On 03/26/2015 11:56 AM, Matt John wrote:
On Thu, 26 Mar, 2015 at 3:30 PM, Jakub Hrozek jhrozek@redhat.com wrote:
On Thu, Mar 26, 2015 at 10:21:14AM +0000, Matt John wrote:
On Thu, 26 Mar, 2015 at 9:28 AM, Jakub Hrozek <jhrozek@redhat.com> wrote: >On Thu, Mar 26, 2015 at 09:25:34AM +0000, Matt John wrote: >> It seems that auth_provider cannot be none when using local as the >> id_provider. >> [sssd] [confdb_get_domain_internal] (0x0010): Local ID provider does >>not >> support [none] as an AUTH provider. >> [sssd] [confdb_get_domains] (0x0010): Error (22 [Invalid argument]) >> retrieving domain [autofsd], skipping! > >Ugh, another subtle bug :-) > >auth_provider=local would work as well, then. Also setting the >ldap_search_base to some part of subtree that doesn't hit the users >would "solve" the problem, but nonexisting entries would fire two ldap >searches in this case against both of the domains. When auth_provider is set to local no automount information is returned at all. (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_autofs_cmd_setautomntent] (0x0400): Got request for automount map named auto.master (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): name 'auto.master' matched without domain, user is auto.master (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [setautomntent_send] (0x0400): Requesting info for automount map [auto.master] from [<ALL>] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [auto.master@autofsd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname] (0x0400): No such map (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [autofsd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [auto.master@authd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname] (0x0400): No such map (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [authd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_issue_request] (0x0400): Issuing request for [0x40c040:0:auto.master@authd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_get_autofs_msg] (0x0400): Creating autofs request for [cardiff][4105][mapname=auto.master] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_internal_get_send] (0x0400): Entering request [0x40c040:0:auto.master@authd] (Thu Mar 26 10:07:59 2015) [sssd[be[authd]]] [be_autofs_handler] (0x0400): Entering be_autofs_handler() (Thu Mar 26 10:07:59 2015) [sssd[be[authd]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_autofs_cmd_setautomntent] (0x0400): Got request for automount map named auto.master (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): name 'auto.master' matched without domain, user is auto.master (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [setautomntent_send] (0x0400): Requesting info for automount map [auto.master] from [<ALL>] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [auto.master@autofsd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname] (0x0400): No such map (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [autofsd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [auto.master@authd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname] (0x0400): No such map (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [authd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_issue_request] (0x0400): Issuing request for [0x40c040:0:auto.master@authd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_get_autofs_msg] (0x0400): Creating autofs request for [cardiff][4105][mapname=auto.master] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_internal_get_send] (0x0400): Entering request [0x40c040:0:auto.master@authd] (Thu Mar 26 10:07:59 2015) [sssd[be[authd]]] [be_autofs_handler] (0x0400): Entering be_autofs_handler() (Thu Mar 26 10:07:59 2015) [sssd[be[authd]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache
OK, the only way I could get the config to work was: [domain/autofsdomain] id_provider=ldap auth_provider=none autofs_provider=ldap ldap_user_search_base = dc=no,dc=such,dc=object ldap_group_search_base = dc=no,dc=such,dc=object ldap_autofs_search_base = dc=linux,dc=test ldap_uri = ldap://ipa2.linux.test so both identity requests and autofs requests will make it to the second domain..there is just a phony user search base to make sure no users can match the LDAP server entries. I still consider it a bug that SSSD doesn't allow setting auth_provider=none. btw I remembered why id_provider=local didn't work -- unlike the other providers, it's not a real back end, just a hardcoded one.
Thanks that worked great! We are able to successfully authenticate and mount home directories using that set up which is half the battle :)
We need the group id and groups to come from the autofs domain which at the moment is not happening. Is is possible to do this?
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Would you be so kind to contribute your setup as a wiki HOWTO?