Autofs starts up before sssd is ready

Solution Verified - Updated -

Environment

Red Hat Enterprise Linux 7.x

Issue

Under RHEL 7, the autofs service starts up before the sssd service is fully functional. This can lead to a condition where user and group mappings are not yet available and automounts fail.

Resolution

  • Update autofs to at least version autofs-5.0.7-99
  • Ensure that the client is getting the master map from a network source, sss in this case.
  • Ensure that there are no unconfigured sources in nsswitch.conf, as that can give false positive fails.
  • If everything checks out, use two configuration options in /etc/autofs.conf to delay startup based on master map availability.

These will be present in /etc/autofs.conf (if this is available):

# master_wait - set the default maximum time to wait for the
#               master map to become available if it cannot
#               be read at program start (default 10, wait
#               for 10 seconds then continue).
#
#master_wait = 10

and

# sss_master_map_wait - When sssd is starting up it can sometimes return
#                       "no such entry" for a short time until it has read
#                       in the LDAP map information. Internal default is 0
#                       seconds, don't wait but if there is a problem with
#                       autofs not finding the master map at startup (when
#                       it should) then try setting this to 10 to work
#                       around it.
#
#sss_master_map_wait = 0

You will need to experiment with the timeouts. It is advised to start by leaving master_wait at it's default and setting sss_master_map_wait to some sensible a non-zero time.

Root Cause

If the map (in particular, the master map read at autofs start) is not available then autofs will start with an empty map. This will cause autofs to fail when it attempts to mount shares.

Diagnostic Steps

  • Output that looks similar to this
[root@system ~]# service autofs status 
Apr 13 10:04:45 system automount[27372]: setautomntent: lookup(sss): setautomntent: No such file or directory 
Apr 13 10:04:45 system automount[27372]: no mounts in table

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments