Date: Wed, 25 Jul 2018 21:42:55 +0000 From: Rick Macklem <rmacklem@uoguelph.ca> To: John Newman <jnn@synfin.org>, "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Cc: "rmacklem@FreeBSD.org" <rmacklem@FreeBSD.org> Subject: Re: FreeBSD 11.2-RELEASE - mountd problem - mountd[1056]: unknown user: root Message-ID: <YTOPR0101MB0953E528A2E40C3C0EDF3023DD540@YTOPR0101MB0953.CANPRD01.PROD.OUTLOOK.COM> In-Reply-To: <20180725134042.63iwuoxbdapuqmce@synfin.org> References: <20180725134042.63iwuoxbdapuqmce@synfin.org>
next in thread | previous in thread | raw e-mail | index | archive | help
John Newman wrote: >I'm having a problem with one of my FreeBSD NFS servers. It's an >11.2-RELEASE box (upgraded fairly recently from 10.1), and actually >we had the same issue even when it was on 10.x. > >Basically, what is happening is several of my NFS exports that are >configured with "-maproot=3Droot" (and they are actually ZFS NFS >exports, in /etc/zfs/exports, configured with the 'zfs set >sharenfs=3D"..."' command - if that matters, which I don't think it >does) are generating the following error messages when the machine >first boots up - > >Jul X 15:19:58 nfs5 mountd[1094]: unknown user: root >Jul X 15:19:58 nfs5 mountd[1094]: message repeated 14 times: [ unknown >user: root] This means that getpwnam() for "root" is failing. When an error is logged a= s above, the export line has failed and the export hasn't happened. (Apparently, this gets "fixed" after you have booted, since it can getpwnam= () for "root" when you send mountd a SIGHUP.) A couple of possible ways to fix this... - Have a local password file on the server with "root" in it and edit your /etc/nsswitch.conf so it looks there first. "passwd: file ..." or someth= ing like that. - Replace "root" with 0,0 on the exports line(s). I haven't done this recen= tly, so I don't remember the exact syntax.;-) >To fix the issue, I simply HUP the mountd process. Until I HUP the >mountd process, none of the clients that depend on being able to >write to their NFS shares as root work properly - they are read-only. >As soon as I HUP mountd, the issue goes away, no more "unknown user: >root" errors, and the mounts become writable for their clients. > >I think this is tied into the fact this box uses sssd for LDAP >authentication, because I don't see this issue on another 11.2 >machine configured very similarly that isn't using sssd. The LDAP >authentication works fine, the relevant lines in /etc/nsswitch.conf >look like - > >$ grep sss /etc/nsswitch.conf >group: sss files >passwd: sss files I'd suggest you change these to... group: files sss passwd: files sss and just have the minimum in /etc/passwd and /etc/group to make booting hap= py. >It feels like this may be some sort of ordering issue with the start >up scripts - mountd running before sssd is running? But why doesn't >it fall back to "files" and find root that way? We do *not* have a >root user in our ldap directory anyway. Someone on IRC has suggested >that I should swap the "sss files" to "files sss", but I'm not sure >if this would help or not... For now, I simply added the following >work-around to my /etc/rc.local: > > kill -s HUP `cat /var/run/mountd.pid` That works too. I don't know anything about the libc stuff behind getpwnam(= ), so I don't know why it fails at boot, but works later. (I always put the criti= cal stuff in local files on servers and specify "files" first.) Maybe someone else can explain why the ldap case would fail? rick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YTOPR0101MB0953E528A2E40C3C0EDF3023DD540>