Bug 1251897 - nfs4 server and client with sssd connection failing to connect because script boot prioritization
nfs4 server and client with sssd connection failing to connect because scri...
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: sssd (Show other bugs)
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: SSSD Maintainers
Kaushik Banerjee
Depends On:
Blocks: 1172231
  Show dependency treegraph
Reported: 2015-08-10 05:11 EDT by Pablo Caruana
Modified: 2015-09-30 08:35 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-09-30 08:35:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Pablo Caruana 2015-08-10 05:11:01 EDT
Description of problem:

Rhel 6 using 
Server side

nfsidmap[1543]: nfs4_name_to_uid: calling nsswitch->name_to_uid
nfsidmap[1543]: nss_getpwnam: name 'joe@nodex.corp' domain 'nodex.corp': resulting localname 'joe'
nfsidmap[1543]: nss_getpwnam: name 'joe' not found in domain 'nodex.corp'
nfsidmap[1543]: nfs4_name_to_uid: nsswitch->name_to_uid returned -111
nfs4_name_to_uid: final return value is -111

If these are standard errno, then it ECONNREFUSED: Connection refused

if sssd is starting later you will be similar entries

sssd: Starting up
sssd[be[nodex.corp]]: Starting up
sssd[nss]: Starting up
sssd[pam]: Starting up

After restaring sssd:

sssd[pam]: Shutting down
sssd[nss]: Shutting down
sssd[be[cfc01.corp]]: Shutting down
sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps.
sssd: Starting up
sssd[be[cfc01.corp]: Starting up
sssd[nss]: Starting up
sssd[pam]: Starting up

We see nfsidmap mapping the users to nobody:

nfsidmap[9860]: key: 0x2c930bd8 type: uid value: joe@nodex.corp timeout 600
nfsidmap[9860]: adding new child .id_resolver_child_1: Required key not available
nfsidmap[9860]: nfs4_name_to_uid: calling nsswitch->name_to_uid
nfsidmap[9860]: nss_getpwnam: name 'joe@nodex.corp' domain 'nodex.corp': resulting localname 'joe'
nfs4_name_to_uid: nsswitch->name_to_uid returned 0
nfsidmap[9860]: nfs4_name_to_uid: final return value is 0
nfsidmap[9862]: key: 0x355f34b1 type: gid value: appusers@nodex.corp' timeout 600
nfsidmap[9862]: nfs4_name_to_gid: calling nsswitch->name_to_gid
nfsidmap[9862]: nfs4_name_to_gid: nsswitch->name_to_gid returned 0
nfsidmap[9862]: nfs4_name_to_gid: final return value is 0


It is simply the startup order.

sssd MUST be before the nfsidmapd (or more correctly before nfsidmapd is asked to do anything).

The simple fix is just ver sure the sssd startup script has a Higer precedence value than the netfs one:

mv /etc/rc.d/rc3.d/S26sssd /etc/rc.d/rc3.d/S12sssd

Example: with those values will fail

changed the order in this way will work correctly.

Comment 10 Jakub Hrozek 2015-09-30 08:35:35 EDT
The case was closed, closing the BZ as well.

Note You need to log in before you can comment on or make changes to this bug.