I get crazy.
I can login to the client with AD passwd but it seems that have no right credentials to
access
automounted homedir . But I can access homedir on the server as owner of homedir.
Both, have the same sssd.conf, krb5.conf
My configuration allows for accessing nfs share on machine level but not on user level on
the client at least..
On nfs4+krb client:
======================
Ssh longina@jedi
Could not chdir to home directory /home/longina: Permission denied
-bash: /home/longina/.bash_profile: Permission denied
longina@jedi:/$ cd /home/longina
-bash: cd: /home/longina: Permission denied
longina@jedi:/$
-----------------------------
root@jedi:~# less /proc/mounts
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
.......
.......
systemd /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,name=systemd 0 0
/etc/auto.home /home autofs
rw,relatime,fd=12,pgrp=1934,timeout=300,minproto=5,maxproto=5,indirect 0 0
/etc/auto.msshare /Mshare autofs
rw,relatime,fd=18,pgrp=1934,timeout=300,minproto=5,maxproto=5,indirect 0 0
gvfsd-fuse /run/user/111/gvfs fuse.gvfsd-fuse
rw,nosuid,nodev,relatime,user_id=111,group_id=117 0 0
jota.nat.c.example.org:/nfs4/jota/longina /home/longina nfs4
rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5p,clientaddr=10.80.8.91,local_lock=none,addr=10.144.4.254
0 0
===============================
On nfs-krb5 server - no problem with accessing homedir for user 'longina':
root@jota:~# su - longina
longina@jota:/$ cd /nfs4/jota/longina
longina@jota:/nfs4/jota/longina$ mkdir created_by_longina_on_jota
longina@jota:/nfs4/jota/longina$ ls -l
total 12
drwxr-xr-x 2 longina domain users 4096 Mar 12 09:53 created_by_longina_on_jota
-rw-r--r-- 1 longina domain users 0 Mar 10 10:21 created_by_long_on_jota
drwxr-xr-x 2 longina domain users 4096 Feb 27 13:46 created_on_jota
cat /etc/exports:
....
/nfs4/jota 10.80.8.0/24(rw,sync,no_subtree_check,sec=krb5p:krb5i:krb5)
....
Best
Longina
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Longina Przybyszewska
Sent: 10. marts 2014 12:59
To: 'dpal(a)redhat.com'; sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] sssd-1.11.1 Trusty automount nfs4+krb+sssd
The krb5.conf is configured differently on both machines:
on server , is defined one realm, one domain.
On client, multidomain, multi realm.
User is from domain/realm known on both machines (
NAT.C.EXAMPLE.COM)
Best
Longina
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Dmitri Pal
Sent: 7. marts 2014 16:32
To: sssd-users(a)lists.fedorahosted.org
Subject: Re: [SSSD-users] sssd-1.11.1 Trusty automount nfs4+krb+sssd
On 03/07/2014 06:02 AM, Longina Przybyszewska wrote:
Hi again,
The pieces of the automount works almost... ;( My transition step
towards getting automount on login with 'autofs' as sssd service, looks like
that:
-I can authenticate with sssd and AD as id/access/auth_provider
- can login to machine from login GUI directly into local home
directory /Lshare/long
- here from, using cd /home/long activates automount; Directory is mounted, but user has
no permissions
to access it
- sssd on client is configured without 'autofs' service (as I have no sign of
automount nis-schema
In AD, even if there is installed SFU) -nsswitch says :
automount: files sss
If you are not using SSSD for delivering the maps then you do not need 'sss' here.
But this is not the problem you are seeing.
cat /proc/mounts:
/etc/auto.home /home autofs
rw,relatime,fd=13,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirec
t 0 0 /etc/auto.nfs /nfs autofs
rw,relatime,fd=7,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirect
0 0 /etc/auto.msshare /Mshare autofs
rw,relatime,fd=19,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirec
t 0 0 jota.a.domain.com:/nfs4/jota/long /home/long nfs4
rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto
=tcp,port=0,timeo=600,retrans=2,sec=krb5p,clientaddr=10.80.8.91,local_
lock=none,addr=10.144.4.254 0 0
df -h shows ikke that mount.
Both , client and server run the same version of sssd-1.11.1, and user 'long' is
seen as a member of the same groups on both machines.
Does it have same UID/GID on both machines?
If I run as root on client 'cd /home/long', homdir is mounted:
cat /proc/mounts
/etc/auto.home /home autofs
rw,relatime,fd=13,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirec
t 0 0 /etc/auto.nfs /nfs autofs
rw,relatime,fd=7,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirect
0 0 /etc/auto.msshare /Mshare autofs
rw,relatime,fd=19,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirec
t 0 0 jota.a.domain.com:/nfs4/jota/long /home/long nfs4
rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto
=tcp,port=0,timeo=600,retrans=2,sec=krb5p,clientaddr=10.80.8.91,local_
lock=none,addr=10.144.4.254 0 0
df -h
...
jota.a.domain.com:/nfs4/jota/long 1.8T 2.1G 1.7T 1% /home/long
Any ideas ?
Best
longina
Med venlig hilsen
Longina Przybyszewska
Systemprogrammør, IT-service
Tlf. +45 6550 2359
Mobil +45 6011 2359
Email longina(a)sdu.dk
Web
http://www.sdu.dk/ansat/longina
Adr. Campusvej 55, 5230 Odense M
SYDDANSK UNIVERSITET
_______________________________________________________________
Campusvej 55 * 5230 * Odense M * Tlf. +45 6550 1000 *
www.sdu.dk
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of
Longina Przybyszewska
Sent: 27. februar 2014 16:56
To: 'End-user discussions about the System Security Services Daemon'
Subject: Re: [SSSD-users] sssd-1.11.1 Trusty automount nfs4+krb+sssd
problem
Hi,
Ubuntu Saucy nfs4+krb+sssd server
Ubuntu Trusty client,sssd+autofs
I can manually mount directory (nfs4+krb) as root on the client.
Is it possible on client, use SSSD with autofs service, with automounter referring to
the flat files , /etc/auto.master ,/etc/auto.home, not to ldap?
How can I check if autofs delivered with distribution supports sssd?
Best
longina
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Ondrej
Valousek
Sent: 20. februar 2014 13:48
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] sssd-1.11.1 Saucy automount(nfs4+krb
problem)
Created BZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1067423
attached is a patch resolving the issue.
Ondrej
________________________________________
From: sssd-users-bounces(a)lists.fedorahosted.org
[sssd-users-bounces(a)lists.fedorahosted.org] on behalf of Simo Sorce
[simo(a)redhat.com]
Sent: Wednesday, February 19, 2014 7:35 PM
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] sssd-1.11.1 Saucy automount(nfs4+krb
problem)
On Wed, 2014-02-19 at 15:04 +0000, Ondrej Valousek wrote:
> Hi Simo,
>
> I are you getting on about this with Steve?
This is the current situation:
<steved> simo: post a patch with what you want and lets talk about it....
:-)
> Would it be better to open a RFE for this? I would like to know where
> we are standing - whether there is any chance that RHEL6 will be
> fixed or it would only go to RHEL 7.
An RFE for RHEL7 would be nice.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users