# VERIFICATION FOR XENIAL I prepared a reproducer based on the description details (LDAP + NFS) using an entry_cache_timeout of 88000 in sssd.conf to ensure the cache was valid during the validation run. From a remote machine, I ran this script: #!/bin/bash OK=0 KO=0 while true ; do #date nova reboot vtapia-xenial sleep 60 nc -z cases 22 || sleep 30 ssh -o PreferredAuthentications=publickey -o PubkeyAuthentication=yes ubuntu@vtapia-xenial "tail /var/log/syslog -n200 | grep -Ei 'DHCP|autofs|automount|sssd' | grep -v apparmor && ls /direct/ok" if [ $? != 0 ] ; then KO=$((KO + 1)) break else OK=$((OK + 1)) fi echo "$OK $KO" done This script reboots the machine using sssd and tries to access a direct mapping (/direct/). If the boot order is successful (i.e. autofs starts after sssd and its responders have started), the mapping will be available and the file in it ("ok") will be too. If the test passes, the machine is restarted and checked again. This is an excerpt of the output: Warning: Permanently added 'vtapia-xenial,10.5.1.88' (ECDSA) to the list of known hosts. Mar 30 13:31:41 vtapia-xenial dhclient[780]: DHCPDISCOVER on ens3 to 255.255.255.255 port 67 interval 3 (xid=0xe1d78e6a) Mar 30 13:31:41 vtapia-xenial dhclient[780]: DHCPREQUEST of 10.5.1.88 on ens3 to 255.255.255.255 port 67 (xid=0x6a8ed7e1) Mar 30 13:31:41 vtapia-xenial sh[767]: DHCPREQUEST of 10.5.1.88 on ens3 to 255.255.255.255 port 67 (xid=0x6a8ed7e1) Mar 30 13:31:41 vtapia-xenial sh[767]: DHCPOFFER of 10.5.1.88 from 10.5.1.102 Mar 30 13:31:41 vtapia-xenial dhclient[780]: DHCPOFFER of 10.5.1.88 from 10.5.1.102 Mar 30 13:31:41 vtapia-xenial dhclient[780]: DHCPACK of 10.5.1.88 from 10.5.1.102 Mar 30 13:31:41 vtapia-xenial sh[767]: DHCPACK of 10.5.1.88 from 10.5.1.102 Mar 30 13:31:41 vtapia-xenial root: /etc/dhcp/dhclient-enter-hooks.d/samba returned non-zero exit status 1 Mar 30 13:31:41 vtapia-xenial sssd: Starting up Mar 30 13:31:41 vtapia-xenial sssd[be[openstacklocal]]: Starting up Mar 30 13:31:41 vtapia-xenial sssd[autofs]: Starting up Mar 30 13:31:41 vtapia-xenial sssd[nss]: Starting up Mar 30 13:31:41 vtapia-xenial sssd[pam]: Starting up Mar 30 13:31:41 vtapia-xenial systemd[1]: Starting LSB: Automounts filesystems on demand... Mar 30 13:31:41 vtapia-xenial autofs[1143]: * Starting automount... Mar 30 13:31:41 vtapia-xenial automount[1171]: Starting automounter version 5.1.1, master map /etc/auto.master Mar 30 13:31:41 vtapia-xenial automount[1171]: using kernel protocol version 5.02 Mar 30 13:31:42 vtapia-xenial automount[1171]: mounted direct on /wololo with timeout 300, freq 75 seconds Mar 30 13:31:42 vtapia-xenial automount[1171]: mounted direct on /direct with timeout 300, freq 75 seconds Mar 30 13:31:42 vtapia-xenial automount[1171]: mounted indirect on /home with timeout 300, freq 75 seconds Mar 30 13:31:42 vtapia-xenial autofs[1143]: ...done. Mar 30 13:31:42 vtapia-xenial systemd[1]: Started LSB: Automounts filesystems on demand. Mar 30 13:32:56 vtapia-xenial automount[1171]: attempting to mount entry /home/ubuntu Mar 30 13:32:56 vtapia-xenial automount[1171]: mounted /home/ubuntu /direct/ok 1815 0 The log shows that the machine has restarted 1815 times with no errors, so we can assume the bug has been fixed. The tested versions are: $ ssh vtapia-xenial "dpkg -l | grep sssd" Warning: Permanently added 'vtapia-xenial,10.5.1.88' (ECDSA) to the list of known hosts. ii sssd 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- metapackage ii sssd-ad 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- Active Directory back end ii sssd-ad-common 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- PAC responder ii sssd-common 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- common files ii sssd-ipa 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- IPA back end ii sssd-krb5 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- Kerberos back end ii sssd-krb5-common 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- Kerberos helpers ii sssd-ldap 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- LDAP back end ii sssd-proxy 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- proxy back end Note: This would be the output of a failing boot process: Warning: Permanently added 'vtapia-xenial,10.5.1.88' (ECDSA) to the list of known hosts. Mar 22 10:00:24 vtapia-xenial systemd[1]: Starting LSB: Automounts filesystems on demand... Mar 22 10:00:24 vtapia-xenial autofs[1199]: * Starting automount... Mar 22 10:00:24 vtapia-xenial automount[1252]: Starting automounter version 5.1.1, master map /etc/auto.master Mar 22 10:00:24 vtapia-xenial automount[1252]: using kernel protocol version 5.02 Mar 22 10:00:24 vtapia-xenial sssd: Starting up Mar 22 10:00:24 vtapia-xenial automount[1252]: setautomntent: lookup(sss): setautomntent: Connection refused Mar 22 10:00:24 vtapia-xenial automount[1252]: mounted indirect on /home with timeout 300, freq 75 seconds Mar 22 10:00:24 vtapia-xenial autofs[1199]: ...done. Mar 22 10:00:24 vtapia-xenial systemd[1]: Started LSB: Automounts filesystems on demand. Mar 22 10:00:25 vtapia-xenial sssd[be[openstacklocal]]: Starting up Mar 22 10:00:25 vtapia-xenial sssd[nss]: Starting up Mar 22 10:00:25 vtapia-xenial sssd[pam]: Starting up Mar 22 10:00:25 vtapia-xenial sssd[autofs]: Starting up Mar 22 10:01:41 vtapia-xenial automount[1252]: attempting to mount entry /home/ubuntu Mar 22 10:01:41 vtapia-xenial automount[1252]: mounted /home/ubuntu ls: cannot access '/direct/ok': No such file or directory