Bug 1216285
| Summary: | autofs provider fails when default_domain_suffix and use_fully_qualified_names set | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Aron Parsons <parsonsa> | ||||||||
| Component: | sssd | Assignee: | SSSD Maintainers <sssd-maint> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> | ||||||||
| Severity: | high | Docs Contact: | |||||||||
| Priority: | medium | ||||||||||
| Version: | 7.1 | CC: | grajaiya, jgalipea, jhrozek, lslebodn, mkosek, mzidek, nsoman, pbrezina, preichl, sumenon | ||||||||
| Target Milestone: | rc | ||||||||||
| Target Release: | --- | ||||||||||
| Hardware: | x86_64 | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | sssd-1.13.0-0.1.alpha.el7 | Doc Type: | Bug Fix | ||||||||
| Doc Text: |
Cause: The default_domain_suffix option is meant as a short-hand to access objects from trusted domains without having to append the trusted domain name. However, some information, like autofs maps can only be stored on IPA server and not the trusted AD domain,so it doesn't make sense to append the trusted AD domain name there.
Consequence: If default_domain_suffix was set, autofs maps were not accessible as they were searched on the trusted AD server
Fix: default_domain_suffix is not considered anymore for autofs maps
Result: If default_domain_suffix was set, autofs maps are accessible again
|
Story Points: | --- | ||||||||
| Clone Of: | |||||||||||
| : | 1217328 (view as bug list) | Environment: | |||||||||
| Last Closed: | 2015-11-19 11:38:22 UTC | Type: | Bug | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Bug Depends On: | |||||||||||
| Bug Blocks: | 1217328 | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Aron Parsons
2015-04-29 03:01:50 UTC
Created attachment 1019960 [details]
sssd-logs
I think your patch is completely correct, the autofs maps can't be qualified, the root is always auto.master (ok, this is configurable) and then automounter traverses the maps. I can't think of a scenario where it would be possible for a user to specify a qualified map other than overriding the map name in the config. Can you send the patch to sssd-devel, please? I'll ack it. Upstream ticket: https://fedorahosted.org/sssd/ticket/2643 btw I was also able to reproduce the bug and verify it's fixed using your patch with an ordinary LDAP domain, just to make sure there was nothing specific to IPA I was missing. Thanks a lot for the patch! Fixed upstream:
sssd-1-12: 8f57c6765b10de36582ef1dbee32d75452451a94
master: 4df706219e64527209f12ad0c7814ee1be979c07
Created attachment 1079921 [details]
automount steps
Jakub, I did create many maps and associated keys on the IPA-server and am able to access them from the ipa-client using the below command. I think we are good to mark this as VERIFIED. Can you please confirm. [root@ipaclient02 etc]# ipa automountlocation-tofiles baltimore; grep -e fully -e default /etc/sssd/sssd.conf; service sssd restart; sss_cache -E; service autofs restart; automount -m /etc/auto.master: /- /etc/auto.direct --------------------------- /etc/auto.direct: maps not connected to /etc/auto.master: --------------------------- /etc/auto.data: data -ro,ipa01.labs01.test:/shared/data --------------------------- /etc/auto.share: man -ro,soft,rsize=8192,wsize=8192 ipa01.labs01.test:/shared/man --------------------------- /etc/auto.test: test -ro,soft,ipa01.labs01.test:/shared/test default_domain_suffix = test.in use_fully_qualified_names = true Redirecting to /bin/systemctl restart sssd.service Redirecting to /bin/systemctl restart autofs.service autofs dump map information =========================== global options: none configured Mount point: /misc source(s): instance type(s): file map: /etc/auto.misc cd | -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom Mount point: /net source(s): type: hosts ipaclient02.labs01.test | (null) localhost | (null) Mount point: /- source(s): lookup_read_map: lookup(sss): getautomntent_r: No such file or directory instance type(s): sss map: auto.direct no keys found in map Hmm, I don't see /shared/data in automount -m output, looks like you need to link the auto.share map with auto.master ? Jakub, After manually adding the entries in /etc/auto.master in ipaclient, automount -m is showing the values. /shared/data /etc/auto.data /shared/man /etc/auto.share /shared/test /etc/auto.test [root@ipaclient02 ~]# automount -m autofs dump map information =========================== global options: none configured Mount point: /misc source(s): instance type(s): file map: /etc/auto.misc cd | -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom instance type(s): files sss map: auto.misc duplicate indirect map entry will be ignored at run time cd | -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom cd | -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom Mount point: /shared/data source(s): instance type(s): file map: /etc/auto.data data | -ro,ipaclient02.labs01.test/shared/data Mount point: /shared/man source(s): instance type(s): file map: /etc/auto.share man | -ro,soft,rsize=8192,wsize=8192 ipaclient02.labs01.test:/shared/man Mount point: /shared/test source(s): instance type(s): file map: /etc/auto.test test | -ro,soft,ipaclient02.labs01.test:/shared/test Mount point: /net source(s): type: hosts ipaclient02.labs01.test | (null) localhost | (null) Mount point: /- source(s): lookup_read_map: lookup(sss): getautomntent_r: No such file or directory instance type(s): sss map: auto.direct no keys found in map (In reply to Sudhir Menon from comment #15) > Jakub, > After manually adding the entries in /etc/auto.master in ipaclient, > automount -m is showing the values. > I guess this is so-so, but wouldn't it be better to link auto.master on the server with auto.share on the server? See ipa help automounter, it gives example on how to configure similar setup. Verified using RHEL7.2 sssd-1.13.0-36.el7.x86_64 ipa-server-4.2.0-12.el7.x86_64 ipa-server-dns-4.2.0-12.el7.x86_64 ipa-server-trust-ad-4.2.0-12.el7.x86_64 Observations: "setautomntent: lookup(sss): setautomntent: Cannot allocate memory" is not displayed. Steps done: 1. On IPA-Server #vi etc/exportfs /ipaexport *(rw) 2. service nfs restart 3. [root@ipa01 ~]# ipa automountlocation-add baltimore ------------------------------------ Added automount location "baltimore" ------------------------------------ Location: baltimore 4.[root@ipa01 ~]# ipa automountmap-add baltimore auto.share -------------------------------- Added automount map "auto.share" -------------------------------- Map: auto.share 5.[root@ipa01 ~]# ipa automountkey-add baltimore auto.master --key=/share --info=auto.share ---------------------------- Added automount key "/share" ---------------------------- Key: /share Mount information: auto.share 6.[root@ipa01 ~]# ipa automountkey-find baltimore auto.share ----------------------- 1 automount key matched ----------------------- Key: test Mount information: -rw,sync,ipa01.labs01.test:/ipaexport ---------------------------- Number of entries returned 1 ---------------------------- 7. [root@ipaclient02 ~]# ipa-client-automount --server=ipa01.labs01.test --location=baltimore IPA server: ipa01.labs01.test Location: baltimore Continue to configure the system with these values? [no]: yes Configured /etc/sysconfig/nfs Configured /etc/idmapd.conf Started rpcidmapd Started rpcgssd Restarting sssd, waiting for it to become available. Started autofs 8. Ran the below command on IPAclient which was giving the error. Now its not giving the error. [root@ipaclient02 ~]# ipa automountlocation-tofiles baltimore; grep -e fully -e default /etc/sssd/sssd.conf; service sssd restart; sss_cache -E; service autofs restart; automount -m /etc/auto.master: /- /etc/auto.direct /share /etc/auto.share --------------------------- /etc/auto.direct: --------------------------- /etc/auto.share: test -rw,sync,ipa01.labs01.test:/ipaexport maps not connected to /etc/auto.master: default_domain_suffix = test.in use_fully_qualified_names = true Redirecting to /bin/systemctl restart sssd.service Redirecting to /bin/systemctl restart autofs.service autofs dump map information =========================== global options: none configured Mount point: /misc source(s): instance type(s): file map: /etc/auto.misc cd | -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom Mount point: /net source(s): type: hosts ipaclient02.labs01.test | (null) localhost | (null) Mount point: /- source(s): lookup_read_map: lookup(sss): getautomntent_r: No such file or directory instance type(s): sss map: auto.direct no keys found in map Mount point: /share source(s): instance type(s): sss map: auto.share test | -rw,sync,ipa01.labs01.test:/ipaexport Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2355.html |