Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1392540
Summary: | glibc: default nsswitch.conf does not list sss for the automount service | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Eugene Keck <ekeck> | |
Component: | glibc | Assignee: | Florian Weimer <fweimer> | |
Status: | CLOSED ERRATA | QA Contact: | Sergey Kolosov <skolosov> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | 7.3 | CC: | ashankar, cobrown, cww, fweimer, ggatward, mcermak, mnewsome, pfrankli, pvoborni, rcritten, skolosov, tmraz, vmishra | |
Target Milestone: | rc | Keywords: | Patch | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | glibc-2.17-166.el7 | Doc Type: | Bug Fix | |
Doc Text: |
Cause: The sss service provider was not present for the automount database in /etc/nsswitch.conf.
Consequence: Newly provisioned Red Hat Enterprise Linux 7 systems in an IPA environment do not have functioning autofs support.
Fix: Add the sss service provider to the automount database in /etc/nsswitch.conf.
Result: autofs in newly provisioned systems works.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1581807 1581809 (view as bug list) | Environment: | ||
Last Closed: | 2017-08-01 18:09:25 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1581807 |
Description
Eugene Keck
2016-11-07 17:29:58 UTC
ipa-client-automount doesn't configure nsswitch with sssd, this should happen earlier in ipa-client-install This is RHEL 7.3 with IPA 4.4 in lab: # cat /etc/nsswitch.conf | grep automount automount: files nisplus # cat /var/log/ipaclient-install.log | grep authconfig 2016-07-11T14:55:35Z DEBUG args=/usr/sbin/authconfig --enablesssdauth --update --enablesssd 2016-07-11T14:55:37Z DEBUG args=/usr/sbin/authconfig --update --nisdomain test1.abc.idm.lab.eng.brq.redhat.com And this Fedora F24 with FreeIPA master (almost the same as 4.4): # cat /etc/nsswitch.conf | grep automount automount: files sss # cat /var/log/ipaclient-install.log | grep authconfig 2016-10-27T12:45:34Z DEBUG args=/usr/sbin/authconfig --enablesssdauth --update --enablesssd 2016-10-27T12:45:35Z DEBUG args=/usr/sbin/authconfig --update --nisdomain test2.example.test Both were IPA servers installed with the same options. The fact that it is not pure client but IPA server should not matter given that both runs ipa-client-install. Question is why the automount parts of nsswitch.conf differ? But, as written elsewhere, running following commands on RHEL machine fixes the issue: # authconfig --disablesssd --update # authconfig --enablesssd --update # cat /etc/nsswitch.conf | grep automount automount: files sss Tomas, any ideas why it happens? I can provide installed machine if needed. The authconfig currently does not modify nsswitch.conf if it sss is present on the passwd: line. I think this should be solved in the default nsswitch.conf in glibc. As it contains sss already for other databases, it should contain it for automount as well. The workaround for already installed machines is to run 'authconfig --updateall'. Should we move /etc/nsswitch.conf to its own package so that we can change it with less QE effort? Any other changes we should fold into the same change? Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:1916 |