[Freeipa-users] FreeIPA NFS Automount with Kerberos troubleshooting help needed

jcccb via FreeIPA-users Fri, 12 Jan 2018 08:22:20 -0800

"getent passwd" gave me on all maschines the same results

some logs from the NFS Server=


journalctl:

Jan 12 14:37:14 nfs_server sssd_be[216]: GSSAPI client step 1
Jan 12 14:37:14 nfs_server sssd_be[216]: GSSAPI client step 1
Jan 12 14:37:14 nfs_server sssd_be[216]: GSSAPI client step 1
Jan 12 14:37:14 nfs_server sssd_be[216]: GSSAPI client step 2
Jan 12 14:52:14 nfs_server sssd_be[216]: GSSAPI client step 1
Jan 12 14:52:14 nfs_server sssd_be[216]: GSSAPI client step 1
Jan 12 14:52:14 nfs_server sssd_be[216]: GSSAPI client step 1
Jan 12 14:52:14 nfs_server sssd_be[216]: GSSAPI client step 2
Jan 12 14:52:38 nfs_server systemd[1]: Stopping RPC security service for NFS 
client and server...
Jan 12 14:52:38 nfs_server systemd[1]: Starting Preprocess NFS configuration...
Jan 12 14:52:38 nfs_server systemd[1]: Started Preprocess NFS configuration.
Jan 12 14:52:38 nfs_server systemd[1]: Starting RPC security service for NFS 
client and server...
Jan 12 14:52:38 nfs_server systemd[1]: Started RPC security service for NFS 
client and server.
Jan 12 14:54:29 nfs_server systemd[1]: Starting RPC bind service...
Jan 12 14:54:29 nfs_server systemd[1]: Started RPC bind service.
Jan 12 15:07:14 nfs_server sssd_be[216]: GSSAPI client step 1
Jan 12 15:07:14 nfs_server sssd_be[216]: GSSAPI client step 1
Jan 12 15:07:14 nfs_server sssd_be[216]: GSSAPI client step 1
Jan 12 15:07:14 nfs_server sssd_be[216]: GSSAPI client step 2
Jan 12 15:22:14 nfs_server sssd_be[216]: GSSAPI client step 1
Jan 12 15:22:14 nfs_server sssd_be[216]: GSSAPI client step 1
Jan 12 15:22:14 nfs_server sssd_be[216]: GSSAPI client step 1
Jan 12 15:22:14 nfs_server sssd_be[216]: GSSAPI client step 2
Jan 12 15:25:12 nfs_server systemd[1]: Reached target Host and Network Name 
Lookups.
Jan 12 15:25:12 nfs_server systemd[1]: Starting Host and Network Name Lookups.
Jan 12 15:25:12 nfs_server systemd[1]: Starting Kernel Module supporting 
RPCSEC_GSS...
Jan 12 15:25:12 nfs_server systemd[1]: Starting Preprocess NFS configuration...
Jan 12 15:25:12 nfs_server systemd[1]: auth-rpcgss-module.service: main process 
exited, code=exited, status=1/FAILURE
Jan 12 15:25:12 nfs_server systemd[1]: Failed to start Kernel Module supporting 
RPCSEC_GSS.
Jan 12 15:25:12 nfs_server systemd[1]: Unit auth-rpcgss-module.service entered 
failed state.
Jan 12 15:25:12 nfs_server systemd[1]: auth-rpcgss-module.service failed.
Jan 12 15:25:12 nfs_server systemd[1]: Started Preprocess NFS configuration.
Jan 12 15:25:12 nfs_server systemd[1]: Starting NFSv4 ID-name mapping service...
Jan 12 15:25:12 nfs_server systemd[1]: Starting NFS Mount Daemon...
Jan 12 15:25:12 nfs_server systemd[1]: Starting NFS status monitor for NFSv2/3 
locking....
Jan 12 15:25:12 nfs_server rpc.statd[505]: Version 1.3.0 starting
Jan 12 15:25:12 nfs_server rpc.statd[505]: Flags: TI-RPC
Jan 12 15:25:12 nfs_server systemd[1]: Started NFSv4 ID-name mapping service.
Jan 12 15:25:12 nfs_server rpc.mountd[507]: Version 1.3.0 starting
Jan 12 15:25:12 nfs_server systemd[1]: Started NFS Mount Daemon.
Jan 12 15:25:12 nfs_server systemd[1]: Started NFS status monitor for NFSv2/3 
locking..
Jan 12 15:25:12 nfs_server systemd[1]: Starting NFS server and services...
Jan 12 15:25:12 nfs_server systemd[1]: Started NFS server and services.
Jan 12 15:25:12 nfs_server systemd[1]: Starting Notify NFS peers of a restart...
Jan 12 15:25:12 nfs_server sm-notify[513]: Version 1.3.0 starting
Jan 12 15:25:12 nfs_server sm-notify[513]: Already notifying clients; Exiting!
Jan 12 15:25:12 nfs_server systemd[1]: Started Notify NFS peers of a restart.
Jan 12 15:26:11 nfs_server systemd[1]: Stopping RPC security service for NFS 
client and server...
Jan 12 15:26:11 nfs_server systemd[1]: Starting Preprocess NFS configuration...
Jan 12 15:26:11 nfs_server systemd[1]: Started Preprocess NFS configuration.
Jan 12 15:26:11 nfs_server systemd[1]: Starting RPC security service for NFS 
client and server...
Jan 12 15:26:11 nfs_server systemd[1]: Started RPC security service for NFS 
client and server.



i have to do an systemctl restart rpc-gssd in the nfs_server after a reboot 
otherwise its not even working with my home automount folders like mentioned in 
my first post.
after the restart i can access the "public" and my personal "home" folder 
mounted from nfs_server:/home/& on the client at /home/ipa/username
so everythings fine with the auto.home map as far as i can tell

would be nice to fix this little anyoance anyways so i dont need to restart 
this servbice everytime manually after a reboot 





on the ubuntu_client=

Jan 12 14:47:11 ubuntu_client apparmor[89]: /etc/init.d/apparmor: 256: 
/etc/init.d/apparmor: cannot open /sys/kernel/security/apparmor/.ns_stacked: 
Permission denied
Jan 12 14:47:11 ubuntu_client apparmor[89]:  * Not starting AppArmor in 
container
Jan 12 14:47:11 ubuntu_client apparmor[89]:    ...done.
Jan 12 14:47:11 ubuntu_client systemd[1]: Started AppArmor initialization.
Jan 12 14:47:11 ubuntu_client systemd[1]: networking.service: Failed to reset 
devices.list: Operation not permitted
...skipping...
Jan 12 16:45:43 ubuntu_client automount[615]: expire_cleanup: sigchld: exp 
140530876737280 finished, switching from 5 to 7
Jan 12 16:45:43 ubuntu_client automount[615]: st_shutdown: state 5 path /-
Jan 12 16:45:43 ubuntu_client automount[615]: expire_cleanup: got thid 
140530981533440 path /home/ipa stat 0
Jan 12 16:45:43 ubuntu_client automount[615]: expire_cleanup: sigchld: exp 
140530981533440 finished, switching from 5 to 7
Jan 12 16:45:43 ubuntu_client automount[615]: st_shutdown: state 5 path 
/home/ipa
Jan 12 16:45:43 ubuntu_client automount[615]: expire_cleanup: got thid 
140530865141504 path /storage stat 0
Jan 12 16:45:43 ubuntu_client automount[615]: expire_cleanup: sigchld: exp 
140530865141504 finished, switching from 5 to 7
Jan 12 16:45:43 ubuntu_client automount[615]: st_shutdown: state 5 path /storage
Jan 12 16:45:43 ubuntu_client automount[615]: automount_path_to_fifo: fifo name 
/var/run/autofs.fifo--
Jan 12 16:45:43 ubuntu_client automount[615]: shut down path /-
Jan 12 16:45:44 ubuntu_client automount[615]: umount_multi: path /home/ipa incl 0
Jan 12 16:45:44 ubuntu_client automount[615]: rm_unwanted_fn: removing 
directory /home/ipa/public
Jan 12 16:45:44 ubuntu_client automount[615]: rm_unwanted_fn: removing 
directory /home/ipa/username
Jan 12 16:45:44 ubuntu_client automount[615]: umounted indirect mount /home/ipa
Jan 12 16:45:44 ubuntu_client automount[615]: automount_path_to_fifo: fifo name 
/var/run/autofs.fifo-home-ipa
Jan 12 16:45:44 ubuntu_client automount[615]: shut down path /home/ipa
Jan 12 16:45:44 ubuntu_client automount[615]: umount_multi: path /storage incl 0
Jan 12 16:45:44 ubuntu_client automount[615]: rm_unwanted_fn: removing 
directory /storage/software
Jan 12 16:45:44 ubuntu_client automount[615]: rm_unwanted_fn: removing 
directory /storage/media
Jan 12 16:45:44 ubuntu_client automount[615]: rm_unwanted_fn: removing 
directory /storage/downloads
Jan 12 16:45:44 ubuntu_client automount[615]: rm_unwanted_fn: removing 
directory /storage/data
Jan 12 16:45:44 ubuntu_client automount[615]: umounted indirect mount /storage
Jan 12 16:45:44 ubuntu_client automount[615]: automount_path_to_fifo: fifo name 
/var/run/autofs.fifo-storage
Jan 12 16:45:44 ubuntu_client automount[615]: shut down path /storage
Jan 12 16:45:44 ubuntu_client automount[615]: autofs stopped
Jan 12 16:45:44 ubuntu_client systemd[1]: Stopped Automounts filesystems on 
demand.
Jan 12 16:45:44 ubuntu_client systemd[1]: autofs.service: Failed to reset 
devices.list: Operation not permitted
Jan 12 16:45:44 ubuntu_client systemd[1]: Starting Automounts filesystems on 
demand...
Jan 12 16:45:44 ubuntu_client automount[825]: Starting automounter version 
5.1.2, master map /etc/auto.master
Jan 12 16:45:44 ubuntu_client automount[825]: using kernel protocol version 5.02
Jan 12 16:45:44 ubuntu_client automount[825]: lookup_nss_read_master: reading 
master file /etc/auto.master
Jan 12 16:45:44 ubuntu_client automount[825]: do_init: parse(sun): init 
gathered global options: (null)
Jan 12 16:45:44 ubuntu_client automount[825]: lookup_read_master: lookup(file): 
read entry +dir:/etc/auto.master.d
Jan 12 16:45:44 ubuntu_client automount[825]: lookup_nss_read_master: reading 
master dir /etc/auto.master.d
Jan 12 16:45:44 ubuntu_client automount[825]: lookup(dir): dir map 
/etc/auto.master.d missing or not readable
Jan 12 16:45:44 ubuntu_client automount[825]: lookup(file): failed to read 
included master map dir:/etc/auto.master.d
Jan 12 16:45:44 ubuntu_client automount[825]: lookup_read_master: lookup(file): 
read entry +auto.master
Jan 12 16:45:44 ubuntu_client automount[825]: lookup_nss_read_master: reading 
master sss auto.master
Jan 12 16:45:44 ubuntu_client automount[825]: do_init: parse(sun): init 
gathered global options: (null)
Jan 12 16:45:44 ubuntu_client automount[825]: master_do_mount: mounting /-
Jan 12 16:45:44 ubuntu_client automount[825]: automount_path_to_fifo: fifo name 
/var/run/autofs.fifo--
Jan 12 16:45:44 ubuntu_client automount[825]: lookup_nss_read_map: reading map 
sss auto.direct
Jan 12 16:45:44 ubuntu_client automount[825]: do_init: parse(sun): init 
gathered global options: (null)
Jan 12 16:45:44 ubuntu_client automount[825]: lookup_read_map: lookup(sss): 
getautomntent_r: No such file or directory
Jan 12 16:45:44 ubuntu_client automount[825]: st_ready: st_ready(): state = 0 
path /-
Jan 12 16:45:44 ubuntu_client automount[825]: master_do_mount: mounting /storage
Jan 12 16:45:44 ubuntu_client automount[825]: automount_path_to_fifo: fifo name 
/var/run/autofs.fifo-storage
Jan 12 16:45:44 ubuntu_client automount[825]: lookup_nss_read_map: reading map 
sss auto.storage
Jan 12 16:45:44 ubuntu_client automount[825]: do_init: parse(sun): init 
gathered global options: (null)
Jan 12 16:45:44 ubuntu_client automount[825]: mounted indirect on /storage with 
timeout 300, freq 75 seconds
Jan 12 16:45:44 ubuntu_client automount[825]: st_ready: st_ready(): state = 0 
path /storage
Jan 12 16:45:44 ubuntu_client automount[825]: ghosting enabled
Jan 12 16:45:44 ubuntu_client automount[825]: master_do_mount: mounting 
/home/ipa
Jan 12 16:45:44 ubuntu_client automount[825]: automount_path_to_fifo: fifo name 
/var/run/autofs.fifo-home-ipa
Jan 12 16:45:44 ubuntu_client automount[825]: lookup_nss_read_map: reading map 
sss auto.home
Jan 12 16:45:44 ubuntu_client automount[825]: do_init: parse(sun): init 
gathered global options: (null)
Jan 12 16:45:44 ubuntu_client automount[825]: mounted indirect on /home/ipa 
with timeout 300, freq 75 seconds
Jan 12 16:45:44 ubuntu_client automount[825]: st_ready: st_ready(): state = 0 
path /home/ipa
Jan 12 16:45:44 ubuntu_client automount[825]: ghosting enabled
Jan 12 16:45:44 ubuntu_client systemd[1]: Started Automounts filesystems on 
demand.

after an systemctl restart autofs the sssd_autfs.log looks like



I think also i have the automount setup like u suggested @Tony Brian Albers ?

root@ubuntu_client:~# automount -m
lookup_nss_read_master: reading master file /etc/auto.master
do_init: parse(sun): init gathered global options: (null)
lookup_read_master: lookup(file): read entry +dir:/etc/auto.master.d
lookup_nss_read_master: reading master dir /etc/auto.master.d
lookup(dir): dir map /etc/auto.master.d missing or not readable
lookup(file): failed to read included master map dir:/etc/auto.master.d
lookup_read_master: lookup(file): read entry +auto.master
lookup_nss_read_master: reading master sss auto.master
do_init: parse(sun): init gathered global options: (null)

autofs dump map information
===========================

global options: none configured

Mount point: /-

source(s):
lookup_nss_read_map: reading map sss auto.direct
do_init: parse(sun): init gathered global options: (null)
lookup_read_map: lookup(sss): getautomntent_r: No such file or directory

  instance type(s): sss
  map: auto.direct

  no keys found in map


Mount point: /storage

source(s):
lookup_nss_read_map: reading map sss auto.storage
do_init: parse(sun): init gathered global options: (null)

  instance type(s): sss
  map: auto.storage

  software | -fstype=nfs4,rw,no_root_squash,sec=krb5,soft,rsize=8192,wsize=8192 
nfs_server.ipa.mydomain.example:/storage/software
  data | -fstype=nfs4,rw,no_root_squash,sec=krb5,soft,rsize=8192,wsize=8192 
nfs_server.ipa.mydomain.example:/storage/data
  downloads | nfs_server.ipa.mydomain.example:/storage/downloads
  media | nfs_server.ipa.mydomain.example:/storage/media


Mount point: /home/ipa

source(s):
lookup_nss_read_map: reading map sss auto.home
do_init: parse(sun): init gathered global options: (null)

  instance type(s): sss
  map: auto.home

  * | nfs_server.ipa.mydomain.example:/home/&
  public | nfs_server.ipa.mydomain.example:/home/public


i played a bit with the storage mount options, wich options would be recommended

whole kerberos is working fine with no errors at the ipa server

no selinux active at the ubuntu client or at the nfs server freeipa client 
since both are proxmox lxc containers and apparmor is watching them instead a 
problem here?
but why are some mounts then work like they should and some not?

freeipa-server is an fedora27 with selinux active but i cant see any errors in 
the logs while restarting autofs service so far
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

[Freeipa-users] FreeIPA NFS Automount with Kerberos troubleshooting help needed

Reply via email to