</listitem>
<listitem>
+ <para><xref linkend="defaultNodemap"/></para>
+ </listitem>
+
+ <listitem>
<para><xref linkend="verifyingsettings"/></para>
</listitem>
is described using a dash to separate the range, for example,
<literal>192.168.20.[0-255]@tcp</literal>.</para>
- <para>The range must be contiguous. The full LNET definition for a
+ <para>The range must be contiguous. The full LNet definition for a
nidlist is as follows:</para>
<screen>
<para>If UID 11002 or GID 11001 do not exist on the Lustre MDS or MGS,
create them in LDAP or other data sources, or trust clients by setting
<literal>identity_upcall</literal> to <literal>NONE</literal>. For more
- information, see <xref linkend="dbdoclet.50438291_32926"/>.</para>
+ information, see <xref linkend="dbdoclet.identity_upcall"/>.</para>
<para>Building a larger and more complex configuration is possible by
iterating through the <literal>lctl</literal> commands above. In
ten seconds in normal circumstances.</para>
</section>
+ <section xml:id="defaultNodemap">
+ <title><literal>default</literal> Nodemap</title>
+
+ <para>There is a special nodemap called <literal>default</literal>. As the
+ name suggests, it is created by default and cannot be removed. It is like
+ a fallback nodemap, setting the behaviour for Lustre clients that do not
+ match any other nodemap.</para>
+ <para>Because of its special role, only some parameters can be set on the
+ <literal>default</literal> nodemap:</para>
+ <itemizedlist>
+ <listitem>
+ <para><literal>admin</literal></para>
+ </listitem>
+ <listitem>
+ <para><literal>trusted</literal></para>
+ </listitem>
+ <listitem>
+ <para><literal>squash_uid</literal></para>
+ </listitem>
+ <listitem>
+ <para><literal>squash_gid</literal></para>
+ </listitem>
+ <listitem>
+ <para><literal>fileset</literal></para>
+ </listitem>
+ <listitem>
+ <para><literal>audit_mode</literal></para>
+ </listitem>
+ </itemizedlist>
+ <para>In particular, no UID/GID mapping can be defined on the
+ <literal>default</literal> nodemap.</para>
+ <note>
+ <para>Be careful when altering the <literal>admin</literal> and
+ <literal>trusted</literal> properties of the <literal>default</literal>
+ nodemap, especially if your Lustre servers fall into this nodemap.
+ </para>
+ </note>
+ </section>
+
<section xml:id="verifyingsettings">
<title>Verifying Settings</title>
- <para>By using <literal>lctl nodemap_info all</literal>, existing
- nodemap configuration is listed for easy export. This command
- acts as a shortcut into the /proc interface for nodemap.
- Within /proc/fs/lustre/nodemap/ on the Lustre MGS, the
- file <literal>active</literal> contains a 1 if nodemap is active on the
- system. Each policy group creates a directory containing the
- following parameters:</para>
+ <para>By using <literal>lctl nodemap_info all</literal>, existing nodemap
+ configuration is listed for easy export. This command acts as a shortcut
+ into the configuration interface for nodemap. On the Lustre MGS, the
+ <literal>nodemap.active</literal> parameter contains a <literal>1</literal>
+ if nodemap is active on the system. Each policy group
+ creates a directory containing the following parameters:</para>
<itemizedlist>
<listitem>
- <para><literal>admin</literal> and
- <literal>trusted</literal> each contain a ‘1’ if the values
- are set, and a ‘0’ otherwise.</para>
+ <para><literal>admin</literal> and <literal>trusted</literal> each
+ contain a <literal>1</literal> if the values are set, and
+ <literal>0</literal> otherwise.</para>
</listitem>
<listitem>