Hide Forgot
Description of problem: After updating sssd and all sub packages to 1.14.1-2 the nfs-idmapd service refuses to start with the error : cannot find method sss. Version-Release number of selected component (if applicable): 1.14.1-2.fc24 How reproducible: always Steps to Reproduce: 1. update to latest patch level 2. set method in /etc/idmap.conf to sss 3. start nfsidmapd Actual results: failes with error Expected results: starts without error Additional info:
(In reply to rob.verduijn from comment #0) > Description of problem: > > After updating sssd and all sub packages to 1.14.1-2 the nfs-idmapd service > refuses to start with the error : cannot find method sss. > The plugin loading code has not change for a very long time. Just curious of you set "Method=nsswitch" do things work? also add some debugging by using the -vvv argument which should log things to /var/log/message.
Hi, After some chatting in forums the solution was to install sssd-nfs-idmap That was new with 1.14 See https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1 A heads up when these changes happen would have been nice, In the future I'll keep an eye on the release notes. And the method nsswitch did partially work. nfs-idmapd started again but all files on the kerberos nfs4 belonged to nobody:nobody Rob Verduijn
also forgot to mention method=sss works again after the new package sssd-nfs-idmap was installed. Rob Verduijn
(In reply to rob.verduijn from comment #2) > Hi, > > After some chatting in forums the solution was to install sssd-nfs-idmap > That was new with 1.14 > See > https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1 > > A heads up when these changes happen would have been nice, I agree... > > In the future I'll keep an eye on the release notes. > > And the method nsswitch did partially work. > nfs-idmapd started again but all files on the kerberos nfs4 belonged to > nobody:nobody Again, just curious... Why uses the sssd plugin in the first place? What does it do the nsswitch plugin does not?
the nsswitch plugin sets nobody:nobody as owner of all files and dirs sss sets the right owner:group. In the combination server centos 7.2 freeipa 4.2 nfs4 mount with sec=krb5p the client with method=sss worked for me and method=nsswitch doesn't. I don't know why method=nsswitch does not work properly and grew tired in the past in figuring out what was needed to get it to work. I always used method=nsswitch until it started to break for unknown reasons. Then I read about method=sss in a forum (freeipa-users) which worked so I used that. Rob Verduijn
the client is fedora 24 x86_64 Rob Verduijn
(In reply to rob.verduijn from comment #5) > the nsswitch plugin sets nobody:nobody as owner of all files and dirs > sss sets the right owner:group. > > In the combination server centos 7.2 freeipa 4.2 nfs4 mount with sec=krb5p > the > client with method=sss worked for me and method=nsswitch doesn't. Hmm... I wonder what sss does differently than nsswitch... > > I don't know why method=nsswitch does not work properly and grew tired in > the past in figuring out what was needed to get it to work. > I always used method=nsswitch until it started to break for unknown reasons. > Then I read about method=sss in a forum (freeipa-users) which worked so I > used that. Ok thanks for the info...