I have been working with a BlueArc NAS head for some time and just recently the requirement for NFSv4 and ACL’s had come up.

For a while I have been looking for some more info on how the NFS usermapping and ACL’s works, and especially for NFSv4. We were looking for a solution to the problem where the mapping of the Unix usernames and userid’s did not align with the NFS Server’s configuration, although we could not determine why.  When the user id and usernames cannot be matched with the NFS server, the active users credentials are squashed to anonymous. That makes it hard to enforce some decent ACL policies. The NFS client log clearly stated that it could not map a user to a domain.

Feb 25 14:24:26 nfsclient rpc.idmapd[30316]: nss_getpwnam: name 'username' does not map into domain 'domainname'

It was clear the usermapping differs between NFS3 and NFS4, but I did not quickly find what the difference was. The vendor’s administration guide wasn’t very elaborate on this topic, so I reverted to the beloved Google searches to try my luck. Unfortunately most hits were related to a bug in libnfsidmap.so in utils-nfs-lib which was supposed to be solved in versions which seem old to this time. So that could not be the cure to my issue. I accidentally stumbled across the solution by reading the command line man pages for the NAS head. It is just another example of an administration guide or command reference that is not as elaborate or at all complete as the man pages supplied with the management interfaces supplied by vendors. This BlueArc example isn’t on its own here.

The NFS server config wasn’t like the NFS clients configuration, because the NFS server was a NAS head. The NFS client uses the idmapd to match unix names with unix ID’s when connecting to NFS. The client uses domain information stored in a file /etc/idmapd.conf. Look at the section [General].

[General]
Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = domainname

The value behind “Domain” should match the configuration of your NFS server. In the case of NFSv4 user and group mappings, this is the value that should follow the @ behind the corresponding unix user  name.
An example;
On the NFS server, there has to be a mapping between Unix user “username” with  id “2010″ and in /etc/idmapd.conf the domain name “domainname” is set. On the NFS server, you use the NFS specific utility to configure a mapping for NFSv4 for “username@domainname”.

At this point I can only supply an example for a BlueArc HNAS usermapping.

BLUEARC CLI#> user-mapping-add --unix-name username --unix-id 2010 --nfsv4-name username@domainname

After succesful configuration, the NFS client log should display the following.

Feb 25 14:24:51 nfsclient rpc.idmapd[30316]: Client 15: (user) name "username@domainname" -> id "2010"

The same method applies to the group names, which obviously will need a mapping corresponding to the group names and ID’s.

So for all the people looking at the same problem in the near future, this post should help you a bit.

About a week ago I received a Lenovo M90z long term evaluation unit through Ivy Worldwide. I am part of a second wave of promotional reviews. The first wave also had a series of M90z price drawings or give-aways, so stay tuned. You might just be able to win one through this site. But more importantly, my findings will of course be a candid and unbiased.

It has taken me a couple of days to set it up because I am doing like a milion things at the same time. I am supposed to integrate the M90z into my normal computer based work routine as much as possible, so I can provide my readers (that’s you) with a lot of detailed background information based on normal day to day work.

I will be posting several parts on this because I think there is more to tell than would reasonably fit on one page, and usage experience takes some time to develop. First I will post some general usage and usability information pages, and later on the focus will shift into having the M90z act as tool to help physically and mentally challenged children develop by means of purpose build touch screen aware software.

Setting it up

Setting it up actually isn’t such a big deal. It is an all-in-one computer, so freeing it from it’s carboard prison is actually all the work that needs to be done.

In the box, there is a power cable and a Lenovo (USB wired) keyboard. Getting the device out of the box actually was a bit more work than I expected it to be, because of the weight of the device. You will need someone to hold the box when you use the woven Lenovo bag to lift the M90z out of the box. The bag the device is shipped in will make you think you can carry the device with you to wherever you are going, but the devices weight is going to get you an appointment with a chiropractor. I think you will find a decent place in your home or office to put it and keep it there.

If you think about it, it is an all-in-one device (computer, powersupply, monitor and what not), which also means you will get all the weight-in-one. Makes sense.

First Impressions

My first impressions were like I am used to with Lenovo gear. It feels and looks very solid and well build. Although it is more a personal taste thing, I don’t think Lenovo would win any design contest with their gear, but this M90z actually has very nice design from its overall case to the metal footing.

Powering on the device is like all preinstalled computers. You will have to respond to a couple of questions for the preinstalled Windows 7 professional (default is 32bit, but 64bit is also available) to complete the installation. After that, you are good to go. I usally make sure all available software updates are installed before doing anything else. This machine downloaded about 600MB of updates after the first boot. Then just a couple of more reboots for all the Microsoft Windows  updates to be installed, which obviously still isn’t possible in one go.

A problem with an all-in-one devices is keeping it cool. While running idle, you can clearly hear the fans inside the machine producing quite some noise. It is a bit too loud for my taste, but in an busy office environment, nobody will notice. For my home office, I do think it would need to be quiter. Maybe there is some tweaking to be done to have the cooling fans speed up or slow down based on internal temperatures.

Multitouch Screen

The 23″ Widescreen (16:9) has a 1920×1080 resolution, enabling a ton of information on screen and at your fingertips. The touch precision is actually quite amazing. The screen quality is very good and I have absolutely no complaints here. It wil take some getting used to when you have been weelding a mouse for a long time. My oldest son has been operating the touchscreen with the back of a pen or his Nintento DS stylus, which also seems to work great.

There is a small problem for me when trying to scroll through full screen windows where the scrollbar is to the most righthand side of the screen. The screens edge is quite thick, which seem to prevent my fingertip to reach far enough into the corners and edges to operate the scrollbar slider. The same is true for the default on-screen keyboard widget which is on the lefthand side. And no, I don’t have fat fingers

The shiny glass surface could be anoying some times when you have a lot of reflection. But this is not unlike all other devices with glossy screens. Make sure you find a good spot to put your screen without to much hinderance from light sources.

I did some tests on the multitouch pinch and zoom functions on a couple of pictures and webpages. The response was very sluggish here. In many cases the CTRL+ or CTRL- key combinations worked a lot faster. But I have just been at it for about an hour. I will put up a post later on when I have been doing a lot more tweaking and have been “simulating” real work for a couple of weeks.

Please stay tuned for more later on….