I have a diskless workstation, which I noticed recently with some updates has stopped working with respect to sssd. Here is the config which no longer works:
[domain/default] id_provider = ldap autofs_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://named.domain.com/ ldap_search_base = dc=domain,dc=com ldap_id_use_start_tls = True ldap_tls_cacertdir = /etc/openldap/certs cache_credentials = True ldap_autofs_map_object_class = automountMap ldap_autofs_map_name = ou ldap_autofs_entry_object_class = automount ldap_autofs_entry_key = cn ldap_autofs_entry_value = automountInformation debug_level = 9
[sssd] services = nss, pam, autofs domains = default debug_level = 9
[nss] homedir_substring = /home debug_level = 9
[pam] debug_level = 9
[sudo] debug_level = 9
[autofs] debug_level = 9
[ssh] debug_level = 9
[pac] debug_level = 9
[ifp] debug_level = 9
[secrets] debug_level = 9
[session_recording] debug_level = 9
What I found, is that the /var/lib/sss directory is not working correctly anymore with NFS root mount.
Lots of timeout and error messages which, after looking at with various debug levels, really didn't offer any clue to exactly why the various components would time out.
However, I did notice the only workstation which had a issue with the update was the diskless workstation, so I mounted the /var/lib/sss directory on /tmp (Ram disk) which fixed the issue.
I searched for a option to change the sssd /var/lib/sss path and did not find one.
Is there a way to change that in the /etc/sssd/sssd.conf?
On (24/03/19 19:10), Gregory Carter wrote:
I have a diskless workstation, which I noticed recently with some updates has stopped working with respect to sssd. Here is the config which no longer works:
[domain/default] id_provider = ldap autofs_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://named.domain.com/ ldap_search_base = dc=domain,dc=com ldap_id_use_start_tls = True ldap_tls_cacertdir = /etc/openldap/certs cache_credentials = True ldap_autofs_map_object_class = automountMap ldap_autofs_map_name = ou ldap_autofs_entry_object_class = automount ldap_autofs_entry_key = cn ldap_autofs_entry_value = automountInformation debug_level = 9
[sssd] services = nss, pam, autofs domains = default debug_level = 9
[nss] homedir_substring = /home debug_level = 9
[pam] debug_level = 9
[sudo] debug_level = 9
[autofs] debug_level = 9
[ssh] debug_level = 9
[pac] debug_level = 9
[ifp] debug_level = 9
[secrets] debug_level = 9
[session_recording] debug_level = 9
What I found, is that the /var/lib/sss directory is not working correctly anymore with NFS root mount.
Are you sure that it worked on fedora < 29 ?
NFS was never recommended for /var/lib/sss/db.
Lots of timeout and error messages which, after looking at with various debug levels, really didn't offer any clue to exactly why the various components would time out.
However, I did notice the only workstation which had a issue with the update was the diskless workstation, so I mounted the /var/lib/sss directory on /tmp (Ram disk) which fixed the issue.
tmpfs is better for diskless workstation than NFS.
I searched for a option to change the sssd /var/lib/sss path and did not find one.
Is there a way to change that in the /etc/sssd/sssd.conf?
No, /var/lib/sss is hardcoded.
LS
I have been running a diskless NFS setup with the included sssd.conf for over 2 years.
The machine in question was a workstation for building RPMs and NFS/LDAP testing and research.
Possibly related. The NFS client seems to have suffered a setback recently. I now get Kernel crashes when issuing large kernel builds on a NFS share.
I.e. make -j 400 bzImage; make -j 400 modules.
I filed a bug with Redhat about it. So far I can tell it affects 4.20 and 5.0.x vanilla builds and Redhat official kernels.
On Mon, Mar 25, 2019, 3:10 AM Lukas Slebodnik lslebodn@redhat.com wrote:
On (24/03/19 19:10), Gregory Carter wrote:
I have a diskless workstation, which I noticed recently with some updates has stopped working with respect to sssd. Here is the config which no longer works:
[domain/default] id_provider = ldap autofs_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://named.domain.com/ ldap_search_base = dc=domain,dc=com ldap_id_use_start_tls = True ldap_tls_cacertdir = /etc/openldap/certs cache_credentials = True ldap_autofs_map_object_class = automountMap ldap_autofs_map_name = ou ldap_autofs_entry_object_class = automount ldap_autofs_entry_key = cn ldap_autofs_entry_value = automountInformation debug_level = 9
[sssd] services = nss, pam, autofs domains = default debug_level = 9
[nss] homedir_substring = /home debug_level = 9
[pam] debug_level = 9
[sudo] debug_level = 9
[autofs] debug_level = 9
[ssh] debug_level = 9
[pac] debug_level = 9
[ifp] debug_level = 9
[secrets] debug_level = 9
[session_recording] debug_level = 9
What I found, is that the /var/lib/sss directory is not working correctly anymore with NFS root mount.
Are you sure that it worked on fedora < 29 ?
NFS was never recommended for /var/lib/sss/db.
Lots of timeout and error messages which, after looking at with various debug levels, really didn't offer any clue to exactly why the various components would time out.
However, I did notice the only workstation which had a issue with the update was the diskless workstation, so I mounted the /var/lib/sss directory on /tmp (Ram disk) which fixed the issue.
tmpfs is better for diskless workstation than NFS.
I searched for a option to change the sssd /var/lib/sss path and did not find one.
Is there a way to change that in the /etc/sssd/sssd.conf?
No, /var/lib/sss is hardcoded.
LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
On (25/03/19 13:10), Gregory Carter wrote:
I have been running a diskless NFS setup with the included sssd.conf for over 2 years.
The machine in question was a workstation for building RPMs and NFS/LDAP testing and research.
Possibly related. The NFS client seems to have suffered a setback recently. I now get Kernel crashes when issuing large kernel builds on a NFS share.
I.e. make -j 400 bzImage; make -j 400 modules.
I filed a bug with Redhat about it. So far I can tell it affects 4.20 and 5.0.x vanilla builds and Redhat official kernels.
Fedora use upstream kernel. And there was some issue in upstream https://bugzilla.kernel.org/show_bug.cgi?id=202975
I am not sure whether it could affect NFS But it caused problems with libtdb (which is internally used for sssd cache)
You might try different kernel.
Anyway, as I already mentioned. Running sssd cache on nfs has never been recommended deployment.
LS
On Mon, Mar 25, 2019 at 11:09:44AM +0100, Lukas Slebodnik wrote:
On (24/03/19 19:10), Gregory Carter wrote:
I have a diskless workstation, which I noticed recently with some updates has stopped working with respect to sssd. Here is the config which no longer works:
[domain/default] id_provider = ldap autofs_provider = ldap auth_provider = ldap chpass_provider = ldap ldap_uri = ldap://named.domain.com/ ldap_search_base = dc=domain,dc=com ldap_id_use_start_tls = True ldap_tls_cacertdir = /etc/openldap/certs cache_credentials = True ldap_autofs_map_object_class = automountMap ldap_autofs_map_name = ou ldap_autofs_entry_object_class = automount ldap_autofs_entry_key = cn ldap_autofs_entry_value = automountInformation debug_level = 9
[sssd] services = nss, pam, autofs domains = default debug_level = 9
[nss] homedir_substring = /home debug_level = 9
[pam] debug_level = 9
[sudo] debug_level = 9
[autofs] debug_level = 9
[ssh] debug_level = 9
[pac] debug_level = 9
[ifp] debug_level = 9
[secrets] debug_level = 9
[session_recording] debug_level = 9
What I found, is that the /var/lib/sss directory is not working correctly anymore with NFS root mount.
Are you sure that it worked on fedora < 29 ?
NFS was never recommended for /var/lib/sss/db.
Yes, IIRC the database that ldb cache uses (tdb) was not working properly on NFS. There were some locking issues, but I long since forgot the details.
Lots of timeout and error messages which, after looking at with various debug levels, really didn't offer any clue to exactly why the various components would time out.
However, I did notice the only workstation which had a issue with the update was the diskless workstation, so I mounted the /var/lib/sss directory on /tmp (Ram disk) which fixed the issue.
tmpfs is better for diskless workstation than NFS.
I searched for a option to change the sssd /var/lib/sss path and did not find one.
Is there a way to change that in the /etc/sssd/sssd.conf?
No, /var/lib/sss is hardcoded.
LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users@lists.fedorahosted.org
-
Gregory Carter -
Jakub Hrozek -
Lukas Slebodnik