On Fri, May 23, 2014 at 09:19:32AM +0200, steve wrote:
On 23/05/14 07:38, steve wrote:
>On 22/05/14 23:04, Lukas Slebodnik wrote:
>>On (22/05/14 22:36), steve wrote:
>>>automount fails with both versions of the maps. Worked fine with both
>>>openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
>>>
>>>[sssd]
>>>services = nss, pam, autofs
>>>config_file_version = 2
>>>domains = hh3.site
>>>[nss]
>>>[pam]
>>>[domain/hh3.site]
>>>id_provider = ad
>>>auth_provider = ad
>>>access_provider = ad
>>>ldap_id_mapping = False
>>>[autofs]
>>
>> #start_block
>>>autofs_provider=ldap
>>>ldap_autofs_search_base =
>>>CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site
>>>ldap_autofs_map_object_class = nisMap
>>>ldap_autofs_entry_object_class = nisObject
>>>ldap_autofs_map_name = nisMapName
>>>ldap_autofs_entry_key = cn
>>>ldap_autofs_entry_value = nisMapEntry
>> #end_block
>> ^^^^^^^^^^
>>All these options should be in domain section. (man sssd.conf and man
>>sssd-ldap
>>
>>>
>>>#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
>>>#ldap_autofs_map_object_class = automountMap
>>>#ldap_autofs_entry_object_class = automount
>>>#ldap_autofs_map_name = automountMapName
>>>#ldap_autofs_entry_key = automountKey
>>>#ldap_autofs_entry_value = automountInformation
>>>
>>>
>>>[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend
>>>target.
>>>(Thu May 22 22:29:03 2014) [sssd[autofs]]
>>>[lookup_automntmap_cache_updated]
>>>(0x0020): Unable to get information from Data Provider
>>>Error: 3, 19, Autofs back end target is not configured
>>>Will try to return what we have in cache
>>>(Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step]
>>>(0x0080):
>>>No automount map [auto.master] in cache for domain [hh3.site]
>>
>>LS
>
>Hi
>Moved to domain section:
>
>[sssd]
>services = nss, pam, autofs
>config_file_version = 2
>domains = hh3.site
>[nss]
>[pam]
>[autofs]
>
>[domain/hh3.site]
>id_provider = ad
>auth_provider = ad
>access_provider = ad
>ldap_id_mapping = False
>autofs_provider=ldap
>
>ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
>ldap_autofs_map_object_class = automountMap
>ldap_autofs_entry_object_class = automount
>ldap_autofs_map_name = automountMapName
>ldap_autofs_entry_key = automountKey
>ldap_autofs_entry_value = automountInformation
>
>but, upon restarting both sssd and autofs:
>
>(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step]
>(0x0080): No automount map [auto.master] in cache for domain [hh3.site]
>(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
>[sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap:
>Operations error(1), 00002020: Operation unavailable without authentication
>(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
>[sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv
>failed [5]: Error de entrada/salida
>(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
>[sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap:
>Operations error(1), 00002020: Operation unavailable without authentication
>(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
>[sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv
>failed [5]: Error de entrada/salida
>(Fri May 23 07:30:54 2014) [sssd[autofs]]
>[lookup_automntmap_cache_updated] (0x0020): Unable to get information
>from Data Provider
>Error: 3, 5, Error de entrada/salida
>Will try to return what we have in cache
>(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step]
>(0x0080): No automount map [auto.master] in cache for domain [hh3.site]
>
>Any ideas?
>What changed between 1.11.4 and 1.11.5?
>Thanks,
- - -
OK
Have added the ldap sasl and keytab lines and now the mounts appear:
auto.shared on /home/shared type autofs
(rw,relatime,fd=7,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect)
auto.users on /home/users type autofs
(rw,relatime,fd=14,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect)
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = hh3.site
[nss]
[pam]
[autofs]
[domain/hh3.site]
autofs_provider = ldap
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
ldap_sasl_mech = gssapi
ldap_sasl_authid = CATRAL$
krb5_keytab = /etc/krb5.keytab
ldap_krb5_init_creds = true
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation
But if I login as my domain user and aattempt to automout e.g. my
home directory, it does not automount:
getent passwd steve2
steve2:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search]
(0x0100): Requesting info for [3000021(a)hh3.site]
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search]
(0x0080): No matching domain found for [3000021]
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search]
(0x0100): Requesting info for [20513(a)hh3.site]
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search]
(0x0080): No matching domain found for [20513]
(Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process]
(0x0080): No key named [steve2] found
(Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process]
(0x0080): No key named [/] found
In other words, the works fine with 1.9.6. How do I translate it to
ad with 1.11.5?
Are you sure that swapping just the sssd version makes your setup works
with identical autofs configuration and sssd.conf? When looking for
'what broke my setup', it's best to only change one component at a time.
I don't think we did many changes to autofs between 1.9 and 1.11, so I'm
a bit surprised something is not working.
Can you see the maps you expect when you run automounter -m ?
Can you paste the complete logs (domain and autofs) after you restart
automounter, which should re-read all maps, including when you request
the map?
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = default
[nss]
[pam]
[autofs]
[domain/default]
ldap_schema = rfc2307bis
access_provider = simple
enumerate = FALSE
cache_credentials = true
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
krb5_realm = HH3.SITE
krb5_server = hh16.hh3.site
krb5_kpasswd = hh16.hh3.site
ldap_referrals = false
ldap_uri = ldap://hh16.hh3.site/
ldap_search_base = dc=hh3,dc=site
ldap_user_object_class = user
ldap_user_name = samAccountName
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = loginShell
ldap_group_object_class = group
ldap_group_search_base = dc=hh3,dc=site
ldap_group_name = cn
ldap_group_member = member
ldap_sasl_mech = gssapi
ldap_sasl_authid = ALTET$
krb5_keytab = /etc/krb5.keytab
ldap_krb5_init_creds = true
autofs_provider = ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation
krb5_kdcip =
Drop this option, kdcip has been deprecated for years.
krb5_validate = False
krb5_renewable_lifetime = 1d
krb5_lifetime = 1d
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users