Hi.
What you are asking for can’t work as automounter:
1. Has no idea from which domain the mount request coming from (it only
sees – hey, mount /a/b for me)
2. Can be used for other mounts, not just user home areas so it does not
make much sense here either
Ondrej
From: Roger Martensson [mailto:roger.martens...@gmail.com]
Sent: Friday, March 02, 2018 2:33 PM
To: sssd-users@lists.fedorahosted.org
Subject: [SSSD-users] autofs in a AD-forest
Hi!
I'm experiencing something that I'm not sure is as expected or not.
First some data:
OS: Ubuntu 16.04
SSSD Version: 1.13.4
I have managed to set up a SSSD against a AD-subdomain. NSS-lookup works. Can
use 'userid', 'use...@subdomain1.domain.tld' and UPN when looking up an ID.
I have set up a auto_home hierarchy in AD on subdomain1.domain.tld and managed
to get AutoFS to work using this and get a working homedirectory using autofs
and NFS.
When I do this with a user in an another subdomain in the forest
(subdomain2.domain.tld) I get into trouble. ID-lookup works like a charm. I
have also set up a auto_home-hierarchy in this other subdomain.
When looking in the logs is looks like the implementation of autofs only uses
the domain the SSSD is connected to. Not a single mention in the logs about the
other subdomain regarding to autofs.
Is it correct to assume that autofs in multiple domains in a forest doesn't
work or am I doing something wrong?
My sssd.conf looks like this. (some names have been changed to protect the
innocent)
[domain/subdomain1.domain.tld]
access_provider = ad
ad_domain = subdomain1.domain.tld
ad_hostname = client1.subdomain1.domain.tld
autofs_provider = ad
cache_credentials = True
debug_level = 8
default_shell = /bin/bash
fallback_homedir = /userhome/%u
id_provider = ad
krb5_realm = SUBDOMAIN1.DOMAIN.TLD
krb5_store_password_if_offline = True
ldap_id_mapping = False
mkhomedir = false
realmd_tags = manages-system joined-with-adcli
[sssd]
config_file_version = 2
domains = subdomain1.domain.tld
services = nss,pam,autofs
-----
The information contained in this e-mail and in any attachments is confidential
and is designated solely for the attention of the intended recipient(s). If you
are not an intended recipient, you must not use, disclose, copy, distribute or
retain this e-mail or any part thereof. If you have received this e-mail in
error, please notify the sender by return e-mail and delete all copies of this
e-mail from your computer system(s). Please direct any additional queries to:
communicati...@s3group.com. Thank You. Silicon and Software Systems Limited (S3
Group). Registered in Ireland no. 378073. Registered Office: South County
Business Park, Leopardstown, Dublin 18.
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
