Bug 1247669
Summary: | automounter can't communicate with AD server over ldap | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Striker Leggette <striker> | ||||
Component: | autofs | Assignee: | Ian Kent <ikent> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Filesystem QE <fs-qe> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.1 | CC: | abokovoy, dwysocha, ecl, eguan, gagriogi, grajaiya, ikent, jgalipea, jhrozek, lslebodn, mkosek, mzidek, pbrezina, steved, striker, swhiteho | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-03-01 05:53:24 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1298243 | ||||||
Attachments: |
|
Description
Striker Leggette
2015-07-28 14:58:14 UTC
Why is this assigned to SSSD when the automounter output shows autofs is using the LDAP module? Reassigning.. (In reply to Striker Leggette from comment #0) > > Additional info: > > This works fine with RHEL 6 so far, but a RHEL 7 is not able to establish a > connection. RHEL 6 and RHEL 7 configurations are identical. What RHEL-6 releases have been used and function OK? In particular does RHEL-6.6 and later work OK? > > $ cat etc/autofs_ldap_auth.conf > <autofs_ldap_sasl_conf > usetls="no" > tlsrequired="no" > authrequired="yes" > authtype="GSSAPI" > clientprinc="host/host.example.com" > /> (In reply to Ian Kent from comment #3) > (In reply to Striker Leggette from comment #0) > > > > Additional info: > > > > This works fine with RHEL 6 so far, but a RHEL 7 is not able to establish a > > connection. RHEL 6 and RHEL 7 configurations are identical. > > What RHEL-6 releases have been used and function OK? > In particular does RHEL-6.6 and later work OK? > For that matter, what releases of RHEL-7 have been found to not work? Customer reports 6.5-6.7 work fine. All versions of RHEL 7 not working. I'm currently building a reproducer within the office. (In reply to Striker Leggette from comment #5) > Customer reports 6.5-6.7 work fine. All versions of RHEL 7 not working. > I'm currently building a reproducer within the office. That's a puzzle then. While the base version is different between rhel-6 and rhel-7 the source is very much the same. There are examples many types of test setup in the autofs bugzillas regression tests that might be useful if you need to know about client and server setup. There are quite a lot of tests so the ones that relate to this can be a little hard to find, but I can help if that would be useful to you. For my part it's hard to setup a AD test environment so if you could help by setting up a reproducer and point me at a test machine in the lab and give me some info about the test AD server I could try and work out what's happening. In the meantime I'll run the bugzilla regression tests on beaker against the current rhel-7 autofs revision and see what fails I get. Ian Created attachment 1066800 [details]
customer's OU list.
Seems we experience the same problem: RHEL 7.1 autofs-5.0.7-48.el7.x86_64 # cat /etc/nsswitch.conf | grep auto automount: files ldap # cat /etc/auto.master |grep -v ^# /usr/local -null +dir:/etc/auto.master.d +auto_master # cat /etc/autofs_ldap_auth.conf <?xml version="1.0" ?> <!-- This files contains a single entry with multiple attributes tied to it. See autofs_ldap_auth.conf(5) for more information. --> <autofs_ldap_sasl_conf usetls="no" tlsrequired="no" authrequired="yes" authtype="GSSAPI" clientprinc="host/HOST.EXAMPLE.COM" /> # cat /etc/sysconfig/autofs |grep -v ^# USE_MISC_DEVICE="yes" LOGGING=debug TIMEOUT=300 BROWSE_MODE="no" MOUNT_NFS_DEFAULT_PROTOCOL=4 LDAP_URI="ldap:///dc=example,dc=com" SEARCH_BASE="OU=automount,dc=example,dc=com" MAP_OBJECT_CLASS="automountMap" ENTRY_OBJECT_CLASS="automount" MAP_ATTRIBUTE="automountMapName" ENTRY_ATTRIBUTE="automountKey" VALUE_ATTRIBUTE="automountInformation" AUTH_CONF_FILE="/etc/autofs_ldap_auth.conf" # /usr/sbin/automount -df Starting automounter version 5.0.7-48.el7, master map auto.master using kernel protocol version 5.02 lookup_nss_read_master: reading master files auto.master parse_init: parse(sun): init gathered global options: (null) spawn_mount: mtab link detected, passing -n to mount spawn_umount: mtab link detected, passing -n to mount lookup_read_master: lookup(file): read entry /usr/local lookup_read_master: lookup(file): read entry +dir:/etc/auto.master.d lookup_nss_read_master: reading master dir /etc/auto.master.d lookup_read_master: lookup(dir): scandir: /etc/auto.master.d lookup_read_master: lookup(file): read entry +auto_master lookup_nss_read_master: reading master files auto_master lookup(file): file map /etc/auto_master missing or not readable lookup_nss_read_master: reading master ldap auto_master parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "auto_master". parse_server_string: lookup(ldap): mapname auto_master parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 2, sasl_mech: GSSAPI parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: host/HOST.EXAMPLE.COM credential cache: (null) parse_init: parse(sun): init gathered global options: (null) get_dc_list: doing lookup of SRV RRs for domain EXAMPLE.COM get_srv_rrs: 6 records returned in the answer section find_dc_server: trying server uri ldap://xxxxx002a.EXAMPLE.COM:389 do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI sasl_do_kinit: initializing kerberos ticket: client principal host/HOST.EXAMPLE.COM sasl_do_kinit: calling krb5_parse_name on client principal host/HOST.EXAMPLE.COM sasl_do_kinit: Using tgs name krbtgt/EXAMPLE.COM sasl_do_kinit: Kerberos authentication was successful! sasl_bind_mech: Attempting sasl bind with mechanism GSSAPI getuser_func: called with context (nil), id 16385. The LDAP server indicated that the LDAP SASL bind was incomplete, but did not provide the required data to proceed. LDAP SASL bind with mechanism GSSAPI failed. sasl bind with mechanism GSSAPI failed do_bind: lookup(ldap): autofs_sasl_bind returned -1 lookup(ldap): couldn't connect to server ldap://xxxxx002a.EXAMPLE.COM:389 find_dc_server: trying server uri ldap://xxxxx002b.EXAMPLE.COM:389 do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI sasl_bind_mech: Attempting sasl bind with mechanism GSSAPI getuser_func: called with context (nil), id 16385. The LDAP server indicated that the LDAP SASL bind was incomplete, but did not provide the required data to proceed. LDAP SASL bind with mechanism GSSAPI failed. sasl bind with mechanism GSSAPI failed do_bind: lookup(ldap): autofs_sasl_bind returned -1 lookup(ldap): couldn't connect to server ldap://xxxxx002b.EXAMPLE.COM:389 find_dc_server: trying server uri ldap://xxxxx003a.EXAMPLE.COM:389 do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI sasl_bind_mech: Attempting sasl bind with mechanism GSSAPI getuser_func: called with context (nil), id 16385. The LDAP server indicated that the LDAP SASL bind was incomplete, but did not provide the required data to proceed. LDAP SASL bind with mechanism GSSAPI failed. sasl bind with mechanism GSSAPI failed do_bind: lookup(ldap): autofs_sasl_bind returned -1 lookup(ldap): couldn't connect to server ldap://xxxxx003a.EXAMPLE.COM:389 find_dc_server: trying server uri ldap://xxxxx003b.EXAMPLE.COM:389 do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI sasl_bind_mech: Attempting sasl bind with mechanism GSSAPI getuser_func: called with context (nil), id 16385. The LDAP server indicated that the LDAP SASL bind was incomplete, but did not provide the required data to proceed. LDAP SASL bind with mechanism GSSAPI failed. sasl bind with mechanism GSSAPI failed do_bind: lookup(ldap): autofs_sasl_bind returned -1 lookup(ldap): couldn't connect to server ldap://xxxxx003b.EXAMPLE.COM:389 find_dc_server: trying server uri ldap://xxxxx001a.EXAMPLE.COM:389 do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI sasl_bind_mech: Attempting sasl bind with mechanism GSSAPI getuser_func: called with context (nil), id 16385. The LDAP server indicated that the LDAP SASL bind was incomplete, but did not provide the required data to proceed. LDAP SASL bind with mechanism GSSAPI failed. sasl bind with mechanism GSSAPI failed do_bind: lookup(ldap): autofs_sasl_bind returned -1 lookup(ldap): couldn't connect to server ldap://xxxxx001a.EXAMPLE.COM:389 find_dc_server: trying server uri ldap://xxxxx001b.EXAMPLE.COM:389 do_bind: lookup(ldap): auth_required: 2, sasl_mech GSSAPI sasl_bind_mech: Attempting sasl bind with mechanism GSSAPI getuser_func: called with context (nil), id 16385. The LDAP server indicated that the LDAP SASL bind was incomplete, but did not provide the required data to proceed. LDAP SASL bind with mechanism GSSAPI failed. sasl bind with mechanism GSSAPI failed do_bind: lookup(ldap): autofs_sasl_bind returned -1 lookup(ldap): couldn't connect to server ldap://xxxxx001b.EXAMPLE.COM:389 do_reconnect: lookup(ldap): failed to find available server lookup(file): failed to read included master map auto_master no mounts in table same config works on RHEL 6.5, autofs-5.0.5-89.el6_5.2.x86_64 |