What you are asking for can’t work as automounter:

1.       Has no idea from which domain the mount request coming from (it only 
sees – hey, mount /a/b for me)

2.       Can be used for other mounts, not just user home areas so it does not 
make much sense here either


From: Roger Martensson [mailto:roger.martens...@gmail.com]
Sent: Friday, March 02, 2018 2:33 PM
To: sssd-users@lists.fedorahosted.org
Subject: [SSSD-users] autofs in a AD-forest

I'm experiencing something that I'm not sure is as expected or not.
First some data:
OS: Ubuntu 16.04
SSSD Version: 1.13.4

I have managed to set up a SSSD against a AD-subdomain. NSS-lookup works. Can 
use 'userid', 'use...@subdomain1.domain.tld' and UPN when looking up an ID.
I have set up a auto_home hierarchy in AD on subdomain1.domain.tld and managed 
to get AutoFS to work using this and get a working homedirectory using autofs 
and NFS.
When I do this with a user in an another subdomain in the forest 
(subdomain2.domain.tld) I get into trouble. ID-lookup works like a charm. I 
have also set up a auto_home-hierarchy in this other subdomain.

When looking in the logs is looks like the implementation of autofs only uses 
the domain the SSSD is connected to. Not a single mention in the logs about the 
other subdomain regarding to autofs.
Is it correct to assume that autofs in multiple domains in a forest doesn't 
work or am I doing something wrong?
My sssd.conf looks like this. (some names have been changed to protect the 

access_provider = ad
ad_domain = subdomain1.domain.tld
ad_hostname = client1.subdomain1.domain.tld
autofs_provider = ad
cache_credentials = True
debug_level = 8
default_shell = /bin/bash
fallback_homedir = /userhome/%u
id_provider = ad
krb5_store_password_if_offline = True
ldap_id_mapping = False
mkhomedir = false
realmd_tags = manages-system joined-with-adcli

config_file_version = 2
domains = subdomain1.domain.tld
services = nss,pam,autofs


The information contained in this e-mail and in any attachments is confidential 
and is designated solely for the attention of the intended recipient(s). If you 
are not an intended recipient, you must not use, disclose, copy, distribute or 
retain this e-mail or any part thereof. If you have received this e-mail in 
error, please notify the sender by return e-mail and delete all copies of this 
e-mail from your computer system(s). Please direct any additional queries to: 
communicati...@s3group.com. Thank You. Silicon and Software Systems Limited (S3 
Group). Registered in Ireland no. 378073. Registered Office: South County 
Business Park, Leopardstown, Dublin 18.
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

Reply via email to