Hi,
There is something I have trouble to understand with autofs tied to sssd on redhat, do you know need any kind of settings to autofs ( /etc/auto* ) or just changing nsswitch.conf + setting up sssd is good enough? When I run automount --dumpmaps it's finding the map from the remote LDAP but then it tries to connect locally ( 127.0.0.1 ) to reach a LDAP server and obviously fails. Am I missing something?
Regards, Dan,
Dan,
It sounds like a configuration issue, it should be making requests to your nfs/cifs server.
Dan
On 2/1/16 8:53 PM, Dan Cenafik wrote:
Hi,
There is something I have trouble to understand with autofs tied to sssd on redhat, do you know need any kind of settings to autofs ( /etc/auto* ) or just changing nsswitch.conf + setting up sssd is good enough? When I run automount --dumpmaps it's finding the map from the remote LDAP but then it tries to connect locally ( 127.0.0.1 ) to reach a LDAP server and obviously fails. Am I missing something?
Regards, Dan, _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
Does autofs makes request to ldap or everything should go through nsswitch / sss? This is the issue:
[root@base sssd]# automount --dumpmaps lookup_nss_read_master: reading master sss auto.master parse_init: parse(sun): init gathered global options: (null)
autofs dump map information ===========================
global options: none configured
Mount point: /nfs
source(s): lookup_nss_read_map: reading map ldap ldap:ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com". parse_server_string: lookup(ldap): server "(default)", base dn "ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com" parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 1, sasl_mech: (null) parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null) parse_init: parse(sun): init gathered global options: rsize=8192,wsize=8192 do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) bind_ldap_simple: lookup(ldap): Unable to bind to the LDAP server: (default), error Can't contact LDAP server do_bind: lookup(ldap): ldap simple bind returned -1
type: ldap map: ldap:ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com arguments: rsize=8192 wsize=8192
no keys found in map
On 02/02/2016 09:38 AM, Dan Cenafik wrote:
Does autofs makes request to ldap or everything should go through nsswitch / sss? This is the issue:
[root@base sssd]# automount --dumpmaps lookup_nss_read_master: reading master sss auto.master parse_init: parse(sun): init gathered global options: (null)
autofs dump map information
global options: none configured
Mount point: /nfs
source(s): lookup_nss_read_map: reading map ldap ldap:ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com". parse_server_string: lookup(ldap): server "(default)", base dn "ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com" parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 1, sasl_mech: (null) parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null) parse_init: parse(sun): init gathered global options: rsize=8192,wsize=8192 do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) bind_ldap_simple: lookup(ldap): Unable to bind to the LDAP server: (default), error Can't contact LDAP server do_bind: lookup(ldap): ldap simple bind returned -1
type: ldap map: ldap:ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com arguments: rsize=8192 wsize=8192
no keys found in map _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
do you have /etc/sssd/sssd.conf setup correctly for autofs? services needs an entry, plus a conf section for autofs and the domain conf section may need items, too
does /etc/nsswitch.conf have automount set correctly? the value sss should be there
it looks like you may have configured /etc/auto.master instead of /etc/autofs_ldap.auth.conf or something like that.
I have "automount: sss" in nsswitch.conf, sssd.conf:
[sssd] ... services = nss,ssh,sudo,pam,autofs
[autofs] autofs_provider = ldap ldap_autofs_search_base = ou=autofs,ou=services,dc=internal,dc=test,dc=com ldap_autofs_map_object_class = automountMap ldap_autofs_map_name = ou ldap_autofs_entry_object_class = automount ldap_autofs_entry_key = cn ldap_autofs_entry_value = automountInformation
I didn't touch any autofs config, it's vanilla from the RPM.
On 02/02/2016 10:13 AM, Dan Cenafik wrote:
I have "automount: sss" in nsswitch.conf, sssd.conf:
[sssd] ... services = nss,ssh,sudo,pam,autofs
[autofs] autofs_provider = ldap ldap_autofs_search_base = ou=autofs,ou=services,dc=internal,dc=test,dc=com ldap_autofs_map_object_class = automountMap ldap_autofs_map_name = ou ldap_autofs_entry_object_class = automount ldap_autofs_entry_key = cn ldap_autofs_entry_value = automountInformation
I didn't touch any autofs config, it's vanilla from the RPM. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
my sssd.conf:
[sssd] domains = domain.tld services = nss, pam, sudo, autofs
[autofs]
[domain/domain.tld] ... autofs_provider=ldap ldap_autofs_search_base=cn=autofs,ou=Daemons,dc=domain,dc=tld ldap_autofs_map_object_class=automountMap ldap_autofs_entry_object_class=automount ldap_autofs_map_name=automountMapName ldap_autofs_entry_key=automountKey ldap_autofs_entry_value=automountInformation
note that the autofs section is blank, and the autofs related directives are under the domain section.
my autofs_ldap_auth.conf:
<?xml version="1.0" ?> <autofs_ldap_sasl_conf usetls="no" tlsrequired="no" authrequired="yes" authtype="GSSAPI" clientprinc="host/host.domain.tld@REALM" />
you may need to configure the autofs_ldap_auth.conf. i have had to on Fedora 20. have not set this up on 22 or newer yet.
Looks like your schema automount maps are still pointing to ldap automount keys Can you dump relevant info from your ldap server? Ondrej
-----Original Message----- From: Brendan Kearney [mailto:bpk678@gmail.com] Sent: Tuesday, February 02, 2016 4:03 PM To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: autofs + sssd on CentOS 6.7
On 02/02/2016 09:38 AM, Dan Cenafik wrote:
Does autofs makes request to ldap or everything should go through nsswitch / sss? This is the issue:
[root@base sssd]# automount --dumpmaps lookup_nss_read_master: reading master sss auto.master parse_init: parse(sun): init gathered global options: (null)
autofs dump map information
global options: none configured
Mount point: /nfs
source(s): lookup_nss_read_map: reading map ldap ldap:ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com". parse_server_string: lookup(ldap): server "(default)", base dn "ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com" parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 1, sasl_mech: (null) parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null) parse_init: parse(sun): init gathered global options: rsize=8192,wsize=8192 do_bind: lookup(ldap): auth_required: 1, sasl_mech (null) bind_ldap_simple: lookup(ldap): Unable to bind to the LDAP server: (default), error Can't contact LDAP server do_bind: lookup(ldap): ldap simple bind returned -1
type: ldap map: ldap:ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com arguments: rsize=8192 wsize=8192
no keys found in map _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahost ed.org
do you have /etc/sssd/sssd.conf setup correctly for autofs? services needs an entry, plus a conf section for autofs and the domain conf section may need items, too
does /etc/nsswitch.conf have automount set correctly? the value sss should be there
it looks like you may have configured /etc/auto.master instead of /etc/autofs_ldap.auth.conf or something like that. _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
This is what it looks like in LDAP.
version: 1
dn: ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: organizationalUnit objectClass: top description: Automount maps ou: AutoFS
dn: ou=auto.master,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automountMap objectClass: top ou: auto.master
dn: cn=/nfs,ou=auto.master,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: ldap:ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc =com rsize=8192,wsize=8192 cn: /nfs
dn: ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automountMap objectClass: top ou: auto.nfs
dn: cn=home,ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: xxx.com:/export/home cn: home
dn: cn=install,ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: xxx.com:/export/install cn: install
dn: cn=scripts,ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: xxx.com:/export/scripts cn: scripts
dn: cn=backup,ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: xxx.com:/export/backup cn: backup
On 02/02/2016 10:34 AM, Dan Cenafik wrote:
This is what it looks like in LDAP.
version: 1
dn: ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: organizationalUnit objectClass: top description: Automount maps ou: AutoFS
dn: ou=auto.master,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automountMap objectClass: top ou: auto.master
dn: cn=/nfs,ou=auto.master,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: ldap:ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc =com rsize=8192,wsize=8192 cn: /nfs
dn: ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automountMap objectClass: top ou: auto.nfs
dn: cn=home,ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: xxx.com:/export/home cn: home
dn: cn=install,ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: xxx.com:/export/install cn: install
dn: cn=scripts,ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: xxx.com:/export/scripts cn: scripts
dn: cn=backup,ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: xxx.com:/export/backup cn: backup _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
i am using direct mounts. here is a sample of what i am using:
dn: ou=Hypervisors,cn=autofs,ou=Daemons,dc=domain,dc=tld objectclass: organizationalUnit objectclass: top ou: Hypervisors
dn: automountMapName=auto.master,ou=Hypervisors,cn=autofs,ou=Daemons,dc=domain,dc=tld automountmapname: auto.master objectclass: automountMap objectclass: top
dn: automountKey=/-,automountMapName=auto.master,ou=Hypervisors,cn=autofs,ou=Daemons,dc=domain,dc=tld automountinformation: auto.shares automountkey: /- objectclass: automount objectclass: top
dn: automountMapName=auto.shares,ou=Hypervisors,cn=autofs,ou=Daemons,dc=domain,dc=tld automountmapname: auto.shares objectclass: automountMap objectclass: top
dn: automountKey=/backups,automountMapName=auto.shares,ou=Hypervisors,cn=autofs,ou=Daemons,dc=domain,dc=tld automountinformation: nas.domain.tld:/export/backups automountkey: /backups description: backups objectclass: automount objectclass: top
dn: automountKey=/data,automountMapName=auto.shares,ou=Hypervisors,cn=autofs,ou=Daemons,dc=domain,dc=tld automountinformation: nas.domain.tld:/export/data automountkey: /data description: data objectclass: automount objectclass: top
dn: automountKey=/var/lib/libvirt/images,automountMapName=auto.shares,ou=Hypervisors,cn=autofs,ou=Daemons,dc=domain,dc=tld automountinformation: nas.domain.tld:/export/virtuals automountkey: /var/lib/libvirt/images description: libvirt images objectclass: automount objectclass: top
Your maps are stored well for autofs & ldap backend, but not for autofs & sssd. Refer to manual for example here:
http://jhrozek.livejournal.com/2500.html
-----Original Message----- From: Dan Cenafik [mailto:blike@fedoraproject.org] Sent: Tuesday, February 02, 2016 4:35 PM To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: autofs + sssd on CentOS 6.7
This is what it looks like in LDAP.
version: 1
dn: ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: organizationalUnit objectClass: top description: Automount maps ou: AutoFS
dn: ou=auto.master,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automountMap objectClass: top ou: auto.master
dn: cn=/nfs,ou=auto.master,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: ldap:ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc =com rsize=8192,wsize=8192 cn: /nfs
dn: ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automountMap objectClass: top ou: auto.nfs
dn: cn=home,ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: xxx.com:/export/home cn: home
dn: cn=install,ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: xxx.com:/export/install cn: install
dn: cn=scripts,ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: xxx.com:/export/scripts cn: scripts
dn: cn=backup,ou=auto.nfs,ou=autofs,ou=services,dc=internal,dc=test,dc=com objectClass: automount objectClass: top automountInformation: xxx.com:/export/backup cn: backup _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
I see what you mean, you're sure about that that I need to re-create the schema with the right format?
Yes. With your schema, sssd only serve auto.master - but since your auto master basically says "go to ldap for more", it can not help you any further. You need to recreate maps with the right schema. O.
-----Original Message----- From: Dan Cenafik [mailto:blike@fedoraproject.org] Sent: Tuesday, February 02, 2016 5:03 PM To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: autofs + sssd on CentOS 6.7
I see what you mean, you're sure about that that I need to re-create the schema with the right format? _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
sssd-users@lists.fedorahosted.org
-
Brendan Kearney -
Dan Cenafik -
Dan Lavu -
Ondrej Valousek