automount fails with both versions of the maps. Worked fine with both openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False [autofs] autofs_provider=ldap ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry
#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site #ldap_autofs_map_object_class = automountMap #ldap_autofs_entry_object_class = automount #ldap_autofs_map_name = automountMapName #ldap_autofs_entry_key = automountKey #ldap_autofs_entry_value = automountInformation
[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
On (22/05/14 22:36), steve wrote:
automount fails with both versions of the maps. Worked fine with both openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False [autofs]
#start_block
autofs_provider=ldap ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry
#end_block ^^^^^^^^^^ All these options should be in domain section. (man sssd.conf and man sssd-ldap
#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site #ldap_autofs_map_object_class = automountMap #ldap_autofs_entry_object_class = automount #ldap_autofs_map_name = automountMapName #ldap_autofs_entry_key = automountKey #ldap_autofs_entry_value = automountInformation
[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
LS
On 22/05/14 23:04, Lukas Slebodnik wrote:
On (22/05/14 22:36), steve wrote:
automount fails with both versions of the maps. Worked fine with both openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False [autofs]
#start_block
autofs_provider=ldap ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry
#end_block ^^^^^^^^^^ All these options should be in domain section. (man sssd.conf and man sssd-ldap
#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site #ldap_autofs_map_object_class = automountMap #ldap_autofs_entry_object_class = automount #ldap_autofs_map_name = automountMapName #ldap_autofs_entry_key = automountKey #ldap_autofs_entry_value = automountInformation
[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
LS
Hi Moved to domain section:
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [autofs]
[domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
but, upon restarting both sssd and autofs:
(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site] (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 5, Error de entrada/salida Will try to return what we have in cache (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
Any ideas? What changed between 1.11.4 and 1.11.5? Thanks, Steve
On 23/05/14 07:38, steve wrote:
On 22/05/14 23:04, Lukas Slebodnik wrote:
On (22/05/14 22:36), steve wrote:
automount fails with both versions of the maps. Worked fine with both openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False [autofs]
#start_block
autofs_provider=ldap ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry
#end_block ^^^^^^^^^^ All these options should be in domain section. (man sssd.conf and man sssd-ldap
#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site #ldap_autofs_map_object_class = automountMap #ldap_autofs_entry_object_class = automount #ldap_autofs_map_name = automountMapName #ldap_autofs_entry_key = automountKey #ldap_autofs_entry_value = automountInformation
[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
LS
Hi Moved to domain section:
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [autofs]
[domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
but, upon restarting both sssd and autofs:
(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site] (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 5, Error de entrada/salida Will try to return what we have in cache (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
Any ideas? What changed between 1.11.4 and 1.11.5? Thanks,
- - - OK Have added the ldap sasl and keytab lines and now the mounts appear:
auto.shared on /home/shared type autofs (rw,relatime,fd=7,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect) auto.users on /home/users type autofs (rw,relatime,fd=14,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect)
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site
[nss]
[pam]
[autofs]
[domain/hh3.site]
autofs_provider = ldap id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$ krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
But if I login as my domain user and aattempt to automout e.g. my home directory, it does not automount:
getent passwd steve2 steve2:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [3000021@hh3.site] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0080): No matching domain found for [3000021] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0100): Requesting info for [20513@hh3.site] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0080): No matching domain found for [20513] (Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process] (0x0080): No key named [steve2] found (Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process] (0x0080): No key named [/] found
In other words, the works fine with 1.9.6. How do I translate it to ad with 1.11.5?
[sssd] services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [autofs]
[domain/default] ldap_schema = rfc2307bis access_provider = simple enumerate = FALSE cache_credentials = true id_provider = ldap auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site ldap_referrals = false ldap_uri = ldap://hh16.hh3.site/ ldap_search_base = dc=hh3,dc=site ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = ALTET$ krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider = ldap ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation krb5_kdcip = krb5_validate = False krb5_renewable_lifetime = 1d krb5_lifetime = 1d
On Fri, May 23, 2014 at 09:19:32AM +0200, steve wrote:
On 23/05/14 07:38, steve wrote:
On 22/05/14 23:04, Lukas Slebodnik wrote:
On (22/05/14 22:36), steve wrote:
automount fails with both versions of the maps. Worked fine with both openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False [autofs]
#start_block
autofs_provider=ldap ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry
#end_block ^^^^^^^^^^ All these options should be in domain section. (man sssd.conf and man sssd-ldap
#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site #ldap_autofs_map_object_class = automountMap #ldap_autofs_entry_object_class = automount #ldap_autofs_map_name = automountMapName #ldap_autofs_entry_key = automountKey #ldap_autofs_entry_value = automountInformation
[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
LS
Hi Moved to domain section:
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [autofs]
[domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
but, upon restarting both sssd and autofs:
(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site] (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 5, Error de entrada/salida Will try to return what we have in cache (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
Any ideas? What changed between 1.11.4 and 1.11.5? Thanks,
OK Have added the ldap sasl and keytab lines and now the mounts appear:
auto.shared on /home/shared type autofs (rw,relatime,fd=7,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect) auto.users on /home/users type autofs (rw,relatime,fd=14,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect)
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site
[nss]
[pam]
[autofs]
[domain/hh3.site]
autofs_provider = ldap id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False
ldap_sasl_mech = gssapi ldap_sasl_authid = CATRAL$ krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
But if I login as my domain user and aattempt to automout e.g. my home directory, it does not automount:
getent passwd steve2 steve2:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [3000021@hh3.site] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0080): No matching domain found for [3000021] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0100): Requesting info for [20513@hh3.site] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0080): No matching domain found for [20513] (Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process] (0x0080): No key named [steve2] found (Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process] (0x0080): No key named [/] found
In other words, the works fine with 1.9.6. How do I translate it to ad with 1.11.5?
Are you sure that swapping just the sssd version makes your setup works with identical autofs configuration and sssd.conf? When looking for 'what broke my setup', it's best to only change one component at a time.
I don't think we did many changes to autofs between 1.9 and 1.11, so I'm a bit surprised something is not working.
Can you see the maps you expect when you run automounter -m ?
Can you paste the complete logs (domain and autofs) after you restart automounter, which should re-read all maps, including when you request the map?
[sssd] services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [autofs]
[domain/default] ldap_schema = rfc2307bis access_provider = simple enumerate = FALSE cache_credentials = true id_provider = ldap auth_provider = krb5 chpass_provider = krb5 krb5_realm = HH3.SITE krb5_server = hh16.hh3.site krb5_kpasswd = hh16.hh3.site ldap_referrals = false ldap_uri = ldap://hh16.hh3.site/ ldap_search_base = dc=hh3,dc=site ldap_user_object_class = user ldap_user_name = samAccountName ldap_user_uid_number = uidNumber ldap_user_gid_number = gidNumber ldap_user_home_directory = unixHomeDirectory ldap_user_shell = loginShell ldap_group_object_class = group ldap_group_search_base = dc=hh3,dc=site ldap_group_name = cn ldap_group_member = member
ldap_sasl_mech = gssapi ldap_sasl_authid = ALTET$ krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider = ldap ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation krb5_kdcip =
Drop this option, kdcip has been deprecated for years.
krb5_validate = False krb5_renewable_lifetime = 1d krb5_lifetime = 1d
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On Fri, May 23, 2014 at 07:38:43AM +0200, steve wrote:
On 22/05/14 23:04, Lukas Slebodnik wrote:
On (22/05/14 22:36), steve wrote:
automount fails with both versions of the maps. Worked fine with both openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False [autofs]
#start_block
autofs_provider=ldap ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry
#end_block ^^^^^^^^^^ All these options should be in domain section. (man sssd.conf and man sssd-ldap
#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site #ldap_autofs_map_object_class = automountMap #ldap_autofs_entry_object_class = automount #ldap_autofs_map_name = automountMapName #ldap_autofs_entry_key = automountKey #ldap_autofs_entry_value = automountInformation
[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
LS
Hi Moved to domain section:
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [autofs]
[domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
but, upon restarting both sssd and autofs:
(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site] (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication
I know you figured out already, but for reference and anyone else reading the thread -- even if id_provider=ad would select the right authentication options, other provider set to ldap (like autofs_provider=ldap, others had same problems with sudo) would select the LDAP defaults again, which is anonymous binds.
We should implement autofs_provider=ad one of these days..
(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 5, Error de entrada/salida Will try to return what we have in cache (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
Any ideas? What changed between 1.11.4 and 1.11.5? Thanks, Steve
sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
On 23/05/14 10:53, Jakub Hrozek wrote:
On Fri, May 23, 2014 at 07:38:43AM +0200, steve wrote:
On 22/05/14 23:04, Lukas Slebodnik wrote:
On (22/05/14 22:36), steve wrote:
automount fails with both versions of the maps. Worked fine with both openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False [autofs]
#start_block
autofs_provider=ldap ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry
#end_block ^^^^^^^^^^ All these options should be in domain section. (man sssd.conf and man sssd-ldap
#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site #ldap_autofs_map_object_class = automountMap #ldap_autofs_entry_object_class = automount #ldap_autofs_map_name = automountMapName #ldap_autofs_entry_key = automountKey #ldap_autofs_entry_value = automountInformation
[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
LS
Hi Moved to domain section:
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [autofs]
[domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
but, upon restarting both sssd and autofs:
(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site] (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication
I know you figured out already, but for reference and anyone else reading the thread -- even if id_provider=ad would select the right authentication options, other provider set to ldap (like autofs_provider=ldap, others had same problems with sudo) would select the LDAP defaults again, which is anonymous binds.
We should implement autofs_provider=ad one of these days..
That would be great. Meanwhile, try as we may, we can't get it more minimalist than this: [sssd] services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [autofs] [domain/default] dyndns_update_ptr=true ad_hostname = lubuntu-laptop.hh3.site ad_server = hh16.hh3.site ad_domain = hh3.site ldap_schema = ad id_provider = ad access_provider = ad auth_provider = ad chpass_provider = ad ldap_id_mapping=false
ldap_sasl_mech = gssapi ldap_sasl_authid = LUBUNTU-LAPTOP$@HH3.SITE krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true
autofs_provider=ldap autofs_search_base = OU=automount,DC=hh3,DC=site ldap_autofs_map_object_class = automountMap ldap_autofs_entry_object_class = automount ldap_autofs_map_name = automountMapName ldap_autofs_entry_key = automountKey ldap_autofs_entry_value = automountInformation
Would it be possible to include the PTR update as part of the ad backend? Cheers, Steve
On Fri, May 23, 2014 at 12:10:14PM +0200, steve wrote:
Would it be possible to include the PTR update as part of the ad backend? Cheers, Steve
According to man sssd-ad, dyndns_update_ptr should be set to True in the AD backend. Do you not see the PTR records updated? Anything interesting in the logs?
On 23/05/14 12:43, Jakub Hrozek wrote:
On Fri, May 23, 2014 at 12:10:14PM +0200, steve wrote:
Would it be possible to include the PTR update as part of the ad backend? Cheers, Steve
According to man sssd-ad, dyndns_update_ptr should be set to True in the AD backend. Do you not see the PTR records updated? Anything interesting in the logs?
We only get A and AAAA: (Thu May 22 12:18:20 2014) [sssd[be[hh3.site]]] [be_nsupdate_create_fwd_msg] (0x0400): -- Begin nsupdate message -- realm HH3.SITE update delete lubuntu-laptop. in A send update delete lubuntu-laptop. in AAAA send update add lubuntu-laptop. 3600 in A 192.168.1.22 send
On Fri, May 23, 2014 at 12:54:59PM +0200, steve wrote:
On 23/05/14 12:43, Jakub Hrozek wrote:
On Fri, May 23, 2014 at 12:10:14PM +0200, steve wrote:
Would it be possible to include the PTR update as part of the ad backend? Cheers, Steve
According to man sssd-ad, dyndns_update_ptr should be set to True in the AD backend. Do you not see the PTR records updated? Anything interesting in the logs?
We only get A and AAAA: (Thu May 22 12:18:20 2014) [sssd[be[hh3.site]]] [be_nsupdate_create_fwd_msg] (0x0400): -- Begin nsupdate message -- realm HH3.SITE update delete lubuntu-laptop. in A send update delete lubuntu-laptop. in AAAA send update add lubuntu-laptop. 3600 in A 192.168.1.22 send
The PTR update is a separate one, I need to see more context from the logs.
If the PTR update was off, you would see a DEBUG message from "sdap_dyndns_update_done" saying "No PTR update requested, done\n"
On 23/05/14 13:14, Jakub Hrozek wrote:
On Fri, May 23, 2014 at 12:54:59PM +0200, steve wrote:
On 23/05/14 12:43, Jakub Hrozek wrote:
On Fri, May 23, 2014 at 12:10:14PM +0200, steve wrote:
Would it be possible to include the PTR update as part of the ad backend? Cheers, Steve
According to man sssd-ad, dyndns_update_ptr should be set to True in the AD backend. Do you not see the PTR records updated? Anything interesting in the logs?
We only get A and AAAA: (Thu May 22 12:18:20 2014) [sssd[be[hh3.site]]] [be_nsupdate_create_fwd_msg] (0x0400): -- Begin nsupdate message -- realm HH3.SITE update delete lubuntu-laptop. in A send update delete lubuntu-laptop. in AAAA send update add lubuntu-laptop. 3600 in A 192.168.1.22 send
The PTR update is a separate one, I need to see more context from the logs.
If the PTR update was off, you would see a DEBUG message from "sdap_dyndns_update_done" saying "No PTR update requested, done\n"
Sorry. Our test bind didn't have a reverse. Duh.
On 22/05/14 23:04, Lukas Slebodnik wrote:
On (22/05/14 22:36), steve wrote:
automount fails with both versions of the maps. Worked fine with both openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
[sssd] services = nss, pam, autofs config_file_version = 2 domains = hh3.site [nss] [pam] [domain/hh3.site] id_provider = ad auth_provider = ad access_provider = ad ldap_id_mapping = False [autofs]
#start_block
autofs_provider=ldap ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry
#end_block ^^^^^^^^^^ All these options should be in domain section. (man sssd.conf and man sssd-ldap
#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site #ldap_autofs_map_object_class = automountMap #ldap_autofs_entry_object_class = automount #ldap_autofs_map_name = automountMapName #ldap_autofs_entry_key = automountKey #ldap_autofs_entry_value = automountInformation
[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target. (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 19, Autofs back end target is not configured Will try to return what we have in cache (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site]
at log d7: (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [sdap_cli_auth_step] (0x1000): No authentication requested or SASL auth forced off (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'hh16.hh3.site' as 'working' (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [set_server_common_status] (0x0100): Marking server 'hh16.hh3.site' as 'working' (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [fo_set_port_status] (0x0400): Marking port 389 of duplicate server 'hh16.hh3.site' as 'working' (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [sdap_get_automntmap_next_base] (0x0400): Searching for automount maps with base [OU=automount,DC=hh3,DC=site] (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x0400): calling ldap_search_ext with [(&(automountMapName=auto.master)(objectclass=automountMap))][OU=automount,DC=hh3,DC=site]. (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [objectClass] (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_step] (0x1000): Requesting attrs: [automountMapName] (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0400): Search result: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap: Operations error(1), 00002020: Operation unavailable without authentication (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [5]: Error de entrada/salida (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed [5]: Error de entrada/salida (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [sdap_id_op_done] (0x0200): communication error on cached connection, moving to next server (Fri May 23 07:44:43 2014) [sssd[autofs]] [sss_dp_get_reply] (0x1000): Got reply from Data Provider - DP error code: 3 errno: 5 error message: Error de entrada/salida (Fri May 23 07:44:43 2014) [sssd[autofs]] [lookup_automntmap_cache_updated] (0x0020): Unable to get information from Data Provider Error: 3, 5, Error de entrada/salida Will try to return what we have in cache (Fri May 23 07:44:43 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [auto.master@hh3.site] (Fri May 23 07:44:43 2014) [sssd[autofs]] [sysdb_get_map_byname] (0x0400): No such map (Fri May 23 07:44:43 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [hh3.site] (Fri May 23 07:44:43 2014) [sssd[autofs]] [sss_autofs_cmd_setautomntent_done] (0x0400): setautomntent did not find requested map (Fri May 23 07:44:43 2014) [sssd[autofs]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x80544c0:0:auto.master@hh3.site] (Fri May 23 07:44:43 2014) [sssd[autofs]] [client_recv] (0x0200): Client disconnected! (Fri May 23 07:44:43 2014) [sssd[be[hh3.site]]] [be_autofs_handler_callback] (0x1000): Request processed. Returned 3,5,Error de entrada/salida (Fri May 23 07:44:48 2014) [sssd] [service_send_ping] (0x0100): Pinging hh3.site (Fri May 23 07:44:48 2014) [sssd] [ping_check] (0x0100): Service hh3.site replied to ping
sssd-users@lists.fedorahosted.org