SSSD / sssd

Clone

#1916 ipa-client-automount with sssd fails
Closed: Invalid None Opened 10 years ago by jhrozek.

Closed: Invalid
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 961314

Created attachment 745646
sssd_autofs.log sssd_example.org.log

Description of problem:
Unable to configure ipa automount on client and wrong error code given in
/var/log/messages

Version-Release number of selected component (if applicable):
sssd-1.10.0-4.fc19.beta1.x86_64

How reproducible:
Always

Steps to Reproduce:
https://fedoraproject.org/wiki/QA:Testcase_FreeIPA_realmd_automount

1. Add client freeipa domain
2. Add nfs service and configure nfs server on freeipa server
3. Configure automnount
4. Configure client for automount with sssd
# ipa-client-automount

Actual results:
[root@client1 ~]# ipa-client-automount
Searching for IPA server...
IPA server: DNS discovery
Location: default
Continue to configure the system with these values? [no]: y
Configured /etc/nsswitch.conf
Configured /etc/sysconfig/nfs
Configured /etc/idmapd.conf
Started rpcidmapd
Started rpcgssd
Restarting sssd, waiting for it to become available.
Unable to find 'admin' user with 'getent passwd admin'!
This may mean that sssd didn't re-start properly after the configuration
changes.
Started autofs

[root@client1 sssd]# tail -f /var/log/messages
May  9 16:52:14 client1 automount[18783]: setautomntent: lookup(sss):
setautomntent: Cannot allocate memory
May  9 16:52:14 client1 automount[18783]: setautomntent: lookup(sss):
setautomntent: Cannot allocate memory
May  9 16:52:14 client1 automount[18783]: setautomntent: lookup(sss):
setautomntent: Cannot allocate memory

[root@client1 ~]# ls /ipaexport/test
ls: cannot access /ipaexport/test: No such file or directory


Expected results:
# ipa-client-automount
Searching for IPA server...
IPA server: server.ipa.example.org
Location: default
Continue to configure the system with these values? [no]: y
Configured /etc/nsswitch.conf
Configured /etc/sysconfig/nfs
Configured /etc/idmapd.conf
Started nfs-idmap.service
Started nfs-secure.service
Restarting sssd, waiting for it to become available.
Started autofs

# kinit admin

NFS exported file
# ls /ipaexport/test
  hello


Additional info:
[root@client1 sssd]# tail -f /var/log/messages

May  9 16:52:01 client1 systemd[1]: Starting NFS Server...
May  9 16:52:01 client1 kernel: [17379.233793] NFSD: starting 90-second grace
period (net ffffffff81d03f80)
May  9 16:52:01 client1 systemd[1]: Started NFS Server.
May  9 16:52:01 client1 systemd[1]: Starting NFS Mount Daemon...
May  9 16:52:01 client1 systemd[1]: Starting NFS Remote Quota Server...
May  9 16:52:01 client1 systemd[1]: Starting NFSv4 ID-name mapping daemon...
May  9 16:52:01 client1 rpc.mountd[18719]: Could not bind socket: (13)
Permission denied
May  9 16:52:01 client1 rpc.mountd[18719]: Could not bind socket: (13)
Permission denied
May  9 16:52:01 client1 rpc.mountd[18719]: Could not bind socket: (13)
Permission denied
May  9 16:52:01 client1 rpc.mountd[18719]: Could not bind socket: (13)
Permission denied
May  9 16:52:01 client1 rpc.mountd[18719]: Could not bind socket: (13)
Permission denied
May  9 16:52:01 client1 rpc.mountd[18719]: Could not bind socket: (13)
Permission denied
May  9 16:52:01 client1 rpc.mountd[18719]: Could not bind socket: (13)
Permission denied
May  9 16:52:01 client1 rpc.mountd[18719]: Could not bind socket: (13)
Permission denied
May  9 16:52:01 client1 rpc.mountd[18719]: Could not bind socket: (13)
Permission denied
May  9 16:52:01 client1 rpc.mountd[18719]: Could not bind socket: (13)
Permission denied
May  9 16:52:01 client1 rpc.mountd[18719]: Could not bind socket: (13)
Permission denied
May  9 16:52:01 client1 rpc.mountd[18719]: Could not bind socket: (13)
Permission denied
May  9 16:52:01 client1 rpc.mountd[18719]: mountd: could not create listeners
May  9 16:52:01 client1 systemd[1]: Started NFSv4 ID-name mapping daemon.
May  9 16:52:01 client1 systemd[1]: Started NFS Remote Quota Server.
May  9 16:52:01 client1 systemd[1]: nfs-mountd.service: control process exited,
code=exited status=1
May  9 16:52:01 client1 systemd[1]: Failed to start NFS Mount Daemon.
May  9 16:52:01 client1 systemd[1]: Unit nfs-mountd.service entered failed
state.
May  9 16:52:01 client1 systemd[1]: Reloading.
May  9 16:52:02 client1 systemd[1]: Starting Secure NFS...
May  9 16:52:02 client1 systemd[1]: Started Secure NFS.
May  9 16:52:02 client1 systemd[1]: Reloading.
May  9 16:52:02 client1 systemd[1]: Stopping System Security Services Daemon...
May  9 16:52:02 client1 sssd[sudo]: Shutting down
May  9 16:52:02 client1 sssd[pam]: Shutting down
May  9 16:52:02 client1 sssd[nss]: Shutting down
May  9 16:52:02 client1 sssd[ssh]: Shutting down
May  9 16:52:02 client1 sssd[pac]: Shutting down
May  9 16:52:02 client1 sssd[be[example.org]]: Shutting down
May  9 16:52:02 client1 systemd[1]: Starting System Security Services Daemon...
May  9 16:52:02 client1 sssd: Starting up
May  9 16:52:02 client1 sssd[be[example.org]]: Starting up
May  9 16:52:02 client1 sssd[nss]: Starting up
May  9 16:52:02 client1 sssd[sudo]: Starting up
May  9 16:52:02 client1 sssd[ssh]: Starting up
May  9 16:52:02 client1 sssd[pam]: Starting up
May  9 16:52:02 client1 sssd[autofs]: Starting up
May  9 16:52:02 client1 sssd[pac]: Starting up
May  9 16:52:02 client1 systemd[1]: Started System Security Services Daemon.
May  9 16:52:14 client1 systemd[1]: Starting Automounts filesystems on
demand...
May  9 16:52:14 client1 automount[18783]: setautomntent: lookup(sss):
setautomntent: Cannot allocate memory
May  9 16:52:14 client1 automount[18783]: setautomntent: lookup(sss):
setautomntent: Cannot allocate memory
May  9 16:52:14 client1 automount[18783]: setautomntent: lookup(sss):
setautomntent: Cannot allocate memory
May  9 16:52:14 client1 systemd[1]: Started Automounts filesystems on demand.
May  9 16:52:14 client1 systemd[1]: Reloading

Note - there seems to be two bugs, really. One is that the sysdb lookup fails, the other is that we shouldn't be returning ENOMEM.

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10.0

Fields changed

owner: somebody => lslebodn

Fields changed

milestone: SSSD 1.10.0 => SSSD 1.10.1

After Lukas' investigation, this bug turned to be a combination of a SELinux issue and ipa tools not requesting user with a fully qualified name.

changelog: =>
resolution: => worksforme
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to lslebodn
- Issue set to the milestone: SSSD 1.10.1
7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2958

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
major
defect
SSSD
None
None
0
0
https://bugzilla.redhat.com/show_bug.cgi?id=961314
0
0
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.