https://access.redhat.com/solutions/2957411
3rd Google answer, FYI…
From: Max DiOrio [mailto:mdiorio@gmail.com]
Sent: Friday, March 02, 2018 4:09 PM
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: [SSSD-users] Re: autofs in a AD-forest
Is there a doc out there for setting up autofs and ad? Our devs would appreciate this, but
they want to automount a CIFS volume.
On Fri, Mar 2, 2018, 10:01 AM Roger Martensson
<roger.martensson@gmail.com<mailto:roger.martensson@gmail.com>> wrote:
Thanks for your answer. Then it was as i expected.
Will use the workaround to store the missing data in the same auto.home-hierachy in the
domain the client is joined to.
2018-03-02 14:54 GMT+01:00 Ondrej Valousek
<Ondrej.Valousek@s3group.com<mailto:Ondrej.Valousek@s3group.com>>:
Hi.
What you are asking for can’t work as automounter:
1. Has no idea from which domain the mount request coming from (it only sees – hey,
mount /a/b for me)
2. Can be used for other mounts, not just user home areas so it does not make much
sense here either
Ondrej
From: Roger Martensson
[mailto:roger.martensson@gmail.com<mailto:roger.martensson@gmail.com>]
Sent: Friday, March 02, 2018 2:33 PM
To: sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
Subject: [SSSD-users] autofs in a AD-forest
Hi!
I'm experiencing something that I'm not sure is as expected or not.
First some data:
OS: Ubuntu 16.04
SSSD Version: 1.13.4
I have managed to set up a SSSD against a AD-subdomain. NSS-lookup works. Can use
'userid', 'userid(a)subdomain1.domain.tld' and UPN when looking up an ID.
I have set up a auto_home hierarchy in AD on subdomain1.domain.tld and managed to get
AutoFS to work using this and get a working homedirectory using autofs and NFS.
When I do this with a user in an another subdomain in the forest (subdomain2.domain.tld) I
get into trouble. ID-lookup works like a charm. I have also set up a auto_home-hierarchy
in this other subdomain.
When looking in the logs is looks like the implementation of autofs only uses the domain
the SSSD is connected to. Not a single mention in the logs about the other subdomain
regarding to autofs.
Is it correct to assume that autofs in multiple domains in a forest doesn't work or am
I doing something wrong?
My sssd.conf looks like this. (some names have been changed to protect the innocent)
[domain/subdomain1.domain.tld]
access_provider = ad
ad_domain = subdomain1.domain.tld
ad_hostname = client1.subdomain1.domain.tld
autofs_provider = ad
cache_credentials = True
debug_level = 8
default_shell = /bin/bash
fallback_homedir = /userhome/%u
id_provider = ad
krb5_realm = SUBDOMAIN1.DOMAIN.TLD
krb5_store_password_if_offline = True
ldap_id_mapping = False
mkhomedir = false
realmd_tags = manages-system joined-with-adcli
[sssd]
config_file_version = 2
domains = subdomain1.domain.tld
services = nss,pam,autofs
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to:
communications@s3group.com<mailto:communications@s3group.com>. Thank You. Silicon
and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered
Office: South County Business Park, Leopardstown, Dublin 18.
_______________________________________________
sssd-users mailing list --
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
To unsubscribe send an email to
sssd-users-leave@lists.fedorahosted.org<mailto:sssd-users-leave@lists.fedorahosted.org>
_______________________________________________
sssd-users mailing list --
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
To unsubscribe send an email to
sssd-users-leave@lists.fedorahosted.org<mailto:sssd-users-leave@lists.fedorahosted.org>
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.