On Fri, May 23, 2014 at 09:19:32AM +0200, steve wrote:
On 23/05/14 07:38, steve wrote:
On 22/05/14 23:04, Lukas Slebodnik wrote:
On (22/05/14 22:36), steve wrote:
automount fails with both versions of the maps. Worked fine with both openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False [autofs]
#start_block
autofs_provider=ldap ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry
#end_block ^^^^^^^^^^ All these options should be in domain section. (man sssd.conf and man sssd-ldap
#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site #ldap_autofs_map_object_class = automountMap #ldap_autofs_entry_object_class = automount #ldap_autofs_map_name = automountMapName #ldap_autofs_entry_key = automountKey #ldap_autofs_entry_value = automountInformation
[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
LS
Hi Moved to domain section:
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [autofs]
[domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
but, upon restarting both sssd and autofs:
(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site] (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 5, Error de entrada/salida Will try to return what we have in cache (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
Any ideas? What changed between 1.11.4 and 1.11.5? Thanks,
OK Have added the ldap sasl and keytab lines and now the mounts appear:
auto.shared on /home/shared type autofs (rw,relatime,fd=7,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect) auto.users on /home/users type autofs (rw,relatime,fd=14,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect)
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site
[nss]
[pam]
[autofs]
[domain/hh3.site]
autofs_provider = ldap id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$ krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
But if I login as my domain user and aattempt to automout e.g. my home directory, it does not automount:
getent passwd steve2 steve2:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [3000021@hh3.site] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0080): No matching domain found for [3000021] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0100): Requesting info for [20513@hh3.site] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0080): No matching domain found for [20513] (Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process] (0x0080): No key named [steve2] found (Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process] (0x0080): No key named [/] found
In other words, the works fine with 1.9.6. How do I translate it to ad with 1.11.5?
Are you sure that swapping just the sssd version makes your setup works with identical autofs configuration and sssd.conf? When looking for 'what broke my setup', it's best to only change one component at a time.
I don't think we did many changes to autofs between 1.9 and 1.11, so I'm a bit surprised something is not working.
Can you see the maps you expect when you run automounter -m ?
Can you paste the complete logs (domain and autofs) after you restart automounter, which should re-read all maps, including when you request the map?
[sssd] services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [autofs]
[domain/default] ldap_schema = rfc2307bis access_provider = simple enumerate = FALSE cache_credentials = true id_provider = ldap auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site ldap_referrals = false ldap_uri = ldap://hh16.hh3.site/ ldap_search_base = dc=hh3,dc=site ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = ALTET$ krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider = ldap ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation krb5_kdcip =
Drop this option, kdcip has been deprecated for years.
krb5_validate = False krb5_renewable_lifetime = 1d krb5_lifetime = 1d
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users