Hey guys,
I'm trying to setup my subuid and subgid parameters correctly and I'm clearly
doing something wrong as I keep getting "setgid: Invalid argument" when I try
to su to my user. I have all my accounts in LDAP and I've connected my
container to my infrastruture. It can see users, authenticate with LDAP,
Kerberos, etc, I just can't login due to the uid/gid mapping. I'm on LXD 2.15,
all my end users have uid's/gid's between 100,000 and 199,999. The LXD
container is running under a local user called "lxduser" on the host.
root@bllldap01:~# getent passwd jschaeffer
jschaeffer:*:100000:100000:Joshua Schaeffer:/home/jschaeffer:/bin/bash
root@bllldap01:~# ldapwhoami -Q
dn:uid=jschaeffer,ou=end users,ou=people,dc=appendata,dc=net
root@bllldap01:~# ldapsearch -LLLQ -b "uid=jschaeffer,ou=End
Users,ou=People,dc=appendata,dc=net" -s base
dn: uid=jschaeffer,ou=End Users,ou=People,dc=appendata,dc=net
objectClass: top
objectClass: account
objectClass: posixAccount
uid: jschaeffer
cn: Joshua Schaeffer
homeDirectory: /home/jschaeffer
loginShell: /bin/bash
gecos: Joshua Schaeffer
gidNumber: 100000
uidNumber: 100000
When I try to actually log into the users I get the setgid error:
root@bllldap01:~# su - jschaeffer
setgid: Invalid argument
Here is my /etc/subuid and /etc/subgid files on the LXD host:
lxduser@blllxd01:~$ cat /etc/sub{uid,gid}
lxd:100000:1000000
root:100000:1000000
lxduser:1065536:1000000
lxd:100000:1000000
root:100000:1000000
lxduser:1065536:1000000
I've restarted lxd.service and restarted all my containers after I made this
change. My understanding is, from my uid/gid files, that user 100,000 inside
the container should be mapped to 200,000 outside the container. Any help would
be appreciated.
Thanks,
Joshua Schaeffer
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
