Bug 1251897 - nfs4 server and client with sssd connection failing to connect because script boot prioritization
nfs4 server and client with sssd connection failing to connect because scri...
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
6.5
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: SSSD Maintainers
Kaushik Banerjee
:
Depends On:
Blocks: 1172231
  Show dependency treegraph
 
Reported: 2015-08-10 05:11 EDT by Pablo Caruana
Modified: 2015-09-30 08:35 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-30 08:35:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Pablo Caruana 2015-08-10 05:11:01 EDT
Description of problem:

Rhel 6 using 
Server side
nfs-utils-1.2.3-54.el6.x86_64
nfs-utils-lib-1.1.5-9.el6.x86_64
sssd-1.9.2-129.el6_5.4.x86_64                               
sssd-client-1.9.2-129.el6_5.4.x86_64                        
sssd-tools-1.9.2-129.el6_5.4.x86_64                         

nfsidmap[1543]: nfs4_name_to_uid: calling nsswitch->name_to_uid
nfsidmap[1543]: nss_getpwnam: name 'joe@nodex.corp' domain 'nodex.corp': resulting localname 'joe'
nfsidmap[1543]: nss_getpwnam: name 'joe' not found in domain 'nodex.corp'
nfsidmap[1543]: nfs4_name_to_uid: nsswitch->name_to_uid returned -111
nfs4_name_to_uid: final return value is -111

If these are standard errno, then it ECONNREFUSED: Connection refused

if sssd is starting later you will be similar entries

sssd: Starting up
sssd[be[nodex.corp]]: Starting up
sssd[nss]: Starting up
sssd[pam]: Starting up

After restaring sssd:

sssd[pam]: Shutting down
sssd[nss]: Shutting down
sssd[be[cfc01.corp]]: Shutting down
sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps.
sssd: Starting up
sssd[be[cfc01.corp]: Starting up
sssd[nss]: Starting up
sssd[pam]: Starting up

We see nfsidmap mapping the users to nobody:

nfsidmap[9860]: key: 0x2c930bd8 type: uid value: joe@nodex.corp timeout 600
nfsidmap[9860]: adding new child .id_resolver_child_1: Required key not available
nfsidmap[9860]: nfs4_name_to_uid: calling nsswitch->name_to_uid
nfsidmap[9860]: nss_getpwnam: name 'joe@nodex.corp' domain 'nodex.corp': resulting localname 'joe'
nfs4_name_to_uid: nsswitch->name_to_uid returned 0
nfsidmap[9860]: nfs4_name_to_uid: final return value is 0
nfsidmap[9862]: key: 0x355f34b1 type: gid value: appusers@nodex.corp' timeout 600
nfsidmap[9862]: nfs4_name_to_gid: calling nsswitch->name_to_gid
nfsidmap[9862]: nfs4_name_to_gid: nsswitch->name_to_gid returned 0
nfsidmap[9862]: nfs4_name_to_gid: final return value is 0


Workarround:

""""
It is simply the startup order.

sssd MUST be before the nfsidmapd (or more correctly before nfsidmapd is asked to do anything).

The simple fix is just ver sure the sssd startup script has a Higer precedence value than the netfs one:


mv /etc/rc.d/rc3.d/S26sssd /etc/rc.d/rc3.d/S12sssd

Example: with those values will fail
S25netfs
S26sssd

changed the order in this way will work correctly.

S24sssd
S25netfs
Comment 10 Jakub Hrozek 2015-09-30 08:35:35 EDT
The case was closed, closing the BZ as well.

Note You need to log in before you can comment on or make changes to this bug.