[Freeipa-users] Automount kerberos errors

ondrejv at s3group.com ondrejv at s3group.com
Wed Nov 23 07:44:05 UTC 2011 

I have to say I am experiencing a similar behaviour - it does not seem to
affect the functionality though.
I also expect you have something like this in /etc/nsswitch.conf:

automount: files sss ldap

So it is obvious that sss is no option there yet but it should work with
ldap though.

If this issue is not critical to you, I would recommend you wait until we
add automount support to sssd - I guess none would use the ldap autofs
backend after that....

Ondrej


> Hi,
>
> I have configured automount to use the hosts' kerberos keytab to speak
> GSSAPI with the IPA server, using the following as
> /etc/autofs_ldap_auth.conf:
>
> <?xml version="1.0" ?>
> <!--
> GENERATED BY CFENGINE
> -->
> <autofs_ldap_sasl_conf
>      usetls="no"
>      tlsrequired="no"
>      authrequired="autodetect"
>      authtype="GSSAPI"
>      clientprinc="host/redhat5.ix.test.com at IX.TEST.COM"
> />
>
>
> I get the following error messages in the log, once a day. It seem like
> the ticket expires before it's renewed. Has anyone else seen this? Or
> perhaps I should file a bug report on the automounter? I don't get this
> error message on Red Hat 6 clients.
>
> I also get the error where automount says sss is not a supported
> automount source, even though the ipa-client-install script configured
> nsswitch to look up automount in sss. I get this error message on both
> Red Hat 5 and Red Hat 6 machines. What's going on?
>
>
>
>
> Nov 20 15:49:15 redhat5 automount[26234]: ignored unsupported autofs
> nsswitch source "sss"
> Nov 20 15:49:15 redhat5 automount[26234]: sasl_log_func:100: No worthy
> mechs found
> Nov 20 15:49:15 redhat5 automount[26234]: sasl_log_func:100: GSSAPI
> Error: Unspecified GSS failure.  Minor code may provide more information
> (Ticket expired)
> Nov 20 16:05:33 redhat5 automount[26234]: ignored unsupported autofs
> nsswitch source "sss"
> Nov 20 16:05:33 redhat5 automount[26234]: sasl_log_func:100: No worthy
> mechs found
> Nov 20 16:05:33 redhat5 automount[26234]: sasl_log_func:100: GSSAPI
> Error: Unspecified GSS failure.  Minor code may provide more information
> (Ticket expired)
> Nov 20 16:20:17 redhat5 automount[26234]: ignored unsupported autofs
> nsswitch source "sss"
> Nov 20 16:20:17 redhat5 automount[26234]: sasl_log_func:100: No worthy
> mechs found
> Nov 20 16:20:18 redhat5 automount[26234]: sasl_log_func:100: GSSAPI
> Error: Unspecified GSS failure.  Minor code may provide more information
> (Ticket expired)
> Nov 20 16:43:44 redhat5 automount[26234]: ignored unsupported autofs
> nsswitch source "sss"
> Nov 20 16:43:44 redhat5 automount[26234]: sasl_log_func:100: No worthy
> mechs found
> Nov 20 16:43:44 redhat5 automount[26234]: sasl_log_func:100: GSSAPI
> Error: Unspecified GSS failure.  Minor code may provide more information
> (Ticket expired)
> Nov 20 20:13:28 redhat5 automount[26234]: sasl_log_func:100: No worthy
> mechs found
> Nov 20 20:13:28 redhat5 automount[26234]: sasl_log_func:100: GSSAPI
> Error: Unspecified GSS failure.  Minor code may provide more information
> (Ticket expired)
> Nov 21 22:01:47 redhat5 automount[26234]: sasl_log_func:100: No worthy
> mechs found
> Nov 21 22:01:48 redhat5 automount[26234]: sasl_log_func:100: GSSAPI
> Error: Unspecified GSS failure.  Minor code may provide more information
> (Ticket expired)
> Nov 21 22:51:57 redhat5 automount[26234]: sasl_log_func:100: No worthy
> mechs found
> Nov 21 22:51:58 redhat5 automount[26234]: sasl_log_func:100: GSSAPI
> Error: Unspecified GSS failure.  Minor code may provide more information
> (Ticket expired)
> Nov 21 23:14:30 redhat5 automount[26234]: sasl_log_func:100: No worthy
> mechs found
> Nov 21 23:14:30 redhat5 automount[26234]: sasl_log_func:100: GSSAPI
> Error: Unspecified GSS failure.  Minor code may provide more information
> (Ticket expired)
> Nov 22 20:36:34 redhat5 automount[26234]: sasl_log_func:100: No worthy
> mechs found
> Nov 22 20:36:34 redhat5 automount[26234]: sasl_log_func:100: GSSAPI
> Error: Unspecified GSS failure.  Minor code may provide more information
> (Ticket expired)
>
>
> Rgds,
> Siggi
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>



The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s).
Please direct any additional queries to: communications at s3group.com.
Thank You.
Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073.
Registered Office: South County Business Park, Leopardstown, Dublin 18

More information about the Freeipa-users mailing list