[Freeipa-users] question about automount config

Prasun Gera prasun.gera at gmail.com
Tue Jun 7 14:44:32 UTC 2016 

>From your errors, it looks like sssd is not able to find the autofs
entries. In order to confirm that, you can add the autofs mapping manually
to your config file (under /etc/auto.* depending on your config), and test
if that works. If you can get that to work, the problem lies in
freeipa/sssd configuration. I see that you are using sec=krb5. You may want
to disable kerberos too while debugging, both at the nfs server export
config, and at the client/automount config.

On Tue, Jun 7, 2016 at 9:10 AM, Arthur Fayzullin <arthur at deus.pro> wrote:

> I have done like You said. Here is output:
> [root at nfsclient ~]# automount -vvvf
> 1  Starting automounter version 5.1.1-3.fc23, master map auto.master
> 2  using kernel protocol version 5.02
> 3  mounted indirect on /misc with timeout 300, freq 75 seconds
> 4  mounted indirect on /net with timeout 300, freq 75 seconds
> 5  mounted indirect on /home with timeout 300, freq 75 seconds
> 6  lookup_read_map: lookup(sss): getautomntent_r: No such file or directory
> 7  attempting to mount entry /home/afayzullin
> 8  >> mount.nfs4: Connection timed out
> 9  mount(nfs): nfs: mount failure nfserver.ciktrb.ru:/home/afayzullin on
> /home/afayzullin
> 10 failed to mount /home/afayzullin
> 11 re-reading map for /home
> 12 attempting to mount entry /home/afayzullin
>
> from string 1 till 6 is startup output. I have googled by
> 'getautomntent_r', it has shown some closed threads that should be fixed
> (line 3, 4, 5 shows that it is ok)
> from line 7 I try to login as afayzullin and autofs tries to mount it as I
> wish, but for some reason it can not.
> How can I know why it can not do it? Where to look for it?
>
> also I have put debug_level=6 in [autofs] at /etc/sssd/sssd.conf and here
> is a piece from /var/log/sssd/sssd_autofs.log
>
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [accept_fd_handler] (0x0400):
> Client connected!
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [sss_cmd_get_version] (0x0200):
> Received client version [1].
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [sss_cmd_get_version] (0x0200):
> Offered version [1].
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [sss_autofs_cmd_setautomntent]
> (0x0400): Got request for automount map named auto.home
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [sss_parse_name_for_domains]
> (0x0200): name 'auto.home' matched without domain, user is auto.home
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [setautomntent_send] (0x0400):
> Requesting info for automount map [auto.home] from [<ALL>]
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [lookup_automntmap_step]
> (0x0400): Requesting info for [auto.home at ciktrb.ru]
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [sss_dp_issue_request] (0x0400):
> Issuing request for [0x558ed3ebab90:0:auto.home at ciktrb.ru]
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [sss_dp_get_autofs_msg]
> (0x0400): Creating autofs request for [ciktrb.ru][4105][mapname=auto.home]
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [sss_dp_internal_get_send]
> (0x0400): Entering request [0x558ed3ebab90:0:auto.home at ciktrb.ru]
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [lookup_automntmap_step]
> (0x0400): Requesting info for [auto.home at ciktrb.ru]
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [sysdb_autofs_entries_by_map]
> (0x0400): Getting entries for map auto.home
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [lookup_automntmap_step]
> (0x0400): setautomntent done for map auto.home
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]]
> [sss_autofs_cmd_setautomntent_done] (0x0400): setautomntent found data
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [sss_dp_req_destructor]
> (0x0400): Deleting request: [0x558ed3ebab90:0:auto.home at ciktrb.ru]
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]]
> [sss_autofs_cmd_getautomntbyname] (0x0400): Requested data of map auto.home
> key afayzullin
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [getautomntbyname_process]
> (0x0080): No key named [afayzullin] found
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]]
> [sss_autofs_cmd_getautomntbyname] (0x0400): Requested data of map auto.home
> key /
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [getautomntbyname_process]
> (0x0080): No key named [/] found
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]]
> [sss_autofs_cmd_getautomntbyname] (0x0400): Requested data of map auto.home
> key *
> (Tue Jun  7 15:59:58 2016) [sssd[autofs]] [sss_autofs_cmd_endautomntent]
> (0x0400): endautomntent called
>
> While manual mount works fine:
> # mount -vvv -t nfs4 nfserver.ciktrb.ru:/home/afayzullin /mnt
> mount.nfs4: timeout set for Tue Jun  7 17:07:25 2016
> mount.nfs4: trying text-based options
> 'vers=4.2,addr=10.254.1.167,clientaddr=10.254.1.168'
> [root at nfsclient ~]# echo $?
> 0
> [root at nfsclient ~]# mount -l
> nfserver.ciktrb.ru:/home/afayzullin on /mnt type nfs4
> (rw,relatime,seclabel,vers=4.2,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5,clientaddr=10.254.1.168,local_lock=none,addr=10.254.1.167)
>
> $ ssh nfsclient
> Creating home directory for afayzullin.
> Last login: Tue Jun  7 17:34:14 2016
> Could not chdir to home directory /home/afayzullin: No such file or
> directory
> -bash-4.3$ ll /mnt
> итого 0
> -rw-rw-r--. 1 afayzullin afayzullin 0 июн  7 17:00 test
>
> but home is empty
> # ll /home/
> итого 0
>
> So what steps should I take next?
>
> 24.05.2016 18:01, Prasun Gera пишет:
>
> You can stop the autofs daemon, and run it in foreground with automount
> -fvv. Then try to access the mount point in parallel. The logs from the
> foreground run should shed some light. Also, does your autofs setup work
> without kerberos ? As a first step it to work with non-kerberised nfs.
>
> On Mon, May 23, 2016 at 11:06 AM, Arthur Fayzullin < <arthur at deus.pro>
> arthur at deus.pro> wrote:
>
>> Good day, colleagues!
>> I am confused about how automount work and howto configure it. I have
>> tried to configure it according to
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html
>> document (paragraph 9.1.1 and chapter 20).
>> I have tried to make it work on 3 servers:
>> 1. ipa server;
>> 2. nfs server (node00);
>> 3. nfs client (postgres).
>>
>>
>> *** so here how it configured on ipa server:
>> $ ipa automountlocation-tofiles amantai
>> /etc/auto.master:
>> /-      /etc/auto.direct
>> /home   /etc/auto.home
>> ---------------------------
>> /etc/auto.direct:
>> ---------------------------
>> /etc/auto.home:
>> *       -sec=kr5i,rw,fstype=nfs4 node00.glavsn.ab:/home/&
>>
>> maps not connected to /etc/auto.master:
>>
>> $ ipa service-find nfs
>> ------------------
>> 2 services matched
>> ------------------
>>   Основной: nfs/node00.glavsn.ab at GLAVSN.AB
>>   Keytab: True
>>   Managed by: node00.glavsn.ab
>>
>>   Основной: nfs/postgres.glavsn.ab at GLAVSN.AB
>>   Keytab: True
>>   Managed by: postgres.glavsn.ab
>>
>>
>> *** here is nfs server config:
>> $ sudo klist -k
>> Пароль:
>> Keytab name: FILE:/etc/krb5.keytab
>> KVNO Principal
>> ----
>> --------------------------------------------------------------------------
>>    1 host/node00.glavsn.ab at GLAVSN.AB
>>    1 host/node00.glavsn.ab at GLAVSN.AB
>>    1 host/node00.glavsn.ab at GLAVSN.AB
>>    1 host/node00.glavsn.ab at GLAVSN.AB
>>    2 nfs/node00.glavsn.ab at GLAVSN.AB
>>    2 nfs/node00.glavsn.ab at GLAVSN.AB
>>    2 nfs/node00.glavsn.ab at GLAVSN.AB
>>    2 nfs/node00.glavsn.ab at GLAVSN.AB
>>
>> $ cat /etc/exports
>> /home *(rw,sec=sys:krb5:krb5i:krb5p)
>>
>> $ sudo firewall-cmd --list-all
>> public (default, active)
>>   interfaces: bridge0 enp1s0
>>   sources:
>>   services: dhcpv6-client nfs ssh
>>   ports: 8001/tcp
>>   masquerade: no
>>   forward-ports:
>>   icmp-blocks:
>>   rich rules:
>>
>> $ getenforce
>> Enforcing
>>
>>
>> *** here nfs client config:
>> # klist -k
>> Keytab name: FILE:/etc/krb5.keytab
>> KVNO Principal
>> ----
>> --------------------------------------------------------------------------
>>    1 host/postgres.glavsn.ab at GLAVSN.AB
>>    1 host/postgres.glavsn.ab at GLAVSN.AB
>>    1 host/postgres.glavsn.ab at GLAVSN.AB
>>    1 host/postgres.glavsn.ab at GLAVSN.AB
>>    1 nfs/postgres.glavsn.ab at GLAVSN.AB
>>    1 nfs/postgres.glavsn.ab at GLAVSN.AB
>>    1 nfs/postgres.glavsn.ab at GLAVSN.AB
>>    1 nfs/postgres.glavsn.ab at GLAVSN.AB
>>
>> # firewall-cmd --list-all
>> FedoraServer (default, active)
>>   interfaces: ens3
>>   sources:
>>   services: cockpit dhcpv6-client ssh
>>   ports:
>>   protocols:
>>   masquerade: no
>>   forward-ports:
>>   icmp-blocks:
>>   rich rules:
>>
>> # mount -l  (contains next string)
>> auto.home on /home type autofs
>> (rw,relatime,fd=25,pgrp=960,timeout=300,minproto=5,maxproto=5,indirect)
>>
>> # ll /home/afayzullin
>> ls says that it cannot access /home/afayzullin: no such file or directory
>>
>> I have run
>> # ipa-client-automount --location=amantai
>> on client and it has completed successfully.
>>
>> I have tried to disable selinux, drop iptables rules. And now I am
>> little confused about what to do next. May if someone has faced with
>> automount config can give me some advice, or if there is any howto
>> config automount, or some can advise howto debug this situation?
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160607/f1a536a3/attachment.htm>

More information about the Freeipa-users mailing list