On Mon, Mar 30, 2015 at 03:12:54PM +0200, Günther J. Niederwimmer wrote:
Hello,
Am Montag, 30. März 2015, 11:07:52 schrieb Jakub Hrozek:
> > Am Montag, 30. März 2015, 09:45:54 schrieb Lukas Slebodnik:
> > > On (29/03/15 16:27), Günther J. Niederwimmer wrote:
> > > >Hello,
> > > >
> > > >On my system centos 7 my automount is not working.
> > > >IPA 4.1 sssd 1.12
> > > >
> > > >I have this Error ?
> > > >automount[1899]: lookup_read_map: lookup(sss): getautomntent_r: No
such
> > > >file or directory
> > > >
> > > >have I to configure more in sssd ?
> > > >
> > > >Now I have this from ipa
> > > >
> > > >autofs_provider = ipa
> > > >ipa_automount_location = default
> > >
> > > It is not directy documentation[1] to autofs with ipa provider but it
> > > can
> > > help you. If the documentation is not clear then we will try to find
> > > problem and improve documentation afterwards.
> >
> > I read this Doc before I wrote to the list ;)
> >
> > But I mean I can't correct read this?
> >
> > I have configured the system with "ipa-client-automount" the ipa
tool
> > don't
> > configure /etc/sysconfig/autofs and /etc/autofs_ldap_auth.conf any more?
> >
> > The problem is I can't find any in the doc for this Problem.
> >
> > In IPA 4.1 all configuration should make sssd, but nothing tell me, have I
> > to do more in the sssd.conf ?
>
> Yes, for now we need to increase debug_level in autofs and domain
> sections to be able to inspect the logs.
OK Thanks, I have secure_level = 6 is this OK
Thanks for the logs and sorry for the delay. See some observations
inline. The autofs client and responder are configured correctly and I
even see some searches finding maps on the back end side. Can you also
post the corresponding automounter -m output, maybe also with some
verbose options?
Can you also describe how you set up the maps and the entries on the
server side so that we can reproduce locally?
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]]
[resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of
'ipa.4gjn.prv' in files
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [set_server_common_status] (0x0100):
Marking server 'ipa.4gjn.prv' as 'resolving name'
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [set_server_common_status] (0x0100):
Marking server 'ipa.4gjn.prv' as 'name resolved'
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [be_resolve_server_process] (0x0200):
Found address for server ipa.4gjn.prv: [192.168.90.214] TTL 7200
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [ipa_resolve_callback] (0x0400):
Constructed uri 'ldap://ipa.4gjn.prv'
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [sdap_async_sys_connect_send] (0x0020):
connect failed [101][Network is unreachable].
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [sss_ldap_init_send] (0x0400): Setting 6
seconds timeout for connecting
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [sss_ldap_init_sys_connect_done]
(0x0020): sdap_async_sys_connect request failed.
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [sdap_sys_connect_done] (0x0020):
sdap_async_connect_call request failed.
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [fo_set_port_status] (0x0100): Marking
port 0 of server 'ipa.4gjn.prv' as 'not working'
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [fo_set_port_status] (0x0400): Marking
port 0 of duplicate server 'ipa.4gjn.prv' as 'not working'
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'IPA'
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [fo_resolve_service_send] (0x0020): No
available servers for service 'IPA'
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [sdap_id_op_connect_done] (0x0020):
Failed to connect, going offline (5 [Input/output error])
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [be_ptask_create] (0x0400): Periodic task
[Check if online (periodic)] was created
(Mon Mar 30 10:15:05 2015) [sssd[be[4gjn.prv]]] [be_ptask_schedule] (0x0400): Task [Check
if online (periodic)]: scheduling task 71 seconds from now [1427703376]
Here IPA had some networking problems. Later it seemed to recover, just
saying.
[...]
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [be_autofs_handler]
(0x0400): Entering be_autofs_handler()
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [sdap_autofs_handler] (0x0200): Requested
refresh for: auto.master
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [sdap_autofs_handler] (0x0200): Refresh
of automount master map triggered: auto.master
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [sdap_get_automntmap_next_base] (0x0400):
Searching for automount maps with base [cn=default,cn=automount,dc=4gjn,dc=prv]
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(automountMapName=auto.master)(objectclass=automountMap))][cn=default,cn=automount,dc=4gjn,dc=prv].
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [sdap_get_automntmap_process] (0x0400):
Search for autofs maps, returned 1 results.
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [automntmaps_process_members_send]
(0x0400): Examining autofs map
[automountmapname=auto.master,cn=default,cn=automount,dc=4gjn,dc=prv]
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [automntmaps_process_members_next_base]
(0x0400): Searching for automount map entries with base
[cn=default,cn=automount,dc=4gjn,dc=prv]
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(automountKey=*)(objectclass=automount))][automountmapname=auto.master,cn=default,cn=automount,dc=4gjn,dc=prv].
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [automntmaps_process_members_done]
(0x0400): Search for autofs entries, returned 3 results.
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [sdap_get_automntmap_done] (0x0400):
automount map members received
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [sysdb_autofs_entries_by_map] (0x0400):
Getting entries for map auto.master
(Mon Mar 30 10:15:15 2015) [sssd[be[4gjn.prv]]] [sysdb_save_autofsmap] (0x0400): Adding
autofs map auto.master
As you can see from the logs here, the auto.master map was found on the
server and had 3 entries. Can I wonder if a more verbose log level would
show more?
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [be_ptask_execute]
(0x0400): Task [Cleanup of 4gjn.prv]: executing task, timeout 3600 seconds
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [be_ptask_done] (0x0400): Task [Cleanup
of 4gjn.prv]: finished successfully
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [be_ptask_schedule] (0x0400): Task
[Cleanup of 4gjn.prv]: scheduling task 3600 seconds from last execution time [1427706916]
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_sudo_full_refresh_send] (0x0400):
Issuing a full refresh of sudo rules
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_sudo_refresh_connect_done]
(0x0400): SUDO LDAP connection successful
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_sudo_load_sudoers_next_base]
(0x0400): Searching for sudo rules with base [ou=SUDOers,dc=4gjn,dc=prv]
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(objectClass=sudoRole)(|(!(sudoHost=*))(sudoHost=ALL)(sudoHost=smtp1.4gjn.prv)(sudoHost=smtp1)(sudoHost=+*)(|(sudoHost=*\\*)(sudoHost=*?*)(sudoHost=*\2A*)(sudoHost=*[*]*))))][ou=SUDOers,dc=4gjn,dc=prv].
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_sudo_load_sudoers_process]
(0x0400): Receiving sudo rules with base [ou=SUDOers,dc=4gjn,dc=prv]
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_sudo_refresh_load_done] (0x0400):
Received 0 rules
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sysdb_sudo_purge_byfilter] (0x0400): No
rules matched
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_sudo_refresh_load_done] (0x0400):
Sudoers is successfuly stored in cache
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_sudo_full_refresh_done] (0x0400):
Successful full refresh of sudo rules
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_sudo_schedule_refresh] (0x0400):
Full refresh scheduled at: 1427724916
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_sudo_schedule_refresh] (0x0400):
Smart refresh scheduled at: 1427704216
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [be_autofs_handler] (0x0400): Entering
be_autofs_handler()
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_autofs_handler] (0x0200): Requested
refresh for: auto.direct
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_automntmap_next_base] (0x0400):
Searching for automount maps with base [cn=default,cn=automount,dc=4gjn,dc=prv]
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(automountMapName=auto.direct)(objectclass=automountMap))][cn=default,cn=automount,dc=4gjn,dc=prv].
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_automntmap_process] (0x0400):
Search for autofs maps, returned 1 results.
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [automntmaps_process_members_send]
(0x0400): Examining autofs map
[automountmapname=auto.direct,cn=default,cn=automount,dc=4gjn,dc=prv]
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [automntmaps_process_members_next_base]
(0x0400): Searching for automount map entries with base
[cn=default,cn=automount,dc=4gjn,dc=prv]
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(automountKey=*)(objectclass=automount))][automountmapname=auto.direct,cn=default,cn=automount,dc=4gjn,dc=prv].
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [automntmaps_process_members_done]
(0x0400): Search for autofs entries, returned 0 results.
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_automntmap_done] (0x0400):
automount map members received
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sysdb_autofs_entries_by_map] (0x0400):
Getting entries for map auto.direct
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sysdb_autofs_entries_by_map] (0x0400):
No entries for the map
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sysdb_save_autofsmap] (0x0400): Adding
autofs map auto.direct
Here also the direct map was found, but with no entries..
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [be_get_account_info]
(0x0200): Got request for [0x1005][1][name=smtp:dccp]
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [be_req_set_domain] (0x0400): Changing
request domain from [4gjn.prv] to [4gjn.prv]
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_services_next_base] (0x0400):
Searching for services with base [cn=accounts,dc=4gjn,dc=prv]
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_ext_step] (0x0400):
calling ldap_search_ext with
[(&(cn=smtp)(ipServiceProtocol=dccp)(objectclass=ipService))][cn=accounts,dc=4gjn,dc=prv].
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_generic_op_finished] (0x0400):
Search result: Success(0), no errmsg set
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [sdap_get_services_process] (0x0400):
Search for services, returned 0 results.
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [get_object_from_cache] (0x0020):
Unexpected entry type [5].
(Mon Mar 30 10:15:16 2015) [sssd[be[4gjn.prv]]] [ipa_id_get_account_info_orig_done]
(0x0040): get_object_from_cache failed.
And here I think we have a completely unrelated bug in SSSD. Our code
expects only entries that IPA currently manage and chokes on request for
a service. I think that there might be deployments that use services in
IPA, so we should fix this..