On 23/05/14 10:53, Jakub Hrozek wrote:
On Fri, May 23, 2014 at 07:38:43AM +0200, steve wrote:
On 22/05/14 23:04, Lukas Slebodnik wrote:
On (22/05/14 22:36), steve wrote:
automount fails with both versions of the maps. Worked fine with both openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False [autofs]
#start_block
autofs_provider=ldap ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry
#end_block ^^^^^^^^^^ All these options should be in domain section. (man sssd.conf and man sssd-ldap
#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site #ldap_autofs_map_object_class = automountMap #ldap_autofs_entry_object_class = automount #ldap_autofs_map_name = automountMapName #ldap_autofs_entry_key = automountKey #ldap_autofs_entry_value = automountInformation
[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
LS
Hi Moved to domain section:
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [autofs]
[domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
but, upon restarting both sssd and autofs:
(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site] (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication
I know you figured out already, but for reference and anyone else reading the thread -- even if id_provider=ad would select the right authentication options, other provider set to ldap (like autofs_provider=ldap, others had same problems with sudo) would select the LDAP defaults again, which is anonymous binds.
We should implement autofs_provider=ad one of these days..
That would be great. Meanwhile, try as we may, we can't get it more minimalist than this: [sssd] services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [autofs] [domain/default] dyndns_update_ptr=true ad_hostname = lubuntu-laptop.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site ldap_schema = ad id_provider = ad access_provider = ad auth_provider = ad chpass_provider = ad ldap_id_mapping=false
ldap_sasl_mech = gssapi ldap_sasl_authid = LUBUNTU-LAPTOP$@HH3.SITE krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
Would it be possible to include the PTR update as part of the ad backend? Cheers, Steve