1251897 – nfs4 server and client with sssd connection failing to connect because script boot prioritization

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1251897 - nfs4 server and client with sssd connection failing to connect because script boot prioritization

Summary: nfs4 server and client with sssd connection failing to connect because scri...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	SSSD Maintainers
QA Contact:	Kaushik Banerjee
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1172231
TreeView+	depends on / blocked

Reported:	2015-08-10 09:11 UTC by Pablo Caruana
Modified:	2019-08-15 05:05 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-09-30 12:35:35 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Pablo Caruana 2015-08-10 09:11:01 UTC

Description of problem:

Rhel 6 using 
Server side
nfs-utils-1.2.3-54.el6.x86_64
nfs-utils-lib-1.1.5-9.el6.x86_64
sssd-1.9.2-129.el6_5.4.x86_64                               
sssd-client-1.9.2-129.el6_5.4.x86_64                        
sssd-tools-1.9.2-129.el6_5.4.x86_64                         

nfsidmap[1543]: nfs4_name_to_uid: calling nsswitch->name_to_uid
nfsidmap[1543]: nss_getpwnam: name 'joe' domain 'nodex.corp': resulting localname 'joe'
nfsidmap[1543]: nss_getpwnam: name 'joe' not found in domain 'nodex.corp'
nfsidmap[1543]: nfs4_name_to_uid: nsswitch->name_to_uid returned -111
nfs4_name_to_uid: final return value is -111

If these are standard errno, then it ECONNREFUSED: Connection refused

if sssd is starting later you will be similar entries

sssd: Starting up
sssd[be[nodex.corp]]: Starting up
sssd[nss]: Starting up
sssd[pam]: Starting up

After restaring sssd:

sssd[pam]: Shutting down
sssd[nss]: Shutting down
sssd[be[cfc01.corp]]: Shutting down
sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps.
sssd: Starting up
sssd[be[cfc01.corp]: Starting up
sssd[nss]: Starting up
sssd[pam]: Starting up

We see nfsidmap mapping the users to nobody:

nfsidmap[9860]: key: 0x2c930bd8 type: uid value: joe timeout 600
nfsidmap[9860]: adding new child .id_resolver_child_1: Required key not available
nfsidmap[9860]: nfs4_name_to_uid: calling nsswitch->name_to_uid
nfsidmap[9860]: nss_getpwnam: name 'joe' domain 'nodex.corp': resulting localname 'joe'
nfs4_name_to_uid: nsswitch->name_to_uid returned 0
nfsidmap[9860]: nfs4_name_to_uid: final return value is 0
nfsidmap[9862]: key: 0x355f34b1 type: gid value: appusers' timeout 600
nfsidmap[9862]: nfs4_name_to_gid: calling nsswitch->name_to_gid
nfsidmap[9862]: nfs4_name_to_gid: nsswitch->name_to_gid returned 0
nfsidmap[9862]: nfs4_name_to_gid: final return value is 0


Workarround:

""""
It is simply the startup order.

sssd MUST be before the nfsidmapd (or more correctly before nfsidmapd is asked to do anything).

The simple fix is just ver sure the sssd startup script has a Higer precedence value than the netfs one:


mv /etc/rc.d/rc3.d/S26sssd /etc/rc.d/rc3.d/S12sssd

Example: with those values will fail
S25netfs
S26sssd

changed the order in this way will work correctly.

S24sssd
S25netfs

Comment 10 Jakub Hrozek 2015-09-30 12:35:35 UTC

The case was closed, closing the BZ as well.

Note You need to log in before you can comment on or make changes to this bug.