I get crazy. I can login to the client with AD passwd but it seems that have no right credentials to access automounted homedir . But I can access homedir on the server as owner of homedir. Both, have the same sssd.conf, krb5.conf
My configuration allows for accessing nfs share on machine level but not on user level on the client at least..
On nfs4+krb client: ====================== Ssh longina@jedi
Could not chdir to home directory /home/longina: Permission denied -bash: /home/longina/.bash_profile: Permission denied
longina@jedi:/$ cd /home/longina -bash: cd: /home/longina: Permission denied longina@jedi:/$ ----------------------------- root@jedi:~# less /proc/mounts proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 ....... ....... systemd /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,name=systemd 0 0 /etc/auto.home /home autofs rw,relatime,fd=12,pgrp=1934,timeout=300,minproto=5,maxproto=5,indirect 0 0 /etc/auto.msshare /Mshare autofs rw,relatime,fd=18,pgrp=1934,timeout=300,minproto=5,maxproto=5,indirect 0 0 gvfsd-fuse /run/user/111/gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=111,group_id=117 0 0 jota.nat.c.example.org:/nfs4/jota/longina /home/longina nfs4 rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5p,clientaddr=10.80.8.91,local_lock=none,addr=10.144.4.254 0 0 ===============================
On nfs-krb5 server - no problem with accessing homedir for user 'longina': root@jota:~# su - longina longina@jota:/$ cd /nfs4/jota/longina longina@jota:/nfs4/jota/longina$ mkdir created_by_longina_on_jota longina@jota:/nfs4/jota/longina$ ls -l total 12 drwxr-xr-x 2 longina domain users 4096 Mar 12 09:53 created_by_longina_on_jota -rw-r--r-- 1 longina domain users 0 Mar 10 10:21 created_by_long_on_jota drwxr-xr-x 2 longina domain users 4096 Feb 27 13:46 created_on_jota
cat /etc/exports: .... /nfs4/jota 10.80.8.0/24(rw,sync,no_subtree_check,sec=krb5p:krb5i:krb5) ....
Best Longina -----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Longina Przybyszewska Sent: 10. marts 2014 12:59 To: 'dpal@redhat.com'; sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] sssd-1.11.1 Trusty automount nfs4+krb+sssd
The krb5.conf is configured differently on both machines: on server , is defined one realm, one domain. On client, multidomain, multi realm.
User is from domain/realm known on both machines (NAT.C.EXAMPLE.COM)
Best Longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Dmitri Pal Sent: 7. marts 2014 16:32 To: sssd-users@lists.fedorahosted.org Subject: Re: [SSSD-users] sssd-1.11.1 Trusty automount nfs4+krb+sssd
On 03/07/2014 06:02 AM, Longina Przybyszewska wrote:
Hi again, The pieces of the automount works almost... ;( My transition step towards getting automount on login with 'autofs' as sssd service, looks like that:
-I can authenticate with sssd and AD as id/access/auth_provider
- can login to machine from login GUI directly into local home
directory /Lshare/long
- here from, using cd /home/long activates automount; Directory is mounted, but user has no permissions to access it
- sssd on client is configured without 'autofs' service (as I have no sign of automount nis-schema In AD, even if there is installed SFU) -nsswitch says : automount: files sss
If you are not using SSSD for delivering the maps then you do not need 'sss' here. But this is not the problem you are seeing.
cat /proc/mounts:
/etc/auto.home /home autofs rw,relatime,fd=13,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirec t 0 0 /etc/auto.nfs /nfs autofs rw,relatime,fd=7,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirect 0 0 /etc/auto.msshare /Mshare autofs rw,relatime,fd=19,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirec t 0 0 jota.a.domain.com:/nfs4/jota/long /home/long nfs4 rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto =tcp,port=0,timeo=600,retrans=2,sec=krb5p,clientaddr=10.80.8.91,local_ lock=none,addr=10.144.4.254 0 0
df -h shows ikke that mount.
Both , client and server run the same version of sssd-1.11.1, and user 'long' is seen as a member of the same groups on both machines.
Does it have same UID/GID on both machines?
If I run as root on client 'cd /home/long', homdir is mounted:
cat /proc/mounts /etc/auto.home /home autofs rw,relatime,fd=13,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirec t 0 0 /etc/auto.nfs /nfs autofs rw,relatime,fd=7,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirect 0 0 /etc/auto.msshare /Mshare autofs rw,relatime,fd=19,pgrp=15088,timeout=300,minproto=5,maxproto=5,indirec t 0 0 jota.a.domain.com:/nfs4/jota/long /home/long nfs4 rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto =tcp,port=0,timeo=600,retrans=2,sec=krb5p,clientaddr=10.80.8.91,local_ lock=none,addr=10.144.4.254 0 0
df -h ... jota.a.domain.com:/nfs4/jota/long 1.8T 2.1G 1.7T 1% /home/long Any ideas ?
Best longina
Med venlig hilsen
Longina Przybyszewska Systemprogrammør, IT-service
Tlf. +45 6550 2359 Mobil +45 6011 2359 Email longina@sdu.dk Web http://www.sdu.dk/ansat/longina Adr. Campusvej 55, 5230 Odense M
SYDDANSK UNIVERSITET _______________________________________________________________ Campusvej 55 * 5230 * Odense M * Tlf. +45 6550 1000 * www.sdu.dk
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Longina Przybyszewska Sent: 27. februar 2014 16:56 To: 'End-user discussions about the System Security Services Daemon' Subject: Re: [SSSD-users] sssd-1.11.1 Trusty automount nfs4+krb+sssd problem
Hi, Ubuntu Saucy nfs4+krb+sssd server Ubuntu Trusty client,sssd+autofs
I can manually mount directory (nfs4+krb) as root on the client.
Is it possible on client, use SSSD with autofs service, with automounter referring to the flat files , /etc/auto.master ,/etc/auto.home, not to ldap?
How can I check if autofs delivered with distribution supports sssd?
Best longina
-----Original Message----- From: sssd-users-bounces@lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Ondrej Valousek Sent: 20. februar 2014 13:48 To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] sssd-1.11.1 Saucy automount(nfs4+krb problem)
Created BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1067423
attached is a patch resolving the issue. Ondrej ________________________________________ From: sssd-users-bounces@lists.fedorahosted.org [sssd-users-bounces@lists.fedorahosted.org] on behalf of Simo Sorce [simo@redhat.com] Sent: Wednesday, February 19, 2014 7:35 PM To: End-user discussions about the System Security Services Daemon Subject: Re: [SSSD-users] sssd-1.11.1 Saucy automount(nfs4+krb problem)
On Wed, 2014-02-19 at 15:04 +0000, Ondrej Valousek wrote:
Hi Simo,
I are you getting on about this with Steve?
This is the current situation: <steved> simo: post a patch with what you want and lets talk about it....
:-)
Would it be better to open a RFE for this? I would like to know where we are standing - whether there is any chance that RHEL6 will be fixed or it would only go to RHEL 7.
An RFE for RHEL7 would be nice.
Simo.
-- Simo Sorce * Red Hat, Inc * New York
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-- Thank you, Dmitri Pal
Sr. Engineering Manager for IdM portfolio Red Hat Inc.
------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users