On 23/05/14 10:53, Jakub Hrozek wrote:
On Fri, May 23, 2014 at 07:38:43AM +0200, steve wrote:
On 22/05/14 23:04, Lukas Slebodnik wrote:
On (22/05/14 22:36), steve wrote:
automount fails with both versions of the maps. Worked fine with both
openSUSE 13.1 and Ubuntu 14.04 with sssd 1.11.4
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = hh3.site
[nss]
[pam]
[domain/hh3.site]
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
[autofs]
#start_block
autofs_provider=ldap
ldap_autofs_search_base =
CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site
ldap_autofs_map_object_class = nisMap
ldap_autofs_entry_object_class = nisObject
ldap_autofs_map_name = nisMapName
ldap_autofs_entry_key = cn
ldap_autofs_entry_value = nisMapEntry
#end_block
^^^^^^^^^^
All these options should be in domain section. (man sssd.conf and man sssd-ldap
#ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
#ldap_autofs_map_object_class = automountMap
#ldap_autofs_entry_object_class = automount
#ldap_autofs_map_name = automountMapName
#ldap_autofs_entry_key = automountKey
#ldap_autofs_entry_value = automountInformation
[sssd[be[hh3.site]]] [be_autofs_handler] (0x0020): Undefined backend target.
(Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_cache_updated]
(0x0020): Unable to get information from Data Provider
Error: 3, 19, Autofs back end target is not configured
Will try to return what we have in cache
(Thu May 22 22:29:03 2014) [sssd[autofs]] [lookup_automntmap_step] (0x0080):
No automount map [auto.master] in cache for domain [hh3.site]
LS
Hi
Moved to domain section:
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = hh3.site
[nss]
[pam]
[autofs]
[domain/hh3.site]
id_provider = ad
auth_provider = ad
access_provider = ad
ldap_id_mapping = False
autofs_provider=ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation
but, upon restarting both sssd and autofs:
(Fri May 23 07:30:54 2014) [sssd[autofs]] [lookup_automntmap_step]
(0x0080): No automount map [auto.master] in cache for domain
[hh3.site]
(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
[sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap:
Operations error(1), 00002020: Operation unavailable without
authentication
(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
[sdap_autofs_setautomntent_done] (0x0040): sdap_get_automntmap_recv
failed [5]: Error de entrada/salida
(Fri May 23 07:30:54 2014) [sssd[be[hh3.site]]]
[sdap_get_generic_ext_done] (0x0040): Unexpected result from ldap:
Operations error(1), 00002020: Operation unavailable without
authentication
I know you figured out already, but for reference and anyone else
reading the thread -- even if id_provider=ad would select the right
authentication options, other provider set to ldap (like
autofs_provider=ldap, others had same problems with sudo) would select
the LDAP defaults again, which is anonymous binds.
We should implement autofs_provider=ad one of these days..
That would be great. Meanwhile, try as we may, we can't get it more
minimalist than this:
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = default
[nss]
[pam]
[autofs]
[domain/default]
dyndns_update_ptr=true
ad_hostname = lubuntu-laptop.hh3.site
ad_server = hh16.hh3.site
ad_domain = hh3.site
ldap_schema = ad
id_provider = ad
access_provider = ad
auth_provider = ad
chpass_provider = ad
ldap_id_mapping=false
ldap_sasl_mech = gssapi
ldap_sasl_authid = [email protected]
krb5_keytab = /etc/krb5.keytab
ldap_krb5_init_creds = true
autofs_provider=ldap
autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation
Would it be possible to include the PTR update as part of the ad backend?
Cheers,
Steve
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
