On su, 24 touko 2020, Klaus Vink Slott via FreeIPA-users wrote:
Thanks Alexander - I stand corrected. Sorry my limited english made draw
faulty assumptions.
On 24.05.2020 15.46, Alexander Bokovoy wrote:
On su, 24 touko 2020, Klaus Vink Slott via FreeIPA-users wrote:
Now moving to Centos 8 I found warnings in nsswitch, not to edit it
directly, so I revisited this oddity. I found that according to
Redhat(1) authselect should not be used anyway, when IPA is in charge.
But the setup made by ipa-client-automount also had the same problem:
sss before files.
This is not a correct statement, from your side, at least. The
documentation doesn't make it clear but internally in IPA authselect is
used to maintain predefined configuration that IPA relies on. It meant
to explain that you should not modify authselect profile chosen by IPA
installers to avoid breaking those assumptions.
I see. That makes a lot more sense - But still my problem remains.
Actually, I dont mind which one is consulted first, I have no mixed
maps. But to me it seems that when sss is consulted first, auto.master
is not used at all.
Is this a in my setup or in Centos/Redhat - or am I missing something?
I don't think this is correct either. By default, automount(8) would
read /etc/auto.master file which, in default configuration,
includes any maps from /etc/auto.master.d directory and then auto.master
map found from nsswitch.
Below is a snippet of /etc/auto.master I have on RHEL 8:
..
That looks very much like mine (as distributed with Centos). I have
placed my additions in /etc/auto.master.d/userdirs.autofs
Now if I add a line into /etc/auto.master:
# Sample auto.master file
# This is a 'master' automounter map and it has the following format:
# mount-point [map-type[,format]:]map [options]
# For details of the format look at auto.master(5).
THIS IS AN ERROR!!
#
and restarting autofs with "automount: files sss" debug log shows:
maj 24 16:55:03 ctws.busene.vink-slott.dk automount[9777]: syntax error
in map near [ THIS IS AN ERROR!! ]
If I rearrange nsswitch as configured by ip-client-automount there is no
sign of my deliberate error, and my files based mount does not work
either. Full autofs debug logs can be found here:
https://vink-slott.dk/autofilessss.txt
https://vink-slott.dk/autosssfiles.txt
If I made some configuration error on the IPA side, could that end up in
some other log? Maybee If some config received from ipa made autofs
choke so it would not read the rest .. just guessing here.
Any suggestions on how to make it work, or should I just continue to
edit /etc/nsswitch to force it to read my files first. Everything else
seem to work if I do so.
In case of IPA, SSSD does deliver all the maps. So I would look at the
SSSD debug logs to be able to find out if something is broken and
handover to the next module in nsswitch does not happen.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
