[Freeipa-users] Problem with autofs
2016-12-06
Thread
List dedicated to discussions about use, configuration and deployment of the IPA server.
Hello, i have setup an IPA environment using Fedora 24 for the clients and Scientific Linux 7.2 for the servers. All clients are mounting NFS4 shares on a central server. The setup is based on the Red Hat Documentation (Red_Hat_Enterprise_Linux-7-Linux_Domain_Identity_Authentication_and_Policy_Guide-en-US). Everything works well, except one issue: On the NFS servers i was also using the command ipa-client-automount to complete the installation process. As i mentioned, it is a NFS4 server with a basic setup, exports like this: /export 1xx.xx.xx.0/25(ro,root_squash,sec=krb5i,fsid=0) /export/appl1xx.xx.xx.0/25(rw,root_squash,sec=krb5i) But starting the autofs service freezes some parts of the server. Especially „ls“ is not working and you have to wait a long time to login. After a while autofs is running. After some days login is no problem or only sometimes. The same with „ls“. I never saw NFS problems, this services had no problems. But the server crashes now every two or four days. Rebooting and running again. Ok, it makes no sense to run autofs on a dedicated NFS server. So i disabled this service and i had no problems anymore. But i think, it must be possible to run it. So i think, there is somewhere a big bug. So i want to know, is here someone who is running a Kerberized NFS Server in an IPA environment and also have autofs problems on this server? I have a lot of core dumps and system messages. I am not able to analyze them. Of course, i can send them somewhere … At least i want to know, is this behavior a know bug or is something wrong with my configuration? Thanx for any hints. Detlev -- Detlev | Institut fuer Mikroelektronische Systeme Habicht | D-30167 Hannover +49 511 76219662 habi...@ims.uni-hannover.de + Handy+49 172 5415752 --- -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] [freeipa-users] Problem managing Autofs with FreeIPA
On Mon, Feb 01, 2016 at 04:11:32PM -0600, Jon wrote: > Hello, > > I am attempting to configure autofs to automount home directories from an > NFS server. > > I'm following these instructions as this was the only contiguous "here's > what you need to do" instructions as the FreeIPA and Fedora documentation > seems to contradict itself, and there's no clear cut a. then b. then c. > (Admittedly, this is my first foray into managing home dirs this way, so > I'm learning all around :) but I need a bit of direction...) > > First things first, can anyone confirm these directions are correct please? > > > http://blog.delouw.ch/2015/03/14/using-ipa-to-provide-automount-maps-for-nfsv4-home-directories/ > > I'm going to assume they are for the purposes of the rest of the post. > > I'm currently working with three servers: > freeipa01 - The FreeIPA server > home-dir01 - The Home directory NFS server > ipa-test01 - My test server where I'm making changes/trying to mount the > home directory. > > ipa-test01 is the only CentOS 6.5 machine (no choice, it's the "production > blessed" image), freeipa01 and home-dir01 are both CentOS7. > > Following those above linked instructions, I have created the following > autmount configurations: > > Automount Configuration: > >> [root@ipa-test01 ~]# ipa automountlocation-find > >> > >> 1 automount location matched > >> > >> Location: default > >> > >> Number of entries returned 1 > >> > >> > >> [root@ipa-test01 ~]# ipa automountmap-find > >> Location: default > >> > >> 3 automount maps matched > >> > >> Map: auto.direct > >> > >> Map: auto.home > >> > >> Map: auto.master > >> > >> Number of entries returned 3 > >> > >> > >> [root@ipa-test01 ~]# ipa automountkey-find default auto.home > >> --- > >> 1 automount key matched > >> --- > >> Key: * > >> Mount information: -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192 > home-dir01.sub.domain.mydomain.com:/exports/home/& > >> > >> Number of entries returned 1 > >> > > Exports configuration: > > >> [root@home-dir01 home]# cat /etc/exports > >> /exports/home *(rw,no_root_squash,sec=sys:krb5:krb5i:krb5p) > > > > At some point I generated this error. I have been unable to reproduce > it... Included for completeness of my reporting but I don't think it's > currently an issue. > > >> Feb 1 15:43:19 ipa-test01 rpc.gssd[1371]: ERROR: No credentials found > for connection to server home-dir01.sub.domain.mydomain.com > > > Without an entry in /etc/hosts I receive the following error when > attempting to login as my domain user: > > >> Feb 1 16:22:13 ipa-test01 kernel: type=1105 audit(1454361733.209:125): > user pid=1777 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct=" > j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? > terminal=/dev/pts/0 res=success' > >> Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: unable to resolve > 2605:1c00:50f2:300a::56ff::442a to hostname: Temporary failure in > name resolution > >> Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: failed to read service > info > >> Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: unable to resolve > 192.168.10.250 to hostname: Name or service not known > >> Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: failed to read service > info > > > So I added the entry in /etc/hosts for my nfs server (will fix in DNS, but > we use 3rd party DNS service that is not integrated with AD...), I get the > following error (repeated attempts to sudo), note the "res=success" > > >> ipa-test01:/var/log/messages > >> Feb 1 16:16:38 ipa-test01 kernel: __ratelimit: 90 callbacks suppressed > >> Feb 1 16:16:38 ipa-test01 kernel: type=1123 audit(1454361398.936:92): > user pid=1632 uid=0 auid=0 ses=1 msg='cwd="/root" cmd="-sh" terminal=pts/0 > res=success' > >> Feb 1 16:16:38 ipa-test01 kernel: type=1103 audit(1454361398.936:93): > user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="j...@mydomain.com" > exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' > >> Feb 1 16:16:38 ipa-test01 kernel: type=1105 audit(1454361398.943:94): > user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct=" > j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? > terminal=/dev/pts/0 res=success' > >> Feb 1 16:16:38 ipa-test01 kernel: type=1106 audit(1454361398.944:95): > user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:session_close acct=" > j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? > terminal=/dev/pts/0 res=success' > >> Feb 1 16:16:38 ipa-test01 kernel: type=1104 audit(1454361398.944:96): > user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="j...@mydomain.com" > exe="/usr/bin/sudo"
[Freeipa-users] [freeipa-users] Problem managing Autofs with FreeIPA
Hello, I am attempting to configure autofs to automount home directories from an NFS server. I'm following these instructions as this was the only contiguous "here's what you need to do" instructions as the FreeIPA and Fedora documentation seems to contradict itself, and there's no clear cut a. then b. then c. (Admittedly, this is my first foray into managing home dirs this way, so I'm learning all around :) but I need a bit of direction...) First things first, can anyone confirm these directions are correct please? http://blog.delouw.ch/2015/03/14/using-ipa-to-provide-automount-maps-for-nfsv4-home-directories/ I'm going to assume they are for the purposes of the rest of the post. I'm currently working with three servers: freeipa01 - The FreeIPA server home-dir01 - The Home directory NFS server ipa-test01 - My test server where I'm making changes/trying to mount the home directory. ipa-test01 is the only CentOS 6.5 machine (no choice, it's the "production blessed" image), freeipa01 and home-dir01 are both CentOS7. Following those above linked instructions, I have created the following autmount configurations: Automount Configuration: >> [root@ipa-test01 ~]# ipa automountlocation-find >> >> 1 automount location matched >> >> Location: default >> >> Number of entries returned 1 >> >> >> [root@ipa-test01 ~]# ipa automountmap-find >> Location: default >> >> 3 automount maps matched >> >> Map: auto.direct >> >> Map: auto.home >> >> Map: auto.master >> >> Number of entries returned 3 >> >> >> [root@ipa-test01 ~]# ipa automountkey-find default auto.home >> --- >> 1 automount key matched >> --- >> Key: * >> Mount information: -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192 home-dir01.sub.domain.mydomain.com:/exports/home/& >> >> Number of entries returned 1 >> Exports configuration: >> [root@home-dir01 home]# cat /etc/exports >> /exports/home *(rw,no_root_squash,sec=sys:krb5:krb5i:krb5p) At some point I generated this error. I have been unable to reproduce it... Included for completeness of my reporting but I don't think it's currently an issue. >> Feb 1 15:43:19 ipa-test01 rpc.gssd[1371]: ERROR: No credentials found for connection to server home-dir01.sub.domain.mydomain.com Without an entry in /etc/hosts I receive the following error when attempting to login as my domain user: >> Feb 1 16:22:13 ipa-test01 kernel: type=1105 audit(1454361733.209:125): user pid=1777 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct=" j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: unable to resolve 2605:1c00:50f2:300a::56ff::442a to hostname: Temporary failure in name resolution >> Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: failed to read service info >> Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: unable to resolve 192.168.10.250 to hostname: Name or service not known >> Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: failed to read service info So I added the entry in /etc/hosts for my nfs server (will fix in DNS, but we use 3rd party DNS service that is not integrated with AD...), I get the following error (repeated attempts to sudo), note the "res=success" >> ipa-test01:/var/log/messages >> Feb 1 16:16:38 ipa-test01 kernel: __ratelimit: 90 callbacks suppressed >> Feb 1 16:16:38 ipa-test01 kernel: type=1123 audit(1454361398.936:92): user pid=1632 uid=0 auid=0 ses=1 msg='cwd="/root" cmd="-sh" terminal=pts/0 res=success' >> Feb 1 16:16:38 ipa-test01 kernel: type=1103 audit(1454361398.936:93): user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:16:38 ipa-test01 kernel: type=1105 audit(1454361398.943:94): user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct=" j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:16:38 ipa-test01 kernel: type=1106 audit(1454361398.944:95): user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:session_close acct=" j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:16:38 ipa-test01 kernel: type=1104 audit(1454361398.944:96): user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:16:39 ipa-test01 kernel: type=1123 audit(1454361399.976:97): user pid=1635 uid=0 auid=0 ses=1 msg='cwd="/root" cmd="-sh" terminal=pts/0 res=success' >> Feb 1 16:16:39 ipa-test01 kernel: type=1103 audit(1454361399.976:98): user pid=1635
