Hello,
I am setting up an openldap to authenticate linux hosts instead of flat passwd files.
I have managed to get authentication ok. the sudoers also are OK in the ldap
I also have the autofs maps in the ldap but sssd is not getting it and mounting the folders when I log in.
these are my configs:
nsswitch.conf:
my sssd.conf:
Code:
[sssd]
config_file_version = 2
services = nss, sudo, pam, autofs
domains = default
[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
[pam]
reconnection_retries = 3
offline_credentials_expiration = 2
offline_failed_login_attempts = 3
offline_failed_login_delay = 5
[domain/default]
ldap_tls_reqcert = never
auth_provider = ldap
ldap_search_base = dc=exemple,dc=net
ldap_group_member = uniquemember
id_provider = ldap
ldap_id_use_start_tls = True
chpass_provider = ldap
ldap_uri = ldaps://cjlipoc01.exemple.net
ldap_chpass_uri = ldaps://cjlipoc01.exemple.net
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
entry_cache_timeout = 600
ldap_network_timeout = 3
sudo_provider = ldap
ldap_sudo_search_base = ou=SUDOers,dc=exemple,dc=net
debug_level = 6
#autofs
autofs_provider = ldap
ldap_autofs_search_base = dc=exemple,dc=net
ldap_autofs_map_object_class = nisMap
ldap_autofs_entry_object_class = nisObject
ldap_autofs_map_name = nisMapName
ldap_autofs_entry_key = cn
ldap_autofs_entry_value = nisMapEntry
[sudo]
[autofs]
debug_level = 6
these are the ldap entries concerning the maps in openldap.
Code:
dn: nisMapName=auto.home,dc=exemple,dc=net
objectClass: top
objectClass: nisMap
nisMapName: auto.home
dn: cn=*,nisMapName=auto.home,dc=exemple,dc=net
objectClass: nisObject
cn: *
nisMapEntry: -rw,sync cjlipoc01:/export/home/&
nisMapName: auto.home
dn: nisMapName=auto.master,dc=exemple,dc=net
objectClass: top
objectClass: nisMap
nisMapName: auto.master
dn: cn=/export/home,nisMapName=auto.master,dc=exemple,dc=net
objectClass: nisObject
cn: /export/home
nisMapName: auto.master
nisMapEntry: ldaps:/nisMapName=auto.home,dc=exemple,dc=net
i do not see anything in the logs sssd_default or sssd_autofs with an error message or anything else.
I do not have any kind of kerberos authentication or anything else, just pure ldap
I have been trying to get this sorted for a few weeks but really do not know what is
wrong.
when i run automount -m on the client i see this on sssd_autofs.log:
Code:
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [accept_fd_handler] (0x0400): Client connected!
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sss_cmd_get_version] (0x0200): Received client version [1].
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sss_cmd_get_version] (0x0200): Offered version [1].
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sss_autofs_cmd_setautomntent] (0x0400): Got request for automount map named auto.master
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sss_parse_name_for_domains] (0x0200): name 'auto.master' matched without domain, user is auto.master
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [setautomntent_send] (0x0400): Requesting info for automount map [auto.master] from [<ALL>]
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [auto.master@default]
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sss_dp_issue_request] (0x0400): Issuing request for [0x407670:0:auto.master@default]
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sss_dp_get_autofs_msg] (0x0400): Creating autofs request for [default][4105][mapname=auto.master]
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sss_dp_internal_get_send] (0x0400): Entering request [0x407670:0:auto.master@default]
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [auto.master@default]
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sysdb_autofs_entries_by_map] (0x0400): Getting entries for map auto.master
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [lookup_automntmap_step] (0x0400): setautomntent done for map auto.master
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sss_autofs_cmd_setautomntent_done] (0x0400): setautomntent found data
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x407670:0:auto.master@default]
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sss_autofs_cmd_getautomntent] (0x0400): Requested data of map auto.master cursor 0 max entries 512
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sss_autofs_cmd_getautomntent] (0x0400): Requested data of map auto.master cursor 1 max entries 512
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [getautomntent_process] (0x0080): No entries found
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [sss_autofs_cmd_endautomntent] (0x0400): endautomntent called
(Tue Sep 12 10:40:34 2017) [sssd[autofs]] [client_recv] (0x0200): Client disconnected!
any help is appreciated.
kind regards
