Am Dienstag, 31. März 2015, 20:28:37 schrieb Jakub Hrozek:
On Mon, Mar 30, 2015 at 03:12:54PM +0200, Günther J. Niederwimmer
wrote:
> Hello,
>
> Am Montag, 30. März 2015, 11:07:52 schrieb Jakub Hrozek:
> > > Am Montag, 30. März 2015, 09:45:54 schrieb Lukas Slebodnik:
> > > > On (29/03/15 16:27), Günther J. Niederwimmer wrote:
> > > > >Hello,
> > > > >
> > > > >On my system centos 7 my automount is not working.
> > > > >IPA 4.1 sssd 1.12
> > > > >
> > > > >I have this Error ?
> > > > >automount[1899]: lookup_read_map: lookup(sss): getautomntent_r:
No
> > > > >such
> > > > >file or directory
> > > > >
> > > > >have I to configure more in sssd ?
> > > > >
> > > > >Now I have this from ipa
> > > > >
> > > > >autofs_provider = ipa
> > > > >ipa_automount_location = default
> > > >
> > > > It is not directy documentation[1] to autofs with ipa provider but
> > > > it
> > > > can
> > > > help you. If the documentation is not clear then we will try to find
> > > > problem and improve documentation afterwards.
> > >
> > > I read this Doc before I wrote to the list ;)
> > >
> > > But I mean I can't correct read this?
> > >
> > > I have configured the system with "ipa-client-automount" the ipa
tool
> > > don't
> > > configure /etc/sysconfig/autofs and /etc/autofs_ldap_auth.conf any
> > > more?
> > >
> > > The problem is I can't find any in the doc for this Problem.
> > >
> > > In IPA 4.1 all configuration should make sssd, but nothing tell me,
> > > have I
> > > to do more in the sssd.conf ?
> >
> > Yes, for now we need to increase debug_level in autofs and domain
> > sections to be able to inspect the logs.
>
> OK Thanks, I have secure_level = 6 is this OK
Thanks for the logs and sorry for the delay. See some observations
inline. The autofs client and responder are configured correctly and I
even see some searches finding maps on the back end side. Can you also
post the corresponding automounter -m output, maybe also with some
verbose options?
Np problem ;) I have to say thank's for the help.
you mean automount -v -m ?
autofs dump map information
===========================
global options: none configured
Mount point: /misc
source(s):
instance type(s): file
map: /etc/auto.misc
cd | -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
Mount point: /net
source(s):
type: hosts
ipa1.4gjn.prv | (null)
smtp1.4gjn.prv | (null)
bbs.4gjn.prv | (null)
dns.4gjn.prv | (null)
ipa.4gjn.prv | (null)
localhost | (null)
Mount point: /home
source(s):
instance type(s): sss
map: auto.home
* | -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192
bbs.4gjn.prv:/exports/home/&
Mount point: /-
source(s):
lookup_read_map: lookup(sss): getautomntent_r: No such file or directory
instance type(s): sss
map: auto.direct
no keys found in map
Mount point: /daten
source(s):
instance type(s): sss
map: auto.daten
* | -
fstype=nfs4,rw,insecure,sync,no_root_squash,no_subtree_check,nohide,rsize=8192,wsize=8192
bbs.4gjn.prv:/exports/daten/&
I mean I have here a Error in my configuration, I mean I have to write
bbs.4gjn.prv:/daten/&
Can you also describe how you set up the maps and the entries on the
server side so that we can reproduce locally?
I make a bind command in my /exports/
Directory
/home /exports/home none rw,bind 0 0
/daten /exports/daten none rw,bind 0 0
This is my /etc/export File
/exports
192.168.90.0/16(rw,sec=sys:krb5:krb5i:krb5p,no_root_squash,subtree_check,crossmnt,fsid=0)
/exports/daten
192.168.90.0/16(rw,insecure,sync,no_root_squash,no_subtree_check,nohide)
/exports/home 192.168.90.0/16(rw,sec=sys:krb5:krb5i:krb5p)
I hope this is all, you must have ?
Thank you.
> (Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]]
> [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of
> 'ipa.4gjn.prv' in files (Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]]
> [set_server_common_status] (0x0100): Marking server 'ipa.4gjn.prv' as
> 'resolving name' (Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]]
> [set_server_common_status] (0x0100): Marking server 'ipa.4gjn.prv' as
> 'name resolved' (Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]]
> [be_resolve_server_process] (0x0200): Found address for server
> ipa.4gjn.prv: [192.168.90.214] TTL 7200 (Mon Mar 30 10:15:05 2015)
> [sssd[be[4gjn.prv]]] [ipa_resolve_callback] (0x0400): Constructed uri
> 'ldap://ipa.4gjn.prv' (Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]]
> [sdap_async_sys_connect_send] (0x0020): connect failed [101][Network is
> unreachable]. (Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]]
> [sss_ldap_init_send] (0x0400): Setting 6 seconds timeout for connecting
> (Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]]
> [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request
> failed. (Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]]
> [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed.
> (Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [fo_set_port_status]
> (0x0100): Marking port 0 of server 'ipa.4gjn.prv' as 'not working'
(Mon
> Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [fo_set_port_status] (0x0400):
> Marking port 0 of duplicate server 'ipa.4gjn.prv' as 'not working'
(Mon
> Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [fo_resolve_service_send]
> (0x0100): Trying to resolve service 'IPA' (Mon Mar 30 10:15:05 2015)
> [sssd[be[4gjn.prv]]] [fo_resolve_service_send] (0x0020): No available
> servers for service 'IPA' (Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]]
> [sdap_id_op_connect_done] (0x0020): Failed to connect, going offline (5
> [Input/output error]) (Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]]
> [be_ptask_create] (0x0400): Periodic task [Check if online (periodic)]
> was created (Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]]
> [be_ptask_schedule] (0x0400): Task [Check if online (periodic)]:
> scheduling task 71 seconds from now [1427703376]
Here IPA had some networking problems. Later it seemed to recover, just
saying.
[...]
> (Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [be_autofs_handler]
> (0x0400): Entering be_autofs_handler() (Mon Mar 30 10:15:15 2015)
> [sssd[be[4gjn.prv]]] [sdap_autofs_handler] (0x0200): Requested refresh
> for: auto.master (Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]]
> [sdap_autofs_handler] (0x0200): Refresh of automount master map
> triggered: auto.master (Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]]
> [sdap_get_automntmap_next_base] (0x0400): Searching for automount maps
> with base [cn=default,cn=automount,dc=4gjn,dc=prv] (Mon Mar 30 10:15:15
> 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_ext_step] (0x0400): calling
> ldap_search_ext with
> [(&(automountMapName=auto.master)(objectclass=automountMap))][cn=default,
> cn=automount,dc=4gjn,dc=prv]. (Mon Mar 30 10:15:15 2015)
> [sssd[be[4gjn.prv]]] [sdap_get_generic_op_finished] (0x0400): Search
> result: Success(0), no errmsg set (Mon Mar 30 10:15:15 2015)
> [sssd[be[4gjn.prv]]] [sdap_get_automntmap_process] (0x0400): Search for
> autofs maps, returned 1 results. (Mon Mar 30 10:15:15 2015)
> [sssd[be[4gjn.prv]]] [automntmaps_process_members_send] (0x0400):
> Examining autofs map
> [automountmapname=auto.master,cn=default,cn=automount,dc=4gjn,dc=prv]
> (Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]]
> [automntmaps_process_members_next_base] (0x0400): Searching for automount
> map entries with base [cn=default,cn=automount,dc=4gjn,dc=prv] (Mon Mar
> 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_ext_step]
> (0x0400): calling ldap_search_ext with
> [(&(automountKey=*)(objectclass=automount))][automountmapname=auto.master
> ,cn=default,cn=automount,dc=4gjn,dc=prv]. (Mon Mar 30 10:15:15 2015)
> [sssd[be[4gjn.prv]]] [sdap_get_generic_op_finished] (0x0400): Search
> result: Success(0), no errmsg set (Mon Mar 30 10:15:15 2015)
> [sssd[be[4gjn.prv]]] [automntmaps_process_members_done] (0x0400): Search
> for autofs entries, returned 3 results. (Mon Mar 30 10:15:15 2015)
> [sssd[be[4gjn.prv]]] [sdap_get_automntmap_done] (0x0400): automount map
> members received (Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]]
> [sysdb_autofs_entries_by_map] (0x0400): Getting entries for map
> auto.master (Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]]
> [sysdb_save_autofsmap] (0x0400): Adding autofs map auto.master
As you can see from the logs here, the auto.master map was found on the
server and had 3 entries. Can I wonder if a more verbose log level would
show more?
> (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [be_ptask_execute]
> (0x0400): Task [Cleanup of 4gjn.prv]: executing task, timeout 3600
> seconds (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [be_ptask_done]
> (0x0400): Task [Cleanup of 4gjn.prv]: finished successfully (Mon Mar 30
> 10:15:16 2015) [sssd[be[4gjn.prv]]] [be_ptask_schedule] (0x0400): Task
> [Cleanup of 4gjn.prv]: scheduling task 3600 seconds from last execution
> time [1427706916] (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sdap_sudo_full_refresh_send] (0x0400): Issuing a full refresh of sudo
> rules (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sdap_sudo_refresh_connect_done] (0x0400): SUDO LDAP connection
> successful (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sdap_sudo_load_sudoers_next_base] (0x0400): Searching for sudo rules
> with base [ou=SUDOers,dc=4gjn,dc=prv] (Mon Mar 30 10:15:16 2015)
> [sssd[be[4gjn.prv]]] [sdap_get_generic_ext_step] (0x0400): calling
> ldap_search_ext with
> [(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=smtp1.4
> gjn.prv)(sudoHost=smtp1)(sudoHost=+*)(|(sudoHost=*\\*)(sudoHost=*?*)(sudoH
> ost=*\2A*)(sudoHost=*[*]*))))][ou=SUDOers,dc=4gjn,dc=prv]. (Mon Mar 30
> 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_op_finished]
> (0x0400): Search result: Success(0), no errmsg set (Mon Mar 30 10:15:16
> 2015) [sssd[be[4gjn.prv]]] [sdap_sudo_load_sudoers_process] (0x0400):
> Receiving sudo rules with base [ou=SUDOers,dc=4gjn,dc=prv] (Mon Mar 30
> 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_sudo_refresh_load_done]
> (0x0400): Received 0 rules (Mon Mar 30 10:15:16 2015)
> [sssd[be[4gjn.prv]]] [sysdb_sudo_purge_byfilter] (0x0400): No rules
> matched (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sdap_sudo_refresh_load_done] (0x0400): Sudoers is successfuly stored in
> cache (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sdap_sudo_full_refresh_done] (0x0400): Successful full refresh of sudo
> rules (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sdap_sudo_schedule_refresh] (0x0400): Full refresh scheduled at:
> 1427724916 (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sdap_sudo_schedule_refresh] (0x0400): Smart refresh scheduled at:
> 1427704216 (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [be_autofs_handler] (0x0400): Entering be_autofs_handler() (Mon Mar 30
> 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_autofs_handler] (0x0200):
> Requested refresh for: auto.direct (Mon Mar 30 10:15:16 2015)
> [sssd[be[4gjn.prv]]] [sdap_get_automntmap_next_base] (0x0400): Searching
> for automount maps with base [cn=default,cn=automount,dc=4gjn,dc=prv]
> (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(automountMapName=auto.direct)(objectclass=automountMap))][cn=default,
> cn=automount,dc=4gjn,dc=prv]. (Mon Mar 30 10:15:16 2015)
> [sssd[be[4gjn.prv]]] [sdap_get_generic_op_finished] (0x0400): Search
> result: Success(0), no errmsg set (Mon Mar 30 10:15:16 2015)
> [sssd[be[4gjn.prv]]] [sdap_get_automntmap_process] (0x0400): Search for
> autofs maps, returned 1 results. (Mon Mar 30 10:15:16 2015)
> [sssd[be[4gjn.prv]]] [automntmaps_process_members_send] (0x0400):
> Examining autofs map
> [automountmapname=auto.direct,cn=default,cn=automount,dc=4gjn,dc=prv]
> (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [automntmaps_process_members_next_base] (0x0400): Searching for automount
> map entries with base [cn=default,cn=automount,dc=4gjn,dc=prv] (Mon Mar
> 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_ext_step]
> (0x0400): calling ldap_search_ext with
> [(&(automountKey=*)(objectclass=automount))][automountmapname=auto.direct
> ,cn=default,cn=automount,dc=4gjn,dc=prv]. (Mon Mar 30 10:15:16 2015)
> [sssd[be[4gjn.prv]]] [sdap_get_generic_op_finished] (0x0400): Search
> result: Success(0), no errmsg set (Mon Mar 30 10:15:16 2015)
> [sssd[be[4gjn.prv]]] [automntmaps_process_members_done] (0x0400): Search
> for autofs entries, returned 0 results. (Mon Mar 30 10:15:16 2015)
> [sssd[be[4gjn.prv]]] [sdap_get_automntmap_done] (0x0400): automount map
> members received (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sysdb_autofs_entries_by_map] (0x0400): Getting entries for map
> auto.direct (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sysdb_autofs_entries_by_map] (0x0400): No entries for the map (Mon Mar
> 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sysdb_save_autofsmap] (0x0400):
> Adding autofs map auto.direct
Here also the direct map was found, but with no entries..
> (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [be_get_account_info]
> (0x0200): Got request for [0x1005][1][name=smtp:dccp] (Mon Mar 30
> 10:15:16 2015) [sssd[be[4gjn.prv]]] [be_req_set_domain] (0x0400):
> Changing request domain from [4gjn.prv] to [4gjn.prv] (Mon Mar 30
> 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_services_next_base]
> (0x0400): Searching for services with base [cn=accounts,dc=4gjn,dc=prv]
> (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with
> [(&(cn=smtp)(ipServiceProtocol=dccp)(objectclass=ipService))][cn=accounts
> ,dc=4gjn,dc=prv]. (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no
> errmsg set (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [sdap_get_services_process] (0x0400): Search for services, returned 0
> results. (Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]]
> [get_object_from_cache] (0x0020): Unexpected entry type [5]. (Mon Mar 30
> 10:15:16 2015) [sssd[be[4gjn.prv]]] [ipa_id_get_account_info_orig_done]
> (0x0040): get_object_from_cache failed.
And here I think we have a completely unrelated bug in SSSD. Our code
expects only entries that IPA currently manage and chokes on request for
a service. I think that there might be deployments that use services in
IPA, so we should fix this..
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
mit freundlichen Grüßen / best Regards,
Günther J. Niederwimmer