NFSv4 and race condition with idmapd, pam_mount and auto mount

We mount NFSv4+krb5 shares with automount, and it works fine. We are now trying to mount home directories with nfs4 and automount. We get the directories mounted, but still get some directories/files mounted as "nobody". Mounting the same directory manually doesn't give us a problem. So I decided to mount these home directories using pam_mount. It works fine for me, but some users still get nobody. If I log to their machine and restart nfs-imapd, the ownership of the files gets fixed.

Can this be a race condition between pam_mount/automount and nfs-idmapd? If so, any tips on how to fix it?

NFSv4 stat() owner/group results are transmitted as textual "user@domain" labels instead of UIDs/GIDs. The domain isn't very important, but it needs to match between all clients and servers. (This doesn't affect actual UID-based access that the user gets – it only affects the ls -l results.)

If you constantly get nobody, it's possible that idmapd doesn't know your domain name at boot time. For example, if you do not have your FQDN in /etc/hosts, then idmapd would need to query DNS, and it's possible that it starts before networking (and therefore DNS) becomes available.

Try to define the domain either specifically for idmapd:

/etc/idmapd.conf

[General]
Domain = example.com

or globally via hosts:

/etc/hosts

# The server's own IP address (if static)
10.2.3.4 foo.example.com foo