Re: [Freeipa-users] experience using IPA in a mixed environment
Carl E. Ma wrote: Hi Rob/all, The original freeipa-client 2.1.4 on ubuntu 12.04 doesn't have ipa-client-automount command. I manually configured the autofs as following: ===*/etc/autofs_ldap_autofs*=== root@ecs-94a55510:/etc# more autofs_ldap_auth.conf ?xml version=1.0 ? !-- This files contains a single entry with multiple attributes tied to it. See autofs_ldap_auth.conf(5) for more information. -- autofs_ldap_sasl_conf usetls=yes tlsrequired=yes authrequired=yes authtype=GSSAPI clientprinc=host/ecs-94a55510.ecs.ads.xxx@ecs.ads.xxx.com credentialcache=/tmp/krb5cc_0 / ===end of autofs_ldap_autofs=== ===*/etc/default/autof**s*=== MASTER_MAP_NAME=automountmapname=auto.master,cn=default,cn=automount,dc=ecs,dc=ads,dc=xxx,dc=com LOGGING=debug MAP_OBJECT_CLASS=automountMap ENTRY_OBJECT_CLASS=automount MAP_ATTRIBUTE=automountMapName ENTRY_ATTRIBUTE=automountKey VALUE_ATTRIBUTE=automountInformation LDAP_URI=ldap://ecs-1a5d4287.ecs.ads.xxx.com; SEARCH_BASE=cn=default,cn=automount,dc=ecs,dc=ads,dc=xxx,dc=com ===end of /etc/default/autofs=== ===*/etc/nsswitch.conf*=== passwd: compat sss group: compat sss shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis sss sudoers:files ldap automount: files ldap ===end of /etc/nsswitch.conf=== ===*/etc/default/nfs-common*=== NEED_STATD= STATDOPTS= NEED_IDMAP=yes NEED_GSSD=yes ===end of nfs-common=== ===here is*/etc/auto.master*=== #cat +auto.master /etc/auto.master ===end of auto.master=== On IPA server, I add the NFS service for that client as: # ipa service-add nfs/ecs-94a55510.ecs.ads.xxx.com But none ldap automount maps are shown in automount -m output. From below syslog error messages, client server can't directly connect to IPA(ldap server) for auto.master map. *===* root@ecs-94a55510:/etc# automount -m find_server: trying server uri ldap://ecs-1a5d4287.ecs.ads.xxx.com init_ldap_connection: lookup(ldap): TLS required but START_TLS failed: Connect error lookup(ldap): couldn't connect to server ldap://ecs-1a5d4287.ecs.ads.xxx.com do_reconnect: lookup(ldap): failed to find available server autofs dump map information === global options: none configured no master map entries found In /var/log/syslog, here are the errors: Apr 19 23:09:40 ecs-94a55510 automount[17476]: parse_init: parse(sun): init gathered global options: (null) Apr 19 23:09:40 ecs-94a55510 automount[17476]: lookup_nss_read_master: reading master ldap auto.master Apr 19 23:09:40 ecs-94a55510 automount[17476]: parse_init: parse(sun): init gathered global options: (null) Apr 19 23:09:40 ecs-94a55510 automount[17476]: lookup(file): failed to read included master map auto.master *===* The same ubuntu 12.04 host, sudo also can't retrieve sudoers information from IPA server using ldap(sudo on ubuntu 12.04 doesn't support sssd), I double the problem is with ldap client function on this host. If I missed anything obvious, please let me know. Update the openldap configuration file (/etc/openldap/ldap.conf on Fedora/RHEL) and add TLS_CACERT /etc/ipa/ca.crt rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
Re: [Freeipa-users] experience using IPA in a mixed environment
Hi Rob/all, The original freeipa-client 2.1.4 on ubuntu 12.04 doesn't have ipa-client-automount command. I manually configured the autofs as following: ===*/etc/autofs_ldap_autofs*=== root@ecs-94a55510:/etc# more autofs_ldap_auth.conf ?xml version=1.0 ? !-- This files contains a single entry with multiple attributes tied to it. See autofs_ldap_auth.conf(5) for more information. -- autofs_ldap_sasl_conf usetls=yes tlsrequired=yes authrequired=yes authtype=GSSAPI clientprinc=host/ecs-94a55510.ecs.ads.xxx@ecs.ads.xxx.com credentialcache=/tmp/krb5cc_0 / ===end of autofs_ldap_autofs=== ===*/etc/default/autof**s*=== MASTER_MAP_NAME=automountmapname=auto.master,cn=default,cn=automount,dc=ecs,dc=ads,dc=xxx,dc=com LOGGING=debug MAP_OBJECT_CLASS=automountMap ENTRY_OBJECT_CLASS=automount MAP_ATTRIBUTE=automountMapName ENTRY_ATTRIBUTE=automountKey VALUE_ATTRIBUTE=automountInformation LDAP_URI=ldap://ecs-1a5d4287.ecs.ads.xxx.com; SEARCH_BASE=cn=default,cn=automount,dc=ecs,dc=ads,dc=xxx,dc=com ===end of /etc/default/autofs=== ===*/etc/nsswitch.conf*=== passwd: compat sss group: compat sss shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis sss sudoers:files ldap automount: files ldap ===end of /etc/nsswitch.conf=== ===*/etc/default/nfs-common*=== NEED_STATD= STATDOPTS= NEED_IDMAP=yes NEED_GSSD=yes ===end of nfs-common=== ===here is*/etc/auto.master*=== #cat +auto.master /etc/auto.master ===end of auto.master=== On IPA server, I add the NFS service for that client as: # ipa service-add nfs/ecs-94a55510.ecs.ads.xxx.com But none ldap automount maps are shown in automount -m output. From below syslog error messages, client server can't directly connect to IPA(ldap server) for auto.master map. *===* root@ecs-94a55510:/etc# automount -m find_server: trying server uri ldap://ecs-1a5d4287.ecs.ads.xxx.com init_ldap_connection: lookup(ldap): TLS required but START_TLS failed: Connect error lookup(ldap): couldn't connect to server ldap://ecs-1a5d4287.ecs.ads.xxx.com do_reconnect: lookup(ldap): failed to find available server autofs dump map information === global options: none configured no master map entries found In /var/log/syslog, here are the errors: Apr 19 23:09:40 ecs-94a55510 automount[17476]: parse_init: parse(sun): init gathered global options: (null) Apr 19 23:09:40 ecs-94a55510 automount[17476]: lookup_nss_read_master: reading master ldap auto.master Apr 19 23:09:40 ecs-94a55510 automount[17476]: parse_init: parse(sun): init gathered global options: (null) Apr 19 23:09:40 ecs-94a55510 automount[17476]: lookup(file): failed to read included master map auto.master *===* The same ubuntu 12.04 host, sudo also can't retrieve sudoers information from IPA server using ldap(sudo on ubuntu 12.04 doesn't support sssd), I double the problem is with ldap client function on this host. If I missed anything obvious, please let me know. thanks, carl On 14-04-07 08:28 AM, Rob Crittenden wrote: Carl E. Ma wrote: Hi, My environment has Redhat5, 6, Centos 6.x and Ubuntu 12.04. Following Redhat identity management manual, I am able to configure user authentication, kerberos NFS, SSSD and autofs on most of my systems. The only trouble is integrating ubuntu 12.04 with autofs. 1. automount in /etc/nsswitch.conf doesn't recognize sss as the name service, you need to put ldap instead. 2. automount on ubuntu 12.04 doesn't recognize the auto.master map from IPA server. On our IPA server: ipaserver# ipa automountlocation-tofiles default /etc/auto.master: /- /etc/auto.direct /home /etc/auto.home --- /etc/auto.direct: --- /etc/auto.home: * -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192 nfs:/opt/shares/home/ From ubuntu 12.04 IPA client: #automount -f -d =shows it can't find the auto.master map, in /etc/default/autofs, I tried both ways to specify the auto.master map. == #cat /etc/default/autofs | grep MASTER #MASTER_MAP_NAME=automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com MASTER_MAP_NAME=auto.master == From the error messages, it seems automount on ubuntu doesn't lookup LDAP for auto.master information. Apr 4 17:25:26 ecs-94a55510 automount[1032]: lookup(file): file map /etc/automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com missing or not readable Although I am using pam to automount user home directory, i am curious whether anyone else experienced the same problem, or maybe I missed something. Can you provide more information on how you configured automount (e.g. can we see the config files)? Did you use the ipa-client-automount command or configure things by hand? rob ___
Re: [Freeipa-users] experience using IPA in a mixed environment
Carl E. Ma wrote: Hi, My environment has Redhat5, 6, Centos 6.x and Ubuntu 12.04. Following Redhat identity management manual, I am able to configure user authentication, kerberos NFS, SSSD and autofs on most of my systems. The only trouble is integrating ubuntu 12.04 with autofs. 1. automount in /etc/nsswitch.conf doesn't recognize sss as the name service, you need to put ldap instead. 2. automount on ubuntu 12.04 doesn't recognize the auto.master map from IPA server. On our IPA server: ipaserver# ipa automountlocation-tofiles default /etc/auto.master: /- /etc/auto.direct /home /etc/auto.home --- /etc/auto.direct: --- /etc/auto.home: * -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192 nfs:/opt/shares/home/ From ubuntu 12.04 IPA client: #automount -f -d =shows it can't find the auto.master map, in /etc/default/autofs, I tried both ways to specify the auto.master map. == #cat /etc/default/autofs | grep MASTER #MASTER_MAP_NAME=automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com MASTER_MAP_NAME=auto.master == From the error messages, it seems automount on ubuntu doesn't lookup LDAP for auto.master information. Apr 4 17:25:26 ecs-94a55510 automount[1032]: lookup(file): file map /etc/automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com missing or not readable Although I am using pam to automount user home directory, i am curious whether anyone else experienced the same problem, or maybe I missed something. Can you provide more information on how you configured automount (e.g. can we see the config files)? Did you use the ipa-client-automount command or configure things by hand? rob ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
[Freeipa-users] experience using IPA in a mixed environment
Hi, My environment has Redhat5, 6, Centos 6.x and Ubuntu 12.04. Following Redhat identity management manual, I am able to configure user authentication, kerberos NFS, SSSD and autofs on most of my systems. The only trouble is integrating ubuntu 12.04 with autofs. 1. automount in /etc/nsswitch.conf doesn't recognize sss as the name service, you need to put ldap instead. 2. automount on ubuntu 12.04 doesn't recognize the auto.master map from IPA server. On our IPA server: ipaserver# ipa automountlocation-tofiles default /etc/auto.master: /- /etc/auto.direct /home /etc/auto.home --- /etc/auto.direct: --- /etc/auto.home: * -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192 nfs:/opt/shares/home/ From ubuntu 12.04 IPA client: #automount -f -d =shows it can't find the auto.master map, in /etc/default/autofs, I tried both ways to specify the auto.master map. == #cat /etc/default/autofs | grep MASTER #MASTER_MAP_NAME=automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com MASTER_MAP_NAME=auto.master == From the error messages, it seems automount on ubuntu doesn't lookup LDAP for auto.master information. Apr 4 17:25:26 ecs-94a55510 automount[1032]: lookup(file): file map /etc/automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com missing or not readable Although I am using pam to automount user home directory, i am curious whether anyone else experienced the same problem, or maybe I missed something. Thanks, carl ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
