<div dir="ltr">From your errors, it looks like sssd is not able to find the autofs entries. In order to confirm that, you can add the autofs mapping manually to your config file (under /etc/auto.* depending on your config), and test if that works. If you can get that to work, the problem lies in freeipa/sssd configuration. I see that you are using sec=krb5. You may want to disable kerberos too while debugging, both at the nfs server export config, and at the client/automount config. </div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jun 7, 2016 at 9:10 AM, Arthur Fayzullin <span dir="ltr"><<a href="mailto:arthur@deus.pro" target="_blank">arthur@deus.pro</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>I have done like You said. Here is output:</p>
<tt>[root@nfsclient ~]# automount -vvvf</tt><tt><br>
</tt><tt>1 Starting automounter version 5.1.1-3.fc23, master map
auto.master</tt><tt><br>
</tt><tt>2 using kernel protocol version 5.02</tt><tt><br>
</tt><tt>3 mounted indirect on /misc with timeout 300, freq 75
seconds</tt><tt><br>
</tt><tt>4 mounted indirect on /net with timeout 300, freq 75
seconds</tt><tt><br>
</tt><tt>5 mounted indirect on /home with timeout 300, freq 75
seconds</tt><tt><br>
</tt><tt>6 lookup_read_map: lookup(sss): getautomntent_r: No such
file or directory</tt><tt><br>
</tt><tt>7 attempting to mount entry /home/afayzullin</tt><tt><br>
</tt><tt>8 >> mount.nfs4: Connection timed out</tt><tt><br>
</tt><tt>9 mount(nfs): nfs: mount failure
nfserver.ciktrb.ru:/home/afayzullin on /home/afayzullin</tt><tt><br>
</tt><tt>10 failed to mount /home/afayzullin</tt><tt><br>
</tt><tt>11 re-reading map for /home</tt><tt><br>
</tt><tt>12 attempting to mount entry /home/afayzullin</tt><tt><br>
</tt><br>
from string 1 till 6 is startup output. I have googled by
'getautomntent_r', it has shown some closed threads that should be
fixed (line 3, 4, 5 shows that it is ok)<br>
from line 7 I try to login as afayzullin and autofs tries to mount
it as I wish, but for some reason it can not.<br>
How can I know why it can not do it? Where to look for it?<br>
<br>
also I have put debug_level=6 in [autofs] at /etc/sssd/sssd.conf and
here is a piece from /var/log/sssd/sssd_autofs.log<br>
<br>
<tt>(Tue Jun 7 15:59:58 2016) [sssd[autofs]] [accept_fd_handler]
(0x0400): Client connected!<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]] [sss_cmd_get_version]
(0x0200): Received client version [1].<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]] [sss_cmd_get_version]
(0x0200): Offered version [1].<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]]
[sss_autofs_cmd_setautomntent] (0x0400): Got request for automount
map named auto.home<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]]
[sss_parse_name_for_domains] (0x0200): name 'auto.home' matched
without domain, user is auto.home<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]] [setautomntent_send]
(0x0400): Requesting info for automount map [auto.home] from
[<ALL>]<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]] [lookup_automntmap_step]
(0x0400): Requesting info for [<a href="mailto:auto.home@ciktrb.ru" target="_blank">auto.home@ciktrb.ru</a>]<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]] [sss_dp_issue_request]
(0x0400): Issuing request for
[<a href="mailto:0x558ed3ebab90:0:auto.home@ciktrb.ru" target="_blank">0x558ed3ebab90:0:auto.home@ciktrb.ru</a>]<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]] [sss_dp_get_autofs_msg]
(0x0400): Creating autofs request for
[<a href="http://ciktrb.ru" target="_blank">ciktrb.ru</a>][4105][mapname=auto.home]<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]]
[sss_dp_internal_get_send] (0x0400): Entering request
[<a href="mailto:0x558ed3ebab90:0:auto.home@ciktrb.ru" target="_blank">0x558ed3ebab90:0:auto.home@ciktrb.ru</a>]<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]] [lookup_automntmap_step]
(0x0400): Requesting info for [<a href="mailto:auto.home@ciktrb.ru" target="_blank">auto.home@ciktrb.ru</a>]<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]]
[sysdb_autofs_entries_by_map] (0x0400): Getting entries for map
auto.home<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]] [lookup_automntmap_step]
(0x0400): setautomntent done for map auto.home<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]]
[sss_autofs_cmd_setautomntent_done] (0x0400): setautomntent found
data<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]] [sss_dp_req_destructor]
(0x0400): Deleting request: [<a href="mailto:0x558ed3ebab90:0:auto.home@ciktrb.ru" target="_blank">0x558ed3ebab90:0:auto.home@ciktrb.ru</a>]<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]]
[sss_autofs_cmd_getautomntbyname] (0x0400): Requested data of map
auto.home key afayzullin<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]]
[getautomntbyname_process] (0x0080): No key named [afayzullin]
found<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]]
[sss_autofs_cmd_getautomntbyname] (0x0400): Requested data of map
auto.home key /<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]]
[getautomntbyname_process] (0x0080): No key named [/] found<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]]
[sss_autofs_cmd_getautomntbyname] (0x0400): Requested data of map
auto.home key *<br>
(Tue Jun 7 15:59:58 2016) [sssd[autofs]]
[sss_autofs_cmd_endautomntent] (0x0400): endautomntent called<br>
</tt><br>
While manual mount works fine:<br>
<tt># mount -vvv -t nfs4 nfserver.ciktrb.ru:/home/afayzullin /mnt<br>
mount.nfs4: timeout set for Tue Jun 7 17:07:25 2016<br>
mount.nfs4: trying text-based options
'vers=4.2,addr=10.254.1.167,clientaddr=10.254.1.168'<br>
[root@nfsclient ~]# echo $?<br>
0<br>
[root@nfsclient ~]# mount -l<br>
nfserver.ciktrb.ru:/home/afayzullin on /mnt type nfs4
(rw,relatime,seclabel,vers=4.2,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5,clientaddr=10.254.1.168,local_lock=none,addr=10.254.1.167)<br>
</tt><br>
<tt>$ ssh nfsclient<br>
Creating home directory for afayzullin.<br>
Last login: Tue Jun 7 17:34:14 2016<br>
Could not chdir to home directory /home/afayzullin: No such file
or directory<br>
-bash-4.3$ ll /mnt<br>
итого 0<br>
-rw-rw-r--. 1 afayzullin afayzullin 0 июн 7 17:00 test</tt><br>
<br>
but home is empty<br>
<tt># ll /home/<br>
итого 0</tt><br>
<br>
So what steps should I take next?<span class=""><br>
<br>
<div>24.05.2016 18:01, Prasun Gera пишет:<br>
</div>
</span><blockquote type="cite">
<div dir="ltr">You can stop the autofs daemon, and run it in
foreground with automount -fvv. Then try to access the mount
point in parallel. The logs from the foreground run should shed
some light. Also, does your autofs setup work without kerberos ?
As a first step it to work with non-kerberised nfs. </div><div><div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, May 23, 2016 at 11:06 AM,
Arthur Fayzullin <span dir="ltr"><<a href="mailto:arthur@deus.pro" target="_blank"></a><a href="mailto:arthur@deus.pro" target="_blank">arthur@deus.pro</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Good day,
colleagues!<br>
I am confused about how automount work and howto configure
it. I have<br>
tried to configure it according to<br>
<a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html" rel="noreferrer" target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html</a><br>
document (paragraph 9.1.1 and chapter 20).<br>
I have tried to make it work on 3 servers:<br>
1. ipa server;<br>
2. nfs server (node00);<br>
3. nfs client (postgres).<br>
<br>
<br>
*** so here how it configured on ipa server:<br>
$ ipa automountlocation-tofiles amantai<br>
/etc/auto.master:<br>
/- /etc/auto.direct<br>
/home /etc/auto.home<br>
---------------------------<br>
/etc/auto.direct:<br>
---------------------------<br>
/etc/auto.home:<br>
* -sec=kr5i,rw,fstype=nfs4
node00.glavsn.ab:/home/&<br>
<br>
maps not connected to /etc/auto.master:<br>
<br>
$ ipa service-find nfs<br>
------------------<br>
2 services matched<br>
------------------<br>
Основной: <a href="mailto:nfs/node00.glavsn.ab@GLAVSN.AB" target="_blank">nfs/node00.glavsn.ab@GLAVSN.AB</a><br>
Keytab: True<br>
Managed by: node00.glavsn.ab<br>
<br>
Основной: <a href="mailto:nfs/postgres.glavsn.ab@GLAVSN.AB" target="_blank">nfs/postgres.glavsn.ab@GLAVSN.AB</a><br>
Keytab: True<br>
Managed by: postgres.glavsn.ab<br>
<br>
<br>
*** here is nfs server config:<br>
$ sudo klist -k<br>
Пароль:<br>
Keytab name: <a>FILE:/etc/krb5.keytab</a><br>
KVNO Principal<br>
----<br>
--------------------------------------------------------------------------<br>
1 <a href="mailto:host/node00.glavsn.ab@GLAVSN.AB" target="_blank">host/node00.glavsn.ab@GLAVSN.AB</a><br>
1 <a href="mailto:host/node00.glavsn.ab@GLAVSN.AB" target="_blank">host/node00.glavsn.ab@GLAVSN.AB</a><br>
1 <a href="mailto:host/node00.glavsn.ab@GLAVSN.AB" target="_blank">host/node00.glavsn.ab@GLAVSN.AB</a><br>
1 <a href="mailto:host/node00.glavsn.ab@GLAVSN.AB" target="_blank">host/node00.glavsn.ab@GLAVSN.AB</a><br>
2 <a href="mailto:nfs/node00.glavsn.ab@GLAVSN.AB" target="_blank">nfs/node00.glavsn.ab@GLAVSN.AB</a><br>
2 <a href="mailto:nfs/node00.glavsn.ab@GLAVSN.AB" target="_blank">nfs/node00.glavsn.ab@GLAVSN.AB</a><br>
2 <a href="mailto:nfs/node00.glavsn.ab@GLAVSN.AB" target="_blank">nfs/node00.glavsn.ab@GLAVSN.AB</a><br>
2 <a href="mailto:nfs/node00.glavsn.ab@GLAVSN.AB" target="_blank">nfs/node00.glavsn.ab@GLAVSN.AB</a><br>
<br>
$ cat /etc/exports<br>
/home *(rw,sec=sys:krb5:krb5i:krb5p)<br>
<br>
$ sudo firewall-cmd --list-all<br>
public (default, active)<br>
interfaces: bridge0 enp1s0<br>
sources:<br>
services: dhcpv6-client nfs ssh<br>
ports: 8001/tcp<br>
masquerade: no<br>
forward-ports:<br>
icmp-blocks:<br>
rich rules:<br>
<br>
$ getenforce<br>
Enforcing<br>
<br>
<br>
*** here nfs client config:<br>
# klist -k<br>
Keytab name: <a>FILE:/etc/krb5.keytab</a><br>
KVNO Principal<br>
----<br>
--------------------------------------------------------------------------<br>
1 <a href="mailto:host/postgres.glavsn.ab@GLAVSN.AB" target="_blank">host/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a href="mailto:host/postgres.glavsn.ab@GLAVSN.AB" target="_blank">host/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a href="mailto:host/postgres.glavsn.ab@GLAVSN.AB" target="_blank">host/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a href="mailto:host/postgres.glavsn.ab@GLAVSN.AB" target="_blank">host/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a href="mailto:nfs/postgres.glavsn.ab@GLAVSN.AB" target="_blank">nfs/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a href="mailto:nfs/postgres.glavsn.ab@GLAVSN.AB" target="_blank">nfs/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a href="mailto:nfs/postgres.glavsn.ab@GLAVSN.AB" target="_blank">nfs/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a href="mailto:nfs/postgres.glavsn.ab@GLAVSN.AB" target="_blank">nfs/postgres.glavsn.ab@GLAVSN.AB</a><br>
<br>
# firewall-cmd --list-all<br>
FedoraServer (default, active)<br>
interfaces: ens3<br>
sources:<br>
services: cockpit dhcpv6-client ssh<br>
ports:<br>
protocols:<br>
masquerade: no<br>
forward-ports:<br>
icmp-blocks:<br>
rich rules:<br>
<br>
# mount -l (contains next string)<br>
auto.home on /home type autofs<br>
(rw,relatime,fd=25,pgrp=960,timeout=300,minproto=5,maxproto=5,indirect)<br>
<br>
# ll /home/afayzullin<br>
ls says that it cannot access /home/afayzullin: no such file
or directory<br>
<br>
I have run<br>
# ipa-client-automount --location=amantai<br>
on client and it has completed successfully.<br>
<br>
I have tried to disable selinux, drop iptables rules. And
now I am<br>
little confused about what to do next. May if someone has
faced with<br>
automount config can give me some advice, or if there is any
howto<br>
config automount, or some can advise howto debug this
situation?<br>
<span><font color="#888888"><br>
--<br>
Manage your subscription for the Freeipa-users mailing
list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a href="http://freeipa.org" rel="noreferrer" target="_blank">http://freeipa.org</a> for more info
on the project</font></span></blockquote>
</div>
<br>
</div>
</div></div></blockquote>
<br>
</div>
</blockquote></div><br></div>