Hi Folks.
I have sssd managing autofs to mount some nfs share with v 4.1. Up until recently it has worked flawlessly, but now it isn't working on one of my machines. The username and group, is being being shown as: nobody 4294967294 so there is obviously a problem with the user id mapping of the Windows AD accounts. I tried manually mounting the same share, and the i have the same problem.
Now this used to work, so is this problem sssd related? If I look at the domain log i see stuff like:
(Mon Jun 19 12:19:57 2017) [sssd[be[domain.ca]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD'
(Mon Jun 19 12:19:57 2017) [sssd[be[domain.ca]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD'
(Mon Jun 19 12:20:01 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No selinux module provided for [domain.ca] !!
(Mon Jun 19 12:20:01 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No host info module provided for [domain.ca] !!
(Mon Jun 19 12:20:02 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [1693] failed with status [1].
(Mon Jun 19 12:20:08 2017) [sssd[be[domain.ca]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
(Mon Jun 19 12:20:08 2017) [sssd[be[domain.ca]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
(Mon Jun 19 12:20:08 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status.
(Mon Jun 19 12:20:17 2017) [sssd[be[domain.ca]]] [nsupdate_child_timeout] (0x0020): Timeout reached for dynamic DNS update
(Mon Jun 19 12:20:17 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [1697] was terminated by signal [9].
(Mon Jun 19 12:32:48 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No selinux module provided for [domain.ca] !!
(Mon Jun 19 12:32:48 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No host info module provided for [domain.ca] !!
(Mon Jun 19 12:32:48 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [8919] failed with status [1].
(Mon Jun 19 12:33:03 2017) [sssd[be[domain.ca]]] [nsupdate_child_timeout] (0x0020): Timeout reached for dynamic DNS update
(Mon Jun 19 12:33:03 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [8923] was terminated by signal [9].
(Mon Jun 19 12:37:20 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No selinux module provided for [domain.ca] !!
(Mon Jun 19 12:37:20 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No host info module provided for [domain.ca] !!
(Mon Jun 19 12:37:21 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [10170] failed with status [1].
(Mon Jun 19 12:37:36 2017) [sssd[be[domain.ca]]] [nsupdate_child_timeout] (0x0020): Timeout reached for dynamic DNS update
(Mon Jun 19 12:37:36 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [10174] was terminated by signal [9].
(Mon Jun 19 12:48:28 2017) [sssd[be[domain.ca]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:28 2017) [sssd[be[domain.ca]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:34 2017) [sssd[be[domain.ca]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:34 2017) [sssd[be[domain.ca]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_save_grpmem] (0x0020): Group members are ignored, nothing to do. If you see this message it might indicate an error in the group processing logic.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_save_grpmem] (0x0020): Group members are ignored, nothing to do. If you see this message it might indicate an error in the group processing logic.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_save_grpmem] (0x0020): Group members are ignored, nothing to do. If you see this message it might indicate an error in the group processing logic.
Does this give a clue as to what the problem could be? Thanks!
Thomas
On Mon, Jun 19, 2017 at 05:03:24PM +0000, Thomas Beaudry wrote:
Hi Folks.
I have sssd managing autofs to mount some nfs share with v 4.1. Up until recently it has worked flawlessly, but now it isn't working on one of my machines. The username and group, is being being shown as: nobody 4294967294 so there is obviously a problem with the user id mapping of the Windows AD accounts. I tried manually mounting the same share, and the i have the same problem.
Now this used to work, so is this problem sssd related? If I look at the domain log i see stuff like:
(Mon Jun 19 12:19:57 2017) [sssd[be[domain.ca]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD'
(Mon Jun 19 12:19:57 2017) [sssd[be[domain.ca]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD'
(Mon Jun 19 12:20:01 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No selinux module provided for [domain.ca] !!
(Mon Jun 19 12:20:01 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No host info module provided for [domain.ca] !!
(Mon Jun 19 12:20:02 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [1693] failed with status [1].
(Mon Jun 19 12:20:08 2017) [sssd[be[domain.ca]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
(Mon Jun 19 12:20:08 2017) [sssd[be[domain.ca]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
(Mon Jun 19 12:20:08 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status.
(Mon Jun 19 12:20:17 2017) [sssd[be[domain.ca]]] [nsupdate_child_timeout] (0x0020): Timeout reached for dynamic DNS update
(Mon Jun 19 12:20:17 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [1697] was terminated by signal [9].
(Mon Jun 19 12:32:48 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No selinux module provided for [domain.ca] !!
(Mon Jun 19 12:32:48 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No host info module provided for [domain.ca] !!
(Mon Jun 19 12:32:48 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [8919] failed with status [1].
(Mon Jun 19 12:33:03 2017) [sssd[be[domain.ca]]] [nsupdate_child_timeout] (0x0020): Timeout reached for dynamic DNS update
(Mon Jun 19 12:33:03 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [8923] was terminated by signal [9].
(Mon Jun 19 12:37:20 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No selinux module provided for [domain.ca] !!
(Mon Jun 19 12:37:20 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No host info module provided for [domain.ca] !!
(Mon Jun 19 12:37:21 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [10170] failed with status [1].
(Mon Jun 19 12:37:36 2017) [sssd[be[domain.ca]]] [nsupdate_child_timeout] (0x0020): Timeout reached for dynamic DNS update
(Mon Jun 19 12:37:36 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [10174] was terminated by signal [9].
(Mon Jun 19 12:48:28 2017) [sssd[be[domain.ca]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:28 2017) [sssd[be[domain.ca]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:34 2017) [sssd[be[domain.ca]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:34 2017) [sssd[be[domain.ca]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_save_grpmem] (0x0020): Group members are ignored, nothing to do. If you see this message it might indicate an error in the group processing logic.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_save_grpmem] (0x0020): Group members are ignored, nothing to do. If you see this message it might indicate an error in the group processing logic.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_save_grpmem] (0x0020): Group members are ignored, nothing to do. If you see this message it might indicate an error in the group processing logic.
Does this give a clue as to what the problem could be? Thanks!
Sort of, there is a network problem, so presumably the request cannot be resolved, but please bump the debug level so that you see which requests are triggering this condition.
Hi,
Well now it is working all of a sudden, and it was only that 1 machine. Very odd. I bumped up the debug level so if it happens again I will have something to look at then.
I do see this message:
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_save_grpmem] (0x0020): Group members are ignored, nothing to do. If you see this message it might indicate an error in the group processing logic.
All the time, is there something off in my config that I should be looking for regarding this group processing logic? Thomas ________________________________________ From: Jakub Hrozek jhrozek@redhat.com Sent: Monday, June 19, 2017 1:38 PM To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: autofs NFS v4.1 no longer working
On Mon, Jun 19, 2017 at 05:03:24PM +0000, Thomas Beaudry wrote:
Hi Folks.
I have sssd managing autofs to mount some nfs share with v 4.1. Up until recently it has worked flawlessly, but now it isn't working on one of my machines. The username and group, is being being shown as: nobody 4294967294 so there is obviously a problem with the user id mapping of the Windows AD accounts. I tried manually mounting the same share, and the i have the same problem.
Now this used to work, so is this problem sssd related? If I look at the domain log i see stuff like:
(Mon Jun 19 12:19:57 2017) [sssd[be[domain.ca]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD'
(Mon Jun 19 12:19:57 2017) [sssd[be[domain.ca]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD'
(Mon Jun 19 12:20:01 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No selinux module provided for [domain.ca] !!
(Mon Jun 19 12:20:01 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No host info module provided for [domain.ca] !!
(Mon Jun 19 12:20:02 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [1693] failed with status [1].
(Mon Jun 19 12:20:08 2017) [sssd[be[domain.ca]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
(Mon Jun 19 12:20:08 2017) [sssd[be[domain.ca]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
(Mon Jun 19 12:20:08 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): waitpid did not found a child with changed status.
(Mon Jun 19 12:20:17 2017) [sssd[be[domain.ca]]] [nsupdate_child_timeout] (0x0020): Timeout reached for dynamic DNS update
(Mon Jun 19 12:20:17 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [1697] was terminated by signal [9].
(Mon Jun 19 12:32:48 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No selinux module provided for [domain.ca] !!
(Mon Jun 19 12:32:48 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No host info module provided for [domain.ca] !!
(Mon Jun 19 12:32:48 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [8919] failed with status [1].
(Mon Jun 19 12:33:03 2017) [sssd[be[domain.ca]]] [nsupdate_child_timeout] (0x0020): Timeout reached for dynamic DNS update
(Mon Jun 19 12:33:03 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [8923] was terminated by signal [9].
(Mon Jun 19 12:37:20 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No selinux module provided for [domain.ca] !!
(Mon Jun 19 12:37:20 2017) [sssd[be[domain.ca]]] [be_process_init] (0x0020): No host info module provided for [domain.ca] !!
(Mon Jun 19 12:37:21 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [10170] failed with status [1].
(Mon Jun 19 12:37:36 2017) [sssd[be[domain.ca]]] [nsupdate_child_timeout] (0x0020): Timeout reached for dynamic DNS update
(Mon Jun 19 12:37:36 2017) [sssd[be[domain.ca]]] [child_sig_handler] (0x0020): child [10174] was terminated by signal [9].
(Mon Jun 19 12:48:28 2017) [sssd[be[domain.ca]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:28 2017) [sssd[be[domain.ca]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:34 2017) [sssd[be[domain.ca]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:34 2017) [sssd[be[domain.ca]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sss_ldap_init_sys_connect_done] (0x0020): sdap_async_sys_connect request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_sys_connect_done] (0x0020): sdap_async_connect_call request failed: [110]: Connection timed out.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_save_grpmem] (0x0020): Group members are ignored, nothing to do. If you see this message it might indicate an error in the group processing logic.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_save_grpmem] (0x0020): Group members are ignored, nothing to do. If you see this message it might indicate an error in the group processing logic.
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_save_grpmem] (0x0020): Group members are ignored, nothing to do. If you see this message it might indicate an error in the group processing logic.
Does this give a clue as to what the problem could be? Thanks!
Sort of, there is a network problem, so presumably the request cannot be resolved, but please bump the debug level so that you see which requests are triggering this condition. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
On Mon, Jun 19, 2017 at 06:10:39PM +0000, Thomas Beaudry wrote:
Hi,
Well now it is working all of a sudden, and it was only that 1 machine. Very odd. I bumped up the debug level so if it happens again I will have something to look at then.
I do see this message:
(Mon Jun 19 12:48:40 2017) [sssd[be[domain.ca]]] [sdap_save_grpmem] (0x0020): Group members are ignored, nothing to do. If you see this message it might indicate an error in the group processing logic.
All the time, is there something off in my config that I should be looking for regarding this group processing logic?
I think this debug message is not as helpful as it should be :-) as long as you are using ignore_group_members=true, it's expected to see it, but we should either make the message less verbose or remove it..
sssd-users@lists.fedorahosted.org
-
Jakub Hrozek -
Thomas Beaudry