On 23/05/14 07:38, steve wrote:
On 22/05/14 23:04, Lukas Slebodnik wrote:
> On (22/05/14 22:36), steve wrote:
>> automount fails with both versions of the maps. Worked fine with both
>> openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
>>
>> [sssd]
>> services = nss, pam, autofs
>> config_file_version = 2
>> domains = hh3.site
>> [nss]
>> [pam]
>> [domain/hh3.site]
>> id_provider = ad
>> auth_provider = ad
>> access_provider = ad
>> ldap_id_mapping = False
>> [autofs]
>
> #start_block
>> autofs_provider=ldap
>> ldap_autofs_search_base =
>> CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site
>> ldap_autofs_map_object_class = nisMap
>> ldap_autofs_entry_object_class = nisObject
>> ldap_autofs_map_name = nisMapName
>> ldap_autofs_entry_key = cn
>> ldap_autofs_entry_value = nisMapEntry
> #end_block
> ^^^^^^^^^^
> All these options should be in domain section. (man sssd.conf and man
> sssd-ldap
>
>>
>> #ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
>> #ldap_autofs_map_object_class = automountMap
>> #ldap_autofs_entry_object_class = automount
>> #ldap_autofs_map_name = automountMapName
>> #ldap_autofs_entry_key = automountKey
>> #ldap_autofs_entry_value = automountInformation
>>
>>
>> [sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend
>> target.
>> (Thu May 22 22:29:03 2014) [sssd[autofs]]
>> [lookup_automntmap_cache_updated]
>> (0x0020): Unable to get information from Data Provider
>> Error: 3, 19, Autofs back end target is not configured
>> Will try to return what we have in cache
>> (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step]
>> (0x0080):
>> No automount map [auto.master] in cache for domain [hh3.site]
>
> LS
Hi
Moved to domain section:
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = hh3.site
[nss]
[pam]
[autofs]
[domain/hh3.site]
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation
but, upon restarting both sssd and autofs:
(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step]
(0x0080): No automount map [auto.master] in cache for domain [hh3.site]
(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
[sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap:
Operations error(1), 00002020: Operation unavailable without authentication
(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
[sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv
failed [5]: Error de entrada/salida
(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
[sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap:
Operations error(1), 00002020: Operation unavailable without authentication
(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
[sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv
failed [5]: Error de entrada/salida
(Fri May 23 07:30:54 2014) [sssd[autofs]]
[lookup_automntmap_cache_updated] (0x0020): Unable to get information
from Data Provider
Error: 3, 5, Error de entrada/salida
Will try to return what we have in cache
(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step]
(0x0080): No automount map [auto.master] in cache for domain [hh3.site]
Any ideas?
What changed between 1.11.4 and 1.11.5?
Thanks,
- - -
OK
Have added the ldap sasl and keytab lines and now the mounts appear:
auto.shared on /home/shared type autofs
(rw,relatime,fd=7,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect)
auto.users on /home/users type autofs
(rw,relatime,fd=14,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect)
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = hh3.site
[nss]
[pam]
[autofs]
[domain/hh3.site]
autofs_provider = ldap
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
ldap_sasl_mech = gssapi
ldap_sasl_authid = CATRAL$
krb5_keytab = /etc/krb5.keytab
ldap_krb5_init_creds = true
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation
But if I login as my domain user and aattempt to automout e.g. my home
directory, it does not automount:
getent passwd steve2
steve2:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search]
(0x0100): Requesting info for [3000021(a)hh3.site]
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search]
(0x0080): No matching domain found for [3000021]
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search]
(0x0100): Requesting info for [20513(a)hh3.site]
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search]
(0x0080): No matching domain found for [20513]
(Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process]
(0x0080): No key named [steve2] found
(Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process]
(0x0080): No key named [/] found
In other words, the works fine with 1.9.6. How do I translate it to ad
with 1.11.5?
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = default
[nss]
[pam]
[autofs]
[domain/default]
ldap_schema = rfc2307bis
access_provider = simple
enumerate = FALSE
cache_credentials = true
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
krb5_realm = HH3.SITE
krb5_server = hh16.hh3.site
krb5_kpasswd = hh16.hh3.site
ldap_referrals = false
ldap_uri = ldap://hh16.hh3.site/
ldap_search_base = dc=hh3,dc=site
ldap_user_object_class = user
ldap_user_name = samAccountName
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = loginShell
ldap_group_object_class = group
ldap_group_search_base = dc=hh3,dc=site
ldap_group_name = cn
ldap_group_member = member
ldap_sasl_mech = gssapi
ldap_sasl_authid = ALTET$
krb5_keytab = /etc/krb5.keytab
ldap_krb5_init_creds = true
autofs_provider = ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation
krb5_kdcip =
krb5_validate = False
krb5_renewable_lifetime = 1d
krb5_lifetime = 1d