On 23/05/14 07:38, steve wrote:
On 22/05/14 23:04, Lukas Slebodnik wrote:
On (22/05/14 22:36), steve wrote:
automount fails with both versions of the maps. Worked fine with both openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False [autofs]
#start_block
autofs_provider=ldap ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry
#end_block ^^^^^^^^^^ All these options should be in domain section. (man sssd.conf and man sssd-ldap
#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site #ldap_autofs_map_object_class = automountMap #ldap_autofs_entry_object_class = automount #ldap_autofs_map_name = automountMapName #ldap_autofs_entry_key = automountKey #ldap_autofs_entry_value = automountInformation
[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
LS
Hi Moved to domain section:
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [autofs]
[domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
but, upon restarting both sssd and autofs:
(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site] (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 5, Error de entrada/salida Will try to return what we have in cache (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
Any ideas? What changed between 1.11.4 and 1.11.5? Thanks,
- - - OK Have added the ldap sasl and keytab lines and now the mounts appear:
auto.shared on /home/shared type autofs (rw,relatime,fd=7,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect) auto.users on /home/users type autofs (rw,relatime,fd=14,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect)
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site
[nss]
[pam]
[autofs]
[domain/hh3.site]
autofs_provider = ldap id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$ krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
But if I login as my domain user and aattempt to automout e.g. my home directory, it does not automount:
getent passwd steve2 steve2:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [3000021@hh3.site] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0080): No matching domain found for [3000021] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0100): Requesting info for [20513@hh3.site] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0080): No matching domain found for [20513] (Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process] (0x0080): No key named [steve2] found (Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process] (0x0080): No key named [/] found
In other words, the works fine with 1.9.6. How do I translate it to ad with 1.11.5?
[sssd] services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [autofs]
[domain/default] ldap_schema = rfc2307bis access_provider = simple enumerate = FALSE cache_credentials = true id_provider = ldap auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site ldap_referrals = false ldap_uri = ldap://hh16.hh3.site/ ldap_search_base = dc=hh3,dc=site ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = ALTET$ krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider = ldap ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation krb5_kdcip = krb5_validate = False krb5_renewable_lifetime = 1d krb5_lifetime = 1d