Try to raise debug level to say 50.
It is still not clear to me whether sssd is unable to connect to DC or whether it is
unable to find auto.master
O.
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Fabien CARRE
Sent: Friday, September 25, 2015 9:20 AM
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: Re: [SSSD-users] Make autofs work with Active Drectory
Hello,
It doesn't help either.
I now get
(Fri Sep 25 10:07:46 2015) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): name
'auto.master' matched without domain, user is auto.master
(Fri Sep 25 10:07:46 2015) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): using
default domain [(null)]
(Fri Sep 25 10:07:46 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[sdap_autofs_handler] (0x0200): Requested refresh for: auto.master
(Fri Sep 25 10:07:46 2015) [sssd[autofs]] [getautomntent_process] (0x0080): No entries
found
On 25 September 2015 at 09:32, Ondrej Valousek
<Ondrej.Valousek@s3group.com<mailto:Ondrej.Valousek@s3group.com>> wrote:
Ok,
Try to add:
ldap_sasl_mech = GSSAPI
let me know if it helps.
Ondrej
From:
sssd-users-bounces@lists.fedorahosted.org<mailto:sssd-users-bounces@lists.fedorahosted.org>
[mailto:sssd-users-bounces@lists.fedorahosted.org<mailto:sssd-users-bounces@lists.fedorahosted.org>]
On Behalf Of Fabien CARRE
Sent: Thursday, September 24, 2015 3:26 PM
To: sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
Subject: [SSSD-users] Make autofs work with Active Drectory
Hello,
I have been struggling for some days now, trying to use sssd with a Active Directory
(Windows 2008 R2).
I used realm command as explained here
https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
I followed this post
https://ovalousek.wordpress.com/2015/08/03/autofs<https://ovalousek.wo...
but I am unable to make it work.
So far, I can log in, and apply the sudoers rules but the automount won't work.
OS : Fedora 20
sssd-common-pac-1.11.7-5.fc20.x86_64
sssd-proxy-1.11.7-5.fc20.x86_64
python-sssdconfig-1.11.7-5.fc20.noarch
sssd-tools-1.11.7-5.fc20.x86_64
sssd-common-1.11.7-5.fc20.x86_64
sssd-krb5-1.11.7-5.fc20.x86_64
sssd-1.11.7-5.fc20.x86_64
sssd-ldap-1.11.7-5.fc20.x86_64
sssd-ipa-1.11.7-5.fc20.x86_64
sssd-ad-1.11.7-5.fc20.x86_64
sssd-krb5-common-1.11.7-5.fc20.x86_64
sssd-client-1.11.7-5.fc20.x86_64
Any ideas ? Thank you.
autofs OU:
dn: OU=autofs,DC=ad,DC=mikdom,DC=org
objectClass: top
objectClass: organizationalUnit
dn: CN=auto.master,OU=autofs,DC=ad,DC=mikdom,DC=org
objectClass: top
objectClass: nisMap
cn: auto.master
nisMapName: auto.master
dn: CN=/homes,CN=auto.master,OU=autofs,DC=ad,DC=mikdom,DC=org
objectClass: top
objectClass: nisObject
cn: /homes
nisMapName: auto.master
nisMapEntry: ldap:cn=auto.home,ou=autofs,dc=ad,mikdom,dc=org
dn: CN=auto.home,OU=autofs,DC=ad,DC=mikdom,DC=org
objectClass: top
objectClass: nisMap
cn: auto.home
nisMapName: auto.home
dn: CN=/,CN=auto.home,OU=autofs,DC=ad,DC=mikdom,DC=org
objectClass: top
objectClass: nisObject
cn: /
nisMapName: auto.home
nisMapEntry: -fstype=nfs homeserv:/vol/homes/&
sssd config file :
[sssd]
domains = ad.mikdom.org<http://ad.mikdom.org>
config_file_version = 2
services = nss, pam, autofs, sudo
[pam]
[nss]
[domain/ad.mikdom.org<http://ad.mikdom.org>]
ad_server = myactived.ad.mikdom.org<http://myactived.ad.mikdom.org>
ad_domain = ad.mikdom.org<http://ad.mikdom.org>
access_provider = ad
auth_provider = ad
access_provider = ad
krb5_realm = AD.MIKDOM.ORG<http://AD.MIKDOM.ORG>
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
fallback_homedir = /home/%u
use_fully_qualified_names = False
#sudo
sudo_provider = ad
ldap_sudo_search_base = ou=SUDOers,dc=ad,dc=mikdom,dc=org
ldap_sudo_full_refresh_interval = 86400
ldap_sudo_smart_refresh_interval = 3600
#autofs
ldap_schema = rfc2307
autofs_provider = ldap
ldap_autofs_entry_key = cn
ldap_autofs_entry_object_class = nisObject
ldap_autofs_entry_value = nisMapEntry
ldap_autofs_map_name = nisMapName
ldap_autofs_map_object_class = nisMap
ldap_autofs_search_base = ou=autofs,dc=ad,dc=mikdom,dc=org
[autofs]
sssd debug :
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[fo_set_port_status] (0x0100): Marking port 389 of server
'myactived.ad.mikdom.org<http://myactived.ad.mikdom.org>' as
'working'
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[set_server_common_status] (0x0100): Marking server
'myactived.ad.mikdom.org<http://myactived.ad.mikdom.org>' as
'working'
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1),
000004DC: LdapErr: DSID-0C0906E8, comment: In orde
r to perform this operation a successful bind must be completed on the connection., data
0, v1db1
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [5]: Input/output
error
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]:
Input/output error
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[sdap_id_op_done] (0x0200): communication error on cached connection, moving to next
server
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[resolve_srv_send] (0x0200): The status of SRV lookup is resolved
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[be_resolve_server_process] (0x0200): Found address for server
myactived.ad.mikdom.org<http://myactived.ad.mikdom.org>: [192.168.200.245] TTL
3600
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [4]
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[sdap_cli_auth_step] (0x0100): expire timeout is 900
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[fo_set_port_status] (0x0100): Marking port 389 of server
'myactived.ad.mikdom.org<http://myactived.ad.mikdom.org>' as
'working'
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[set_server_common_status] (0x0100): Marking server
'myactived.ad.mikdom.org<http://myactived.ad.mikdom.org>' as
'working'
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1),
000004DC: LdapErr: DSID-0C0906E8, comment: In orde
r to perform this operation a successful bind must be completed on the connection., data
0, v1db1
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [5]: Input/output
error
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]:
Input/output error
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org<http://ad.mikdom.org>]]]
[sdap_id_op_done] (0x0200): communication error on cached connection, moving to next
server
(Thu Sep 24 16:17:42 2015) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020):
Unable to get information from Data Provider
Error: 3, 5, Input/output error
Will try to return what we have in cache
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to:
communications@s3group.com<mailto:communications@s3group.com>. Thank You. Silicon
and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered
Office: South County Business Park, Leopardstown, Dublin 18.
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.