On Fri, 2013-09-13 at 10:34 +0100, Rowland Penny wrote: > On 13/09/13 10:23, steve wrote: > > On Fri, 2013-09-13 at 10:38 +0200, steve wrote: > >> On Fri, 2013-09-13 at 10:26 +0200, Jakub Hrozek wrote: > >>> On Fri, Sep 13, 2013 at 01:53:13AM +0200, steve wrote: > >>>> Hi > >>>> Problems with autofs on a 1.11.1 git: > >>>> > >>>> The only error I can see is this: > >>>> 2013-09-13T01:47:34.264459+02:00 catral automount[2569]: setautomntent: > >>>> lookup(sss): setautomntent: No such file or directory > >>>> > >>>> and nothing gets mounted. > >>>> > >>>> sssd starts fine. Here is the conf: > >>>> [sssd] > >>>> #debug_level = 6 > >>>> services = nss, pam, autofs > >>>> config_file_version = 2 > >>>> domains = default > >>>> > >>>> [nss] > >>>> > >>>> [pam] > >>>> > >>>> [autofs] > >>>> > >>>> [domain/default] > >>>> #debug_level=6 > >>>> dyndns_update=true > >>>> #dyndns_refresh_interval=16 > >>>> ad_hostname = catral.hh3.site > >>>> ad_server = hh16.hh3.site > >>>> ad_domain = hh3.site > >>>> ldap_schema = ad > >>>> id_provider = ad > >>>> access_provider = simple > >>>> enumerate = false > >>>> cache_credentials = true > >>>> #entry_cache_timeout = 60 > >>>> auth_provider = krb5 > >>>> chpass_provider = krb5 > >>>> krb5_realm = HH3.SITE > >>>> krb5_server = hh16.hh3.site > >>>> krb5_kpasswd = hh16.hh3.site > >>>> > >>>> ldap_id_mapping=false > >>>> ldap_referrals = false > >>>> ldap_uri = ldap://hh16.hh3.site > >>>> ldap_search_base = dc=hh3,dc=site > >>>> #ldap_tls_cacertdir = /usr/local/samba/private/tls > >>>> #ldap_id_use_start_tls = true > >>>> #entry_negative_timeout = 1 > >>>> ldap_user_object_class = user > >>>> ldap_user_name = samAccountName > >>>> ldap_user_uid_number = uidNumber > >>>> ldap_user_gid_number = gidNumber > >>>> ldap_user_home_directory = unixHomeDirectory > >>>> ldap_user_shell = loginShell > >>>> ldap_group_object_class = group > >>>> ldap_group_search_base = dc=hh3,dc=site > >>>> ldap_group_name = cn > >>>> ldap_group_member = member > >>>> > >>>> > >>>> #ldap_default_bind_dn = cn=steve2,cn=Users,dc=dolores,dc=site > >>>> #ldap_default_authtok_type = password > >>>> #ldap_default_authtok = s2 > >>>> > >>>> ldap_sasl_mech = gssapi > >>>> ldap_sasl_authid = [email protected] > >>>> #krb5_keytab = /etc/krb5.keytab > >>>> ldap_krb5_init_creds = true > >>>> > >>>> autofs_provider=ldap > >>>> > >>>> ldap_autofs_search_base = DC=hh3,DC=site > >>>> ldap_autofs_map_object_class = nisMap > >>>> ldap_autofs_entry_object_class = nisObject > >>>> ldap_autofs_map_name = nisMapName > >>>> ldap_autofs_entry_key = cn > >>>> ldap_autofs_entry_value = nisMapEntry > >>> Hi steve, > >>> > >>> was this setup working previously? > >> No, it's a new setup. We want to go from files to sss. > >>> Can you paste an example of your autofs map and entry in LDAP ? > >> dn:cn=/home/users,CN=auto.master,CN=HOME,CN=defaultMigrationContainer30,DC=hh3,DC=site > >> objectClass: top > >> objectClass: nisObject > >> cn: /home/users > >> name: /home/users > >> nisMapName: auto.master > >> nisMapEntry: auto.users > >> > >> dn: CN=auto.users,CN=HOME,CN=defaultMigrationContainer30,DC=hh3,DC=site > >> objectClass: top > >> objectClass: nisMap > >> cn: auto.users > >> name: auto.users > >> nisMapName: auto.users > >> > >> dn: > >> cn=cifsuser,CN=auto.users,CN=HOME,CN=defaultMigrationContainer30,DC=hh3,DC=site > >> objectClass: top > >> objectClass: nisObject > >> cn: cifsuser > >> name: cifsuser > >> msSFU30Name: cifsuser > >> msSFU30NisDomain: home > >> nisMapName: auto.users > >> nisMapEntry: * > >> -fstype=cifs,sec=krb5,username=cifsuser,multiuser ://altea/users/& > >> > >> Thanks, > >> Steve > > Sorry, I missed auto.master: > > > > dn: CN=auto.master,CN=HOME,CN=defaultMigrationContainer30,DC=hh3,DC=site > > objectClass: top > > objectClass: nisMap > > cn: auto.master > > name: auto.master > > > > > > > > > > > > _______________________________________________ > > sssd-devel mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/sssd-devel > Can I chime in here, I am also trying to get this to work and it isn't, > the basic setup works if I use 'automount: files ldap' in > /etc/nsswitch, but if I change ldap to sss it stops working. > > I get this in /var/log/sssd/sssd_home.lan.log: > > (Fri Sep 13 10:00:24 2013) [sssd[be[home.lan]]] [dp_get_options] > (0x0400): Option ldap_autofs_search_base has value > "CN=HOME,CN=defaultMigrationContainer30,DC=home,DC=lan" > > but further down I get: > > (Fri Sep 13 10:00:24 2013) [sssd[be[home.lan]]] [sdap_autofs_init] > (0x2000): Initializing autofs LDAP back end > (Fri Sep 13 10:00:24 2013) [sssd[be[home.lan]]] > [ldap_get_autofs_options] (0x0400): Search base not set, trying to > discover it later connecting to the LDAP server. > (Fri Sep 13 10:00:24 2013) [sssd[be[home.lan]]] > [sdap_create_search_base] (0x0020): Invalid base DN > ["CN=HOME,CN=defaultMigrationContainer30,DC=home,DC=lan"] > (Fri Sep 13 10:00:24 2013) [sssd[be[home.lan]]] > [common_parse_search_base] (0x0100): Search base added: > [AUTOFS][cn][SUBTREE][�e^E+^M^?] > (Fri Sep 13 10:00:24 2013) [sssd[be[home.lan]]] [sdap_get_map] (0x0400): > Option ldap_autofs_map_object_class has value "nisMap" > (Fri Sep 13 10:00:24 2013) [sssd[be[home.lan]]] [sdap_get_map] (0x0400): > Option ldap_autofs_map_name has value nisMapName > (Fri Sep 13 10:00:24 2013) [sssd[be[home.lan]]] [sdap_get_map] (0x0400): > Option ldap_autofs_entry_object_class has value "nisObject" > (Fri Sep 13 10:00:24 2013) [sssd[be[home.lan]]] [sdap_get_map] (0x0400): > Option ldap_autofs_entry_key has value "cn" > (Fri Sep 13 10:00:24 2013) [sssd[be[home.lan]]] [sdap_get_map] (0x0400): > Option ldap_autofs_entry_value has value "nisMapEntry" > (Fri Sep 13 10:00:24 2013) [sssd[be[home.lan]]] [be_process_init] > (0x2000): autofs backend target successfully loaded from provider [ldap]. > (Fri Sep 13 10:00:24 2013) [sssd[be[home.lan]]] [client_registration] > (0x0100): Added Frontend client [autofs] > > I can assure you that > 'CN=HOME,CN=defaultMigrationContainer30,DC=home,DC=lan' exists in my > Samba 4 AD and would appear to be the format that windows wants. > > Rowland
I got it going with sss: 2013-09-13T11:47:22.114353+02:00 catral automount[1341]: mounted indirect on /home/users with timeout 600, freq 150 seconds 2013-09-13T11:47:22.122308+02:00 catral automount[1341]: ghosting enabled 2013-09-13T11:47:22.144361+02:00 catral systemd[1]: Started Automounts filesystems on demand. The relevant bits of sssd.conf on 1.11.1 from git yesterday: services = nss, pam, autofs config_file_version = 2 domains = default [nss] [pam] [autofs] ldap_sasl_mech = gssapi ldap_sasl_authid = [email protected] ldap_krb5_init_creds = true autofs_provider=ldap ldap_autofs_search_base = CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry As it is, it only mounts one user, cifsuser for me. I suppose the next step is to get it to mount with the wild card. I thought I had that in my map but anyway, something is something. . . HTH, Steve _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
