Hello,
I have been struggling for some days now, trying to use sssd with a Active
Directory (Windows 2008 R2).
I used *realm* command as explained here
https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server
I followed this post
https://ovalousek.wordpress.com/2015/08/03/autofs
<
https://ovalousek.wordpress.com/2015/08/03/autofs> but I am unable to make
it work.
So far, I can log in, and apply the sudoers rules but the automount won't
work.
OS : Fedora 20
sssd-common-pac-1.11.7-5.fc20.x86_64
sssd-proxy-1.11.7-5.fc20.x86_64
python-sssdconfig-1.11.7-5.fc20.noarch
sssd-tools-1.11.7-5.fc20.x86_64
sssd-common-1.11.7-5.fc20.x86_64
sssd-krb5-1.11.7-5.fc20.x86_64
sssd-1.11.7-5.fc20.x86_64
sssd-ldap-1.11.7-5.fc20.x86_64
sssd-ipa-1.11.7-5.fc20.x86_64
sssd-ad-1.11.7-5.fc20.x86_64
sssd-krb5-common-1.11.7-5.fc20.x86_64
sssd-client-1.11.7-5.fc20.x86_64
Any ideas ? Thank you.
*autofs OU:*
dn: OU=autofs,DC=ad,DC=mikdom,DC=org
objectClass: top
objectClass: organizationalUnit
dn: CN=auto.master,OU=autofs,DC=ad,DC=mikdom,DC=org
objectClass: top
objectClass: nisMap
cn: auto.master
nisMapName: auto.master
dn: CN=/homes,CN=auto.master,OU=autofs,DC=ad,DC=mikdom,DC=org
objectClass: top
objectClass: nisObject
cn: /homes
nisMapName: auto.master
nisMapEntry: ldap:cn=auto.home,ou=autofs,dc=ad,mikdom,dc=org
dn: CN=auto.home,OU=autofs,DC=ad,DC=mikdom,DC=org
objectClass: top
objectClass: nisMap
cn: auto.home
nisMapName: auto.home
dn: CN=/,CN=auto.home,OU=autofs,DC=ad,DC=mikdom,DC=org
objectClass: top
objectClass: nisObject
cn: /
nisMapName: auto.home
nisMapEntry: -fstype=nfs homeserv:/vol/homes/&
*sssd config file :*
[sssd]
domains =
ad.mikdom.org
config_file_version = 2
services = nss, pam, autofs, sudo
[pam]
[nss]
[
domain/ad.mikdom.org]
ad_server =
myactived.ad.mikdom.org
ad_domain =
ad.mikdom.org
access_provider = ad
auth_provider = ad
access_provider = ad
krb5_realm =
AD.MIKDOM.ORG
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
fallback_homedir = /home/%u
use_fully_qualified_names = False
#sudo
sudo_provider = ad
ldap_sudo_search_base = ou=SUDOers,dc=ad,dc=mikdom,dc=org
ldap_sudo_full_refresh_interval = 86400
ldap_sudo_smart_refresh_interval = 3600
#autofs
ldap_schema = rfc2307
autofs_provider = ldap
ldap_autofs_entry_key = cn
ldap_autofs_entry_object_class = nisObject
ldap_autofs_entry_value = nisMapEntry
ldap_autofs_map_name = nisMapName
ldap_autofs_map_object_class = nisMap
ldap_autofs_search_base = ou=autofs,dc=ad,dc=mikdom,dc=org
[autofs]
*sssd debug :*
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [fo_set_port_status]
(0x0100): Marking port 389 of server 'myactived.ad.mikdom.org' as
'working'
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]]
[set_server_common_status] (0x0100): Marking server 'myactived.ad.mikdom.org'
as 'working'
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]]
[sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap:
Operations error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In orde
r to perform this operation a successful bind must be completed on the
connection., data 0, v1db1
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]]
[sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [5]:
Input/output error
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]]
[sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed
[5]: Input/output error
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_id_op_done]
(0x0200): communication error on cached connection, moving to next server
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]]
[fo_resolve_service_send] (0x0100): Trying to resolve service 'LDAP'
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [resolve_srv_send]
(0x0200): The status of SRV lookup is resolved
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]]
[be_resolve_server_process] (0x0200): Found address for server
myactived.ad.mikdom.org: [192.168.200.245] TTL 3600
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]]
[sdap_get_server_opts_from_rootdse] (0x0100): Setting AD compatibility
level to [4]
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_cli_auth_step]
(0x0100): expire timeout is 900
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [fo_set_port_status]
(0x0100): Marking port 389 of server 'myactived.ad.mikdom.org' as
'working'
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]]
[set_server_common_status] (0x0100): Marking server 'myactived.ad.mikdom.org'
as 'working'
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]]
[sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap:
Operations error(1), 000004DC: LdapErr: DSID-0C0906E8, comment: In orde
r to perform this operation a successful bind must be completed on the
connection., data 0, v1db1
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]]
[sdap_get_generic_done] (0x0100): sdap_get_generic_ext_recv failed [5]:
Input/output error
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]]
[sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv failed
[5]: Input/output error
(Thu Sep 24 16:17:42 2015) [sssd[be[ad.mikdom.org]]] [sdap_id_op_done]
(0x0200): communication error on cached connection, moving to next server
(Thu Sep 24 16:17:42 2015) [sssd[autofs]] [lookup_automntmap_cache_updated]
(0x0020): Unable to get information from Data Provider
Error: 3, 5, Input/output error
Will try to return what we have in cache