Date: Wed, 25 Jul 2018 09:40:42 -0400 From: John Newman <jnn@synfin.org> To: freebsd-stable@freebsd.org Cc: rmacklem@FreeBSD.org Subject: FreeBSD 11.2-RELEASE - mountd problem - mountd[1056]: unknown user: root Message-ID: <20180725134042.63iwuoxbdapuqmce@synfin.org>
next in thread | raw e-mail | index | archive | help
--sws35jqxdloqitdf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello - I'm having a problem with one of my FreeBSD NFS servers. It's an 11.2-RELEASE box (upgraded fairly recently from 10.1), and actually we had the same issue even when it was on 10.x. Basically, what is happening is several of my NFS exports that are configured with "-maproot=3Droot" (and they are actually ZFS NFS exports, in /etc/zfs/exports, configured with the 'zfs set sharenfs=3D"..."' command - if that matters, which I don't think it does) are generating the following error messages when the machine first boots up - Jul X 15:19:58 nfs5 mountd[1094]: unknown user: root Jul X 15:19:58 nfs5 mountd[1094]: message repeated 14 times: [ unknown user: root] To fix the issue, I simply HUP the mountd process. Until I HUP the mountd process, none of the clients that depend on being able to write to their NFS shares as root work properly - they are read-only. As soon as I HUP mountd, the issue goes away, no more "unknown user: root" errors, and the mounts become writable for their clients. I think this is tied into the fact this box uses sssd for LDAP authentication, because I don't see this issue on another 11.2 machine configured very similarly that isn't using sssd. The LDAP authentication works fine, the relevant lines in /etc/nsswitch.conf look like - $ grep sss /etc/nsswitch.conf group: sss files passwd: sss files It feels like this may be some sort of ordering issue with the start up scripts - mountd running before sssd is running? But why doesn't it fall back to "files" and find root that way? We do *not* have a root user in our ldap directory anyway. Someone on IRC has suggested that I should swap the "sss files" to "files sss", but I'm not sure if this would help or not... For now, I simply added the following work-around to my /etc/rc.local: kill -s HUP `cat /var/run/mountd.pid` Has anyone seen a similar issue, or have any ideas? I CC'd Rick because I understand he is the NFS maintainer. thanks, John --=20 GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7 --sws35jqxdloqitdf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEF/1hWtINr+iz5MnS4yQgvtR6eMcFAltYfdMACgkQ4yQgvtR6 eMcfoQf+INO+hIWuPlsdYqboeJ1K2x1KJzJzJ+eltTfZDV4rFMcN9iyB1Si/yKqe gaIkJ/7bXPIU7mtjjouH+7U9gRJXGwKJSydf3RJHCAqrOckXI+d8tFNLKxMW97gu E5wqvCQCveviS2Sz3BAw7sxeVdkHpPMM+Gu87XGh/leAEAhKq6noyf9RdrYzTj1a 3xmtLbMqF8FdnsyAGb77kyf9phxZSRDCd3AYS+PgA/Y9F1FH+JrjCVga14sQMASb 7nLmHT9WTy1xPRq1HnSMjHMT99qulgp2NYhDhA364QDDUyjX+npBBwxO3NI4y6vR XNseWXKYiBBQ68y/drN9mCc/YlrF6w== =aHka -----END PGP SIGNATURE----- --sws35jqxdloqitdf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180725134042.63iwuoxbdapuqmce>