On Thu,
Mar 26, 2015 at 10:21:14AM +0000, Matt John wrote:
On Thu, 26 Mar, 2015 at 9:28 AM, Jakub Hrozek
<jhrozek@redhat.com> wrote: >On Thu, Mar 26, 2015
at 09:25:34AM +0000, Matt John wrote: >> It seems that
auth_provider cannot be none when using local as the
>> id_provider. >> [sssd]
[confdb_get_domain_internal] (0x0010): Local ID provider
does >>not >> support [none] as an AUTH
provider. >> [sssd] [confdb_get_domains] (0x0010):
Error (22 [Invalid argument]) >> retrieving domain
[autofsd], skipping! > >Ugh, another subtle bug :-)
> >auth_provider=local would work as well, then. Also
setting the >ldap_search_base to some part of subtree
that doesn't hit the users >would "solve" the problem,
but nonexisting entries would fire two ldap >searches in
this case against both of the domains. When auth_provider is
set to local no automount information is returned at all.
(Thu Mar 26 10:07:59 2015) [sssd[autofs]]
[sss_autofs_cmd_setautomntent] (0x0400): Got request for
automount map named auto.master (Thu Mar 26 10:07:59 2015)
[sssd[autofs]] [sss_parse_name_for_domains] (0x0200): name
'auto.master' matched without domain, user is auto.master
(Thu Mar 26 10:07:59 2015) [sssd[autofs]]
[sss_parse_name_for_domains] (0x0200): using default domain
[(null)] (Thu Mar 26 10:07:59 2015) [sssd[autofs]]
[setautomntent_send] (0x0400): Requesting info for automount
map [auto.master] from [<ALL>] (Thu Mar 26 10:07:59
2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400):
Requesting info for [auto.master@autofsd] (Thu Mar 26
10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname]
(0x0400): No such map (Thu Mar 26 10:07:59 2015)
[sssd[autofs]] [lookup_automntmap_step] (0x0080): No
automount map [auto.master] in cache for domain [autofsd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]]
[lookup_automntmap_step] (0x0400): Requesting info for
[auto.master@authd] (Thu Mar 26 10:07:59 2015)
[sssd[autofs]] [sysdb_get_map_byname] (0x0400): No such map
(Thu Mar 26 10:07:59 2015) [sssd[autofs]]
[lookup_automntmap_step] (0x0080): No automount map
[auto.master] in cache for domain [authd] (Thu Mar 26
10:07:59 2015) [sssd[autofs]] [sss_dp_issue_request]
(0x0400): Issuing request for [0x40c040:0:auto.master@authd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]]
[sss_dp_get_autofs_msg] (0x0400): Creating autofs request
for [cardiff][4105][mapname=auto.master] (Thu Mar 26
10:07:59 2015) [sssd[autofs]] [sss_dp_internal_get_send]
(0x0400): Entering request [0x40c040:0:auto.master@authd]
(Thu Mar 26 10:07:59 2015) [sssd[be[authd]]]
[be_autofs_handler] (0x0400): Entering be_autofs_handler()
(Thu Mar 26 10:07:59 2015) [sssd[be[authd]]]
[be_autofs_handler] (0x0020): Undefined backend target. (Thu
Mar 26 10:07:59 2015) [sssd[autofs]]
[lookup_automntmap_cache_updated] (0x0020): Unable to get
information from Data Provider Error: 3, 19, Autofs back end
target is not configured Will try to return what we have in
cache(Thu Mar 26 10:07:59 2015) [sssd[autofs]]
[sss_autofs_cmd_setautomntent] (0x0400): Got request for
automount map named auto.master (Thu Mar 26 10:07:59 2015)
[sssd[autofs]] [sss_parse_name_for_domains] (0x0200): name
'auto.master' matched without domain, user is auto.master
(Thu Mar 26 10:07:59 2015) [sssd[autofs]]
[sss_parse_name_for_domains] (0x0200): using default domain
[(null)] (Thu Mar 26 10:07:59 2015) [sssd[autofs]]
[setautomntent_send] (0x0400): Requesting info for automount
map [auto.master] from [<ALL>] (Thu Mar 26 10:07:59
2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400):
Requesting info for [auto.master@autofsd] (Thu Mar 26
10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname]
(0x0400): No such map (Thu Mar 26 10:07:59 2015)
[sssd[autofs]] [lookup_automntmap_step] (0x0080): No
automount map [auto.master] in cache for domain [autofsd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]]
[lookup_automntmap_step] (0x0400): Requesting info for
[auto.master@authd] (Thu Mar 26 10:07:59 2015)
[sssd[autofs]] [sysdb_get_map_byname] (0x0400): No such map
(Thu Mar 26 10:07:59 2015) [sssd[autofs]]
[lookup_automntmap_step] (0x0080): No automount map
[auto.master] in cache for domain [authd] (Thu Mar 26
10:07:59 2015) [sssd[autofs]] [sss_dp_issue_request]
(0x0400): Issuing request for [0x40c040:0:auto.master@authd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]]
[sss_dp_get_autofs_msg] (0x0400): Creating autofs request
for [cardiff][4105][mapname=auto.master] (Thu Mar 26
10:07:59 2015) [sssd[autofs]] [sss_dp_internal_get_send]
(0x0400): Entering request [0x40c040:0:auto.master@authd]
(Thu Mar 26 10:07:59 2015) [sssd[be[authd]]]
[be_autofs_handler] (0x0400): Entering be_autofs_handler()
(Thu Mar 26 10:07:59 2015) [sssd[be[authd]]]
[be_autofs_handler] (0x0020): Undefined backend target. (Thu
Mar 26 10:07:59 2015) [sssd[autofs]]
[lookup_automntmap_cache_updated] (0x0020): Unable to get
information from Data Provider Error: 3, 19, Autofs back end
target is not configured Will try to return what we have in
cache
OK, the only way I could get the config to work was:
[domain/autofsdomain]
id_provider=ldap
auth_provider=none
autofs_provider=ldap
ldap_user_search_base = dc=no,dc=such,dc=object
ldap_group_search_base = dc=no,dc=such,dc=object
ldap_autofs_search_base = dc=linux,dc=test
ldap_uri =
ldap://ipa2.linux.test
so both identity requests and autofs requests will make it to
the second
domain..there is just a phony user search base to make sure no
users can
match the LDAP server entries.
I still consider it a bug that SSSD doesn't allow setting
auth_provider=none.
btw I remembered why id_provider=local didn't work -- unlike
the other
providers, it's not a real back end, just a hardcoded one.