On Thu, Mar 26, 2015 at 10:21:14AM +0000, Matt John wrote:
On Thu, 26 Mar, 2015 at 9:28 AM, Jakub Hrozek jhrozek@redhat.com wrote:
On Thu, Mar 26, 2015 at 09:25:34AM +0000, Matt John wrote:
It seems that auth_provider cannot be none when using local as the id_provider. [sssd] [confdb_get_domain_internal] (0x0010): Local ID provider does not support [none] as an AUTH provider. [sssd] [confdb_get_domains] (0x0010): Error (22 [Invalid argument]) retrieving domain [autofsd], skipping!
Ugh, another subtle bug :-)
auth_provider=local would work as well, then. Also setting the ldap_search_base to some part of subtree that doesn't hit the users would "solve" the problem, but nonexisting entries would fire two ldap searches in this case against both of the domains.
When auth_provider is set to local no automount information is returned at all.
(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_autofs_cmd_setautomntent] (0x0400): Got request for automount map named auto.master (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): name 'auto.master' matched without domain, user is auto.master (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [setautomntent_send] (0x0400): Requesting info for automount map [auto.master] from [<ALL>] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [auto.master@autofsd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname] (0x0400): No such map (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [autofsd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [auto.master@authd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname] (0x0400): No such map (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [authd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_issue_request] (0x0400): Issuing request for [0x40c040:0:auto.master@authd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_get_autofs_msg] (0x0400): Creating autofs request for [cardiff][4105][mapname=auto.master] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_internal_get_send] (0x0400): Entering request [0x40c040:0:auto.master@authd] (Thu Mar 26 10:07:59 2015) [sssd[be[authd]]] [be_autofs_handler] (0x0400): Entering be_autofs_handler() (Thu Mar 26 10:07:59 2015) [sssd[be[authd]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache(Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_autofs_cmd_setautomntent] (0x0400): Got request for automount map named auto.master (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): name 'auto.master' matched without domain, user is auto.master (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): using default domain [(null)] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [setautomntent_send] (0x0400): Requesting info for automount map [auto.master] from [<ALL>] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [auto.master@autofsd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname] (0x0400): No such map (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [autofsd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [auto.master@authd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sysdb_get_map_byname] (0x0400): No such map (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [authd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_issue_request] (0x0400): Issuing request for [0x40c040:0:auto.master@authd] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_get_autofs_msg] (0x0400): Creating autofs request for [cardiff][4105][mapname=auto.master] (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [sss_dp_internal_get_send] (0x0400): Entering request [0x40c040:0:auto.master@authd] (Thu Mar 26 10:07:59 2015) [sssd[be[authd]]] [be_autofs_handler] (0x0400): Entering be_autofs_handler() (Thu Mar 26 10:07:59 2015) [sssd[be[authd]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu Mar 26 10:07:59 2015) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache
OK, the only way I could get the config to work was:
[domain/autofsdomain] id_provider=ldap auth_provider=none autofs_provider=ldap
ldap_user_search_base = dc=no,dc=such,dc=object ldap_group_search_base = dc=no,dc=such,dc=object ldap_autofs_search_base = dc=linux,dc=test ldap_uri = ldap://ipa2.linux.test
so both identity requests and autofs requests will make it to the second domain..there is just a phony user search base to make sure no users can match the LDAP server entries.
I still consider it a bug that SSSD doesn't allow setting auth_provider=none.
btw I remembered why id_provider=local didn't work -- unlike the other providers, it's not a real back end, just a hardcoded one.