On Thu, Mar 26, 2015 at 10:21:14AM +0000, Matt John wrote:
On Thu, 26 Mar, 2015 at 9:28 AM, Jakub Hrozek <jhrozek@redhat.com> wrote:
>On Thu, Mar 26, 2015 at 09:25:34AM +0000, Matt John wrote:
>> It seems that auth_provider cannot be none when using local as the
>> id_provider.
>> [sssd] [confdb_get_domain_internal] (0x0010): Local ID provider does
>>not
>> support [none] as an AUTH provider.
>> [sssd] [confdb_get_domains] (0x0010): Error (22 [Invalid argument])
>> retrieving domain [autofsd], skipping!
>
>Ugh, another subtle bug :-)
>
>auth_provider=local would work as well, then. Also setting the
>ldap_search_base to some part of subtree that doesn't hit the users
>would "solve" the problem, but nonexisting entries would fire two ldap
>searches in this case against both of the domains.
When auth_provider is set to local no automount information is returned at
all.
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_autofs_cmd_setautomntent]
(0x0400): Got request for automount map named auto.master
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_parse_name_for_domains]
(0x0200): name 'auto.master' matched without domain, user is auto.master
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_parse_name_for_domains]
(0x0200): using default domain [(null)]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [setautomntent_send] (0x0400):
Requesting info for automount map [auto.master] from [<ALL>]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400):
Requesting info for [auto.master@autofsd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname] (0x0400):
No such map
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0080):
No automount map [auto.master] in cache for domain [autofsd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400):
Requesting info for [auto.master@authd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname] (0x0400):
No such map
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0080):
No automount map [auto.master] in cache for domain [authd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_issue_request] (0x0400):
Issuing request for [0x40c040:0:auto.master@authd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_get_autofs_msg] (0x0400):
Creating autofs request for [cardiff][4105][mapname=auto.master]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_internal_get_send]
(0x0400): Entering request [0x40c040:0:auto.master@authd]
(Thu Mar 26 10:07:59 2015) [sssd[be[authd]]] [be_autofs_handler] (0x0400):
Entering be_autofs_handler()
(Thu Mar 26 10:07:59 2015) [sssd[be[authd]]] [be_autofs_handler] (0x0020):
Undefined backend target.
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_cache_updated]
(0x0020): Unable to get information from Data Provider
Error: 3, 19, Autofs back end target is not configured
Will try to return what we have in cache(Thu Mar 26 10:07:59 2015)
[sssd[autofs]] [sss_autofs_cmd_setautomntent] (0x0400): Got request for
automount map named auto.master
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_parse_name_for_domains]
(0x0200): name 'auto.master' matched without domain, user is auto.master
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_parse_name_for_domains]
(0x0200): using default domain [(null)]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [setautomntent_send] (0x0400):
Requesting info for automount map [auto.master] from [<ALL>]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400):
Requesting info for [auto.master@autofsd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname] (0x0400):
No such map
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0080):
No automount map [auto.master] in cache for domain [autofsd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400):
Requesting info for [auto.master@authd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname] (0x0400):
No such map
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0080):
No automount map [auto.master] in cache for domain [authd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_issue_request] (0x0400):
Issuing request for [0x40c040:0:auto.master@authd]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_get_autofs_msg] (0x0400):
Creating autofs request for [cardiff][4105][mapname=auto.master]
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_internal_get_send]
(0x0400): Entering request [0x40c040:0:auto.master@authd]
(Thu Mar 26 10:07:59 2015) [sssd[be[authd]]] [be_autofs_handler] (0x0400):
Entering be_autofs_handler()
(Thu Mar 26 10:07:59 2015) [sssd[be[authd]]] [be_autofs_handler] (0x0020):
Undefined backend target.
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_cache_updated]
(0x0020): Unable to get information from Data Provider
Error: 3, 19, Autofs back end target is not configured
Will try to return what we have in cache
OK, the only way I could get the config to work was:
[domain/autofsdomain]
id_provider=ldap
auth_provider=none
autofs_provider=ldap
ldap_user_search_base = dc=no,dc=such,dc=object
ldap_group_search_base = dc=no,dc=such,dc=object
ldap_autofs_search_base = dc=linux,dc=test
ldap_uri =
ldap://ipa2.linux.test
so both identity requests and autofs requests will make it to the second
domain..there is just a phony user search base to make sure no users can
match the LDAP server entries.
I still consider it a bug that SSSD doesn't allow setting
auth_provider=none.
btw I remembered why id_provider=local didn't work -- unlike the other
providers, it's not a real back end, just a hardcoded one.