Here is the log file for autofs.

Thanks

On 25 September 2015 at 10:31, Ondrej Valousek <Ondrej.Valousek@s3group.com> wrote:

Try to raise debug level to say 50.

It is still not clear to me whether sssd is unable to connect to DC or whether it is unable to find auto.master

O.

 

From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Fabien CARRE
Sent: Friday, September 25, 2015 9:20 AM
To: End-user discussions about the System Security Services Daemon <sssd-users@lists.fedorahosted.org>
Subject: Re: [SSSD-users] Make autofs work with Active Drectory

 

Hello,

It doesn't help either. 

 

I now get 

(Fri Sep 25 10:07:46 2015) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): name 'auto.master' matched without domain, user is auto.master

(Fri Sep 25 10:07:46 2015) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)]

(Fri Sep 25 10:07:46 2015) [sssd[be[ad.mikdom.org]]] [sdap_autofs_handler] (0x0200): Requested refresh for: auto.master

(Fri Sep 25 10:07:46 2015) [sssd[autofs]] [getautomntent_process] (0x0080): No entries found

 

 

 

 

 

On 25 September 2015 at 09:32, Ondrej Valousek <Ondrej.Valousek@s3group.com> wrote:

Ok,

Try to add:

 

ldap_sasl_mech = GSSAPI

 

let me know if it helps.

Ondrej

 

 

From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Fabien CARRE
Sent: Thursday, September 24, 2015 3:26 PM
To: sssd-users@lists.fedorahosted.org
Subject: [SSSD-users] Make autofs work with Active Drectory

 

Hello,

I have been struggling for some days now, trying to use sssd with a Active Directory (Windows 2008 R2).

 

 

I followed this post https://ovalousek.wordpress.com/2015/08/03/autofs but I am unable to make it work.

 

So far, I can log in, and apply the sudoers rules but the automount won't work.

 

OS : Fedora 20

sssd-common-pac-1.11.7-5.fc20.x86_64

sssd-proxy-1.11.7-5.fc20.x86_64

python-sssdconfig-1.11.7-5.fc20.noarch

sssd-tools-1.11.7-5.fc20.x86_64

sssd-common-1.11.7-5.fc20.x86_64

sssd-krb5-1.11.7-5.fc20.x86_64

sssd-1.11.7-5.fc20.x86_64

sssd-ldap-1.11.7-5.fc20.x86_64

sssd-ipa-1.11.7-5.fc20.x86_64

sssd-ad-1.11.7-5.fc20.x86_64

sssd-krb5-common-1.11.7-5.fc20.x86_64

sssd-client-1.11.7-5.fc20.x86_64

 

Any ideas ? Thank you.

 

autofs OU:

dn: OU=autofs,DC=ad,DC=mikdom,DC=org

objectClass: top

objectClass: organizationalUnit

 

dn: CN=auto.master,OU=autofs,DC=ad,DC=mikdom,DC=org

objectClass: top

objectClass: nisMap

cn: auto.master

nisMapName: auto.master

 

dn: CN=/homes,CN=auto.master,OU=autofs,DC=ad,DC=mikdom,DC=org

objectClass: top

objectClass: nisObject

cn: /homes

nisMapName: auto.master

nisMapEntry: ldap:cn=auto.home,ou=autofs,dc=ad,mikdom,dc=org

 

dn: CN=auto.home,OU=autofs,DC=ad,DC=mikdom,DC=org

objectClass: top

objectClass: nisMap

cn: auto.home

nisMapName: auto.home

 

dn: CN=/,CN=auto.home,OU=autofs,DC=ad,DC=mikdom,DC=org

objectClass: top

objectClass: nisObject

cn: /

nisMapName: auto.home

nisMapEntry: -fstype=nfs homeserv:/vol/homes/&

 

 

sssd config file :

[sssd]

domains = ad.mikdom.org

config_file_version = 2

services = nss, pam, autofs, sudo

 

[pam]

 

[nss]

 

[domain/ad.mikdom.org]

ad_domain = ad.mikdom.org

access_provider = ad

auth_provider = ad

access_provider = ad

krb5_realm = AD.MIKDOM.ORG

realmd_tags = manages-system joined-with-adcli 

cache_credentials = True

id_provider = ad

krb5_store_password_if_offline = True

default_shell = /bin/bash

ldap_id_mapping = True

fallback_homedir = /home/%u

use_fully_qualified_names = False

 

 

#sudo                                     

sudo_provider = ad                     

ldap_sudo_search_base = ou=SUDOers,dc=ad,dc=mikdom,dc=org

ldap_sudo_full_refresh_interval = 86400

ldap_sudo_smart_refresh_interval = 3600

 

#autofs

ldap_schema = rfc2307

autofs_provider = ldap

ldap_autofs_entry_key = cn

ldap_autofs_entry_object_class = nisObject

ldap_autofs_entry_value = nisMapEntry

ldap_autofs_map_name = nisMapName

ldap_autofs_map_object_class = nisMap

ldap_autofs_search_base = ou=autofs,dc=ad,dc=mikdom,dc=org

 

[autofs]

 

sssd debug :

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'myactived.ad.mikdom.org' as 'working'

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [set_server_common_status] (0x0100): Marking server 'myactived.ad.mikdom.org' as 'working'

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In orde

r to perform this operation a successful bind must be completed on the connection., data 0, v1db1

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [5]: Input/output error

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Input/output error

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_id_op_done] (0x0200): communication error on cached connection, moving to next server

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [be_resolve_server_process] (0x0200): Found address for server myactived.ad.mikdom.org: [192.168.200.245] TTL 3600

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility level to [4]

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_cli_auth_step] (0x0100): expire timeout is 900

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'myactived.ad.mikdom.org' as 'working'

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [set_server_common_status] (0x0100): Marking server 'myactived.ad.mikdom.org' as 'working'

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In orde

r to perform this operation a successful bind must be completed on the connection., data 0, v1db1

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [5]: Input/output error

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Input/output error

(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_id_op_done] (0x0200): communication error on cached connection, moving to next server

(Thu Sep 24 16:17:42 2015) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider

Error: 3, 5, Input/output error

Will try to return what we have in cache

 

 

-----
 
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.


_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

 

-----

The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.

_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users