View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000071 | AlmaLinux-8 | autofs | public | 2021-04-27 18:48 | 2021-05-28 18:56 |
| Reporter | mleisher | Assigned To | alukoshko | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | assigned | Resolution | open | ||
| Platform | Penguin server | OS | AlmaLinux | OS Version | 8.3 |
| Summary | 0000071: Automount and LDAP problem | ||||
| Description | Context: version 8.3, minimal install, sssd and autofs, ldaps. When I start automount via systemd (systemctl start autofs), automounting with LDAP lookups fails with the message: bind_ldap_simple: lookup(ldap): Unable to bind to the LDAP server: , error Can't contact LDAP server When I start automount from the command line with the same params as the systemd unit file (/usr/sbin/automount --systemd-service --dont-check-daemon), automounting from LDAP lookups works fine. | ||||
| Steps To Reproduce | Configure sssd for ldaps access for the usual suspects, including autofs. Configure PAM to use sssd. Start everything. Log in as any user with homespace on a separate NFS server. | ||||
| Tags | No tags attached. | ||||
| abrt_hash | |||||
| URL | |||||
|
|
I reinstalled Alma Linux today and now get the "Unable to bind to the LDAP server: ," error no matter how I run automount. |
|
|
Now I'm getting the following error consistently: be[default][DDDD]: Could not start TLS encryption. error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (unable to get issuer certificate) This is with letsencrypt certs that have been working for years and still work on CentOS 8 and Oracle Linux configured exactly the same way I configured this Alma Linux dist: 1. authselect select sssd 2. sssd.conf and auto.master (below). 3. systemctl enable sssd ; systemctl start sssd 4. systemctl enable autofs ; systemctl start autofs sssd.conf ------------- [sssd] config_file_version = 2 services = nss, pam, autofs domains = default [nss] filter_groups = root filter_users = root [pam] [domain/default] auth_provider = ldap cache_credentials = True chpass_provider = ldap entry_cache_timeout = 30 enumerate = False id_provider = ldap ldap_basedn = dc=example,dc=com ldap_group_object_class = posixGroup ldap_group_search_base = ou=Group,dc=example,dc=com ldap_group_basedn = ou=Group,dc=example,dc=com ldap_id_use_start_tls = False ldap_schema = rfc2307 ldap_search_base = dc=example,dc=com ldap_tls_cert = /etc/openldap/certs/dapper.pem ldap_tls_reqcert = allow ldap_uri = ldaps://dapper.example.com ldap_user_basedn = ou=People,dc=example,dc=com ldap_user_search_base = ou=People,dc=example,dc=com [autofs] auto.master ----------------- /home ldaps://dapper/nisMapName=auto.home,dc=example,dc=com /user ldaps://dapper/nisMapName=auto.user,dc=example,dc=com |
|
|
AlmaLinux 8.4 is released. Could you check LDAP connection on updated system? Thanks. |
|
|
No change with 8.4 update. Attached are the relevant log messages. I have tried modifying autofs.conf and autofs_ldap_auth.conf, and see the same error. ldap (4,136 bytes)
Boot time messages. May 28 11:52:07 machine1 automount[2273]: read_one_map: map read not needed, so not done May 28 11:52:07 machine1 automount[2273]: mounted indirect on /home with timeout 300, freq 75 seconds May 28 11:52:07 machine1 automount[2273]: st_ready: st_ready(): state = 0 path /home May 28 11:52:07 machine1 automount[2273]: master_do_mount: mounting /user May 28 11:52:07 machine1 automount[2273]: automount_path_to_fifo: fifo name /run/autofs.fifo-user May 28 11:52:07 machine1 automount[2273]: lookup_nss_read_map: reading map ldaps ldaps://dapper/nisMapName=auto.user,dc=example,dc=com May 28 11:52:07 machine1 automount[2273]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldaps://dapper/nisMapName=auto.user,dc=example,dc=com". May 28 11:52:07 machine1 automount[2273]: parse_server_string: lookup(ldap): server "ldaps://dapper/", base dn "nisMapName=auto.user,dc=example,dc=com" May 28 11:52:07 machine1 automount[2273]: parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: May 28 11:52:07 machine1 automount[2273]: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 1, sasl_mech: (null) May 28 11:52:07 machine1 automount[2273]: parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null) May 28 11:52:07 machine1 automount[2273]: do_init: parse(sun): init gathered global options: (null) May 28 11:52:07 machine1 automount[2273]: read_one_map: map read not needed, so not done May 28 11:52:07 machine1 automount[2273]: mounted indirect on /user with timeout 300, freq 75 seconds May 28 11:52:07 machine1 automount[2273]: st_ready: st_ready(): state = 0 path /user Testing after boot. May 28 12:31:17 machine1 automount[2273]: st_expire: state 1 path /home May 28 12:31:17 machine1 automount[2273]: expire_proc: exp_proc = 140443321976576 path /home May 28 12:31:17 machine1 automount[2273]: expire_cleanup: got thid 140443321976576 path /home stat 0 May 28 12:31:17 machine1 automount[2273]: expire_cleanup: sigchld: exp 140443321976576 finished, switching from 2 to 1 May 28 12:31:17 machine1 automount[2273]: st_ready: st_ready(): state = 2 path /home May 28 12:31:25 machine1 automount[2273]: st_expire: state 1 path /user May 28 12:31:25 machine1 automount[2273]: expire_proc: exp_proc = 140443321976576 path /user May 28 12:31:25 machine1 automount[2273]: expire_cleanup: got thid 140443321976576 path /user stat 0 May 28 12:31:25 machine1 automount[2273]: expire_cleanup: sigchld: exp 140443321976576 finished, switching from 2 to 1 May 28 12:31:25 machine1 automount[2273]: st_ready: st_ready(): state = 2 path /user May 28 12:31:39 machine1 su[6554]: (to someuser) root on pts/0 May 28 12:31:39 machine1 automount[2273]: handle_packet: type = 3 May 28 12:31:39 machine1 automount[2273]: handle_packet_missing_indirect: token 1, name machine1, request pid 6556 May 28 12:31:39 machine1 automount[2273]: attempting to mount entry /home/machine1 May 28 12:31:39 machine1 automount[2273]: lookup_mount: lookup(ldap): looking up machine1 May 28 12:31:39 machine1 automount[2273]: do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) May 28 12:31:39 machine1 automount[2273]: bind_ldap_simple: lookup(ldap): Unable to bind to the LDAP server: , error Can't contact LDAP server May 28 12:31:39 csvm3 automount[2273]: do_bind: lookup(ldap): ldap simple bind returned -1 May 28 12:31:39 csvm3 automount[2273]: lookup(ldap): lookup for machine1 failed: connection failed May 28 12:31:39 csvm3 automount[2273]: key "machine1" not found in map source(s). May 28 12:31:39 csvm3 automount[2273]: dev_ioctl_send_fail: token = 1 May 28 12:31:39 csvm3 automount[2273]: failed to mount /home/machine1 May 28 12:31:39 csvm3 automount[2273]: handle_packet: type = 3 May 28 12:31:39 csvm3 automount[2273]: handle_packet_missing_indirect: token 2, name machine1, request pid 6556 May 28 12:31:39 csvm3 automount[2273]: dev_ioctl_send_fail: token = 2 May 28 12:31:39 csvm3 automount[2273]: handle_packet: type = 3 Then same failure for token = 3 through 18. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-04-27 18:48 | mleisher | New Issue | |
| 2021-05-13 21:41 | mleisher | Note Added: 0000194 | |
| 2021-05-13 21:58 | mleisher | Note Added: 0000195 | |
| 2021-05-14 20:09 | alukoshko | Assigned To | => alukoshko |
| 2021-05-14 20:09 | alukoshko | Status | new => assigned |
| 2021-05-28 16:32 | alukoshko | Note Added: 0000249 | |
| 2021-05-28 16:33 | alukoshko | Status | assigned => feedback |
| 2021-05-28 18:56 | mleisher | Note Added: 0000252 | |
| 2021-05-28 18:56 | mleisher | File Added: ldap | |
| 2021-05-28 18:56 | mleisher | Status | feedback => assigned |
