On 23/05/14 10:53, Jakub Hrozek wrote:
On Fri, May 23, 2014 at 07:38:43AM +0200, steve wrote:
> On 22/05/14 23:04, Lukas Slebodnik wrote:
>> On (22/05/14 22:36), steve wrote:
>>> automount fails with both versions of the maps. Worked fine with both
>>> openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
>>>
>>> [sssd]
>>> services = nss, pam, autofs
>>> config_file_version = 2
>>> domains = hh3.site
>>> [nss]
>>> [pam]
>>> [domain/hh3.site]
>>> id_provider = ad
>>> auth_provider = ad
>>> access_provider = ad
>>> ldap_id_mapping = False
>>> [autofs]
>>
>> #start_block
>>> autofs_provider=ldap
>>> ldap_autofs_search_base =
>>> CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site
>>> ldap_autofs_map_object_class = nisMap
>>> ldap_autofs_entry_object_class = nisObject
>>> ldap_autofs_map_name = nisMapName
>>> ldap_autofs_entry_key = cn
>>> ldap_autofs_entry_value = nisMapEntry
>> #end_block
>> ^^^^^^^^^^
>> All these options should be in domain section. (man sssd.conf and man sssd-ldap
>>
>>>
>>> #ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
>>> #ldap_autofs_map_object_class = automountMap
>>> #ldap_autofs_entry_object_class = automount
>>> #ldap_autofs_map_name = automountMapName
>>> #ldap_autofs_entry_key = automountKey
>>> #ldap_autofs_entry_value = automountInformation
>>>
>>>
>>> [sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target.
>>> (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated]
>>> (0x0020): Unable to get information from Data Provider
>>> Error: 3, 19, Autofs back end target is not configured
>>> Will try to return what we have in cache
>>> (Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080):
>>> No automount map [auto.master] in cache for domain [hh3.site]
>>
>> LS
>
> Hi
> Moved to domain section:
>
> [sssd]
> services = nss, pam, autofs
> config_file_version = 2
> domains = hh3.site
> [nss]
> [pam]
> [autofs]
>
> [domain/hh3.site]
> id_provider = ad
> auth_provider = ad
> access_provider = ad
> ldap_id_mapping = False
> autofs_provider=ldap
>
> ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
> ldap_autofs_map_object_class = automountMap
> ldap_autofs_entry_object_class = automount
> ldap_autofs_map_name = automountMapName
> ldap_autofs_entry_key = automountKey
> ldap_autofs_entry_value = automountInformation
>
> but, upon restarting both sssd and autofs:
>
> (Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step]
> (0x0080): No automount map [auto.master] in cache for domain
> [hh3.site]
> (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
> [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap:
> Operations error(1), 00002020: Operation unavailable without
> authentication
> (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
> [sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv
> failed [5]: Error de entrada/salida
> (Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
> [sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap:
> Operations error(1), 00002020: Operation unavailable without
> authentication
I know you figured out already, but for reference and anyone else
reading the thread -- even if id_provider=ad would select the right
authentication options, other provider set to ldap (like
autofs_provider=ldap, others had same problems with sudo) would select
the LDAP defaults again, which is anonymous binds.
We should implement autofs_provider=ad one of these days..
That would be great. Meanwhile, try as we may, we can't get it more
minimalist than this:
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = default
[nss]
[pam]
[autofs]
[domain/default]
dyndns_update_ptr=true
ad_hostname = lubuntu-laptop.hh3.site
ad_server = hh16.hh3.site
ad_domain = hh3.site
ldap_schema = ad
id_provider = ad
access_provider = ad
auth_provider = ad
chpass_provider = ad
ldap_id_mapping=false
ldap_sasl_mech = gssapi
ldap_sasl_authid = LUBUNTU-LAPTOP$(a)HH3.SITE
krb5_keytab = /etc/krb5.keytab
ldap_krb5_init_creds = true
autofs_provider=ldap
autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation
Would it be possible to include the PTR update as part of the ad backend?
Cheers,
Steve