Re: [SSSD-users] autofs fails after update to 1.11.5

Fri, 23 May 2014 00:20:26 -0700 

On 23/05/14 07:38, steve wrote:

On 22/05/14 23:04, Lukas Slebodnik wrote:

On (22/05/14 22:36), steve wrote:

automount fails with both versions of the maps. Worked fine with both
openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4

[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = hh3.site
[nss]
[pam]
[domain/hh3.site]
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
[autofs]


  #start_block

autofs_provider=ldap
ldap_autofs_search_base =
CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site
ldap_autofs_map_object_class = nisMap
ldap_autofs_entry_object_class = nisObject
ldap_autofs_map_name = nisMapName
ldap_autofs_entry_key = cn
ldap_autofs_entry_value = nisMapEntry

  #end_block
  ^^^^^^^^^^
All these options should be in domain section. (man sssd.conf and man
sssd-ldap



#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
#ldap_autofs_map_object_class = automountMap
#ldap_autofs_entry_object_class = automount
#ldap_autofs_map_name = automountMapName
#ldap_autofs_entry_key = automountKey
#ldap_autofs_entry_value = automountInformation


[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend
target.
(Thu May 22 22:29:03 2014) [sssd[autofs]]
[lookup_automntmap_cache_updated]
(0x0020): Unable to get information from Data Provider
Error: 3, 19, Autofs back end target is not configured
Will try to return what we have in cache
(Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step]
(0x0080):
No automount map [auto.master] in cache for domain [hh3.site]


LS


Hi
Moved to domain section:

[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = hh3.site
[nss]
[pam]
[autofs]

[domain/hh3.site]
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
autofs_provider=ldap

ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation

but, upon restarting both sssd and autofs:

(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step]
(0x0080): No automount map [auto.master] in cache for domain [hh3.site]
(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
[sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap:
Operations error(1), 00002020: Operation unavailable without authentication
(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
[sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv
failed [5]: Error de entrada/salida
(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
[sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap:
Operations error(1), 00002020: Operation unavailable without authentication
(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
[sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv
failed [5]: Error de entrada/salida
(Fri May 23 07:30:54 2014) [sssd[autofs]]
[lookup_automntmap_cache_updated] (0x0020): Unable to get information
from Data Provider
Error: 3, 5, Error de entrada/salida
Will try to return what we have in cache
(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step]
(0x0080): No automount map [auto.master] in cache for domain [hh3.site]

Any ideas?
What changed between 1.11.4 and 1.11.5?
Thanks,


- - -
OK
Have added the ldap sasl and keytab lines and now the mounts appear:
auto.shared on /home/shared type autofs (rw,relatime,fd=7,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect) auto.users on /home/users type autofs (rw,relatime,fd=14,pgrp=2170,timeout=600,minproto=5,maxproto=5,indirect) 

[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = hh3.site

[nss]

[pam]

[autofs]

[domain/hh3.site]

autofs_provider = ldap
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False

ldap_sasl_mech = gssapi
ldap_sasl_authid = CATRAL$
krb5_keytab = /etc/krb5.keytab
ldap_krb5_init_creds = true

ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation
But if I login as my domain user and aattempt to automout e.g. my home directory, it does not automount: 

getent passwd steve2
steve2:*:3000021:20513:steve2:/home/users/steve2:/bin/bash
(Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0100): Requesting info for [[email protected]] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getpwuid_search] (0x0080): No matching domain found for [3000021] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0100): Requesting info for [[email protected]] (Fri May 23 09:13:17 2014) [sssd[nss]] [nss_cmd_getgrgid_search] (0x0080): No matching domain found for [20513] (Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process] (0x0080): No key named [steve2] found (Fri May 23 09:13:17 2014) [sssd[autofs]] [getautomntbyname_process] (0x0080): No key named [/] found
In other words, the works fine with 1.9.6. How do I translate it to ad with 1.11.5? 

[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = default
[nss]
[pam]
[autofs]

[domain/default]
ldap_schema = rfc2307bis
access_provider = simple
enumerate = FALSE
cache_credentials = true
id_provider = ldap
auth_provider = krb5
chpass_provider = krb5
krb5_realm = HH3.SITE
krb5_server = hh16.hh3.site
krb5_kpasswd = hh16.hh3.site
ldap_referrals = false
ldap_uri = ldap://hh16.hh3.site/
ldap_search_base = dc=hh3,dc=site
ldap_user_object_class = user
ldap_user_name = samAccountName
ldap_user_uid_number = uidNumber
ldap_user_gid_number = gidNumber
ldap_user_home_directory = unixHomeDirectory
ldap_user_shell = loginShell
ldap_group_object_class = group
ldap_group_search_base = dc=hh3,dc=site
ldap_group_name = cn
ldap_group_member = member

ldap_sasl_mech = gssapi
ldap_sasl_authid = ALTET$
krb5_keytab = /etc/krb5.keytab
ldap_krb5_init_creds = true

autofs_provider = ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation
krb5_kdcip =
krb5_validate = False
krb5_renewable_lifetime = 1d
krb5_lifetime = 1d

_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Reply via email to