I have to check the manual how to use these parameters