I have managed to setup ldap authentication. but I do not manage to have the home directories automatically mount when logged in.
the auto.master and auto.home are stored in the ldap.
this is my sssd.conf:
[sssd]
config_file_version = 2
services = nss, sudo, pam, autofs
domains = default
[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
[pam]
reconnection_retries = 3
offline_credentials_expiration = 2
offline_failed_login_attempts = 3
offline_failed_login_delay = 5
[domain/default]
ldap_tls_reqcert = never
auth_provider = ldap
ldap_search_base = dc=domain,dc=net
ldap_group_member = uniquemember
id_provider = ldap
ldap_id_use_start_tls = True
chpass_provider = ldap
ldap_uri = ldaps://ldapsrv.domain.net
ldap_chpass_uri = ldaps://ldapsrv.domain.net
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
entry_cache_timeout = 600
ldap_network_timeout = 3
sudo_provider = ldap
ldap_sudo_search_base = ou=SUDOers,dc=domain,dc=net
debug_level = 9
#autofs
autofs_provider = ldap
ldap_autofs_search_base = dc=domain,dc=net
ldap_autofs_map_object_class = nisMap
ldap_autofs_entry_object_class = nisObject
ldap_autofs_map_name = nisMapName
ldap_autofs_entry_key = cn
ldap_autofs_entry_value = nisMapEntry
[sudo]
debug_level = 9
[autofs]
debug_level = 9
I can login using the ldap credentials do sudo but cannot mount the homedir that are shared by nfs on the ldap server.
it seems it read the auto.master from ldap but fails after… tried ldap and ldaps.
lookup_nss_read_map: reading map ldap ldap:nisMapName=auto.home,domain.net
parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:nisMapName=auto.home,domain.net".
parse_server_string: lookup(ldap): server "(default)", base dn "nisMapName=auto.home,domain.net"
parse_ldap_config: lookup(ldap): ldap authentication configured with the following options:
parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 4, sasl_mech: (null)
parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null)
do_init: parse(sun): init gathered global options: (null)
read_one_map: map read not needed, so not done
mounted indirect on /export/home with timeout 300, freq 75 seconds
st_ready: st_ready(): state = 0 path /export/home
st_expire: state 1 path /misc
expire_proc: exp_proc = 140100367800064 path /misc
expire_cleanup: got thid 140100367800064 path /misc stat 0
expire_cleanup: sigchld: exp 140100367800064 finished, switching from 2 to 1
st_ready: st_ready(): state = 2 path /misc
handle_packet: type = 3
handle_packet_missing_indirect: token 582, name testuser, request pid 15127
attempting to mount entry /export/home/testuser
lookup_mount: lookup(ldap): looking up testuser
do_bind: lookup(ldap): auth_required: 4, sasl_mech (null)
get_server_SASL_mechanisms: Can't contact LDAP server
do_bind: lookup(ldap): autofs_sasl_bind returned -1
do_bind: lookup(ldap): auth_required: 4, sasl_mech (null)
get_server_SASL_mechanisms: Can't contact LDAP server
do_bind: lookup(ldap): autofs_sasl_bind returned -1
lookup(ldap): couldn't connect to server default
lookup(ldap): lookup for testuser failed: connection failed
this is my ldap entries:
dn: nisMapName=auto.home,dc=domain,dc=net
objectClass: top
objectClass: nisMap
nisMapName: auto.home
dn: cn=*,nisMapName=auto.home,dc=domain,dc=net
objectClass: nisObject
cn: *
nisMapEntry: -rw,sync ldapsrv.domain.net:/export/home/&
nisMapName: auto.home
dn: nisMapName=auto.master,dc=domain,dc=net
objectClass: top
objectClass: nisMap
nisMapName: auto.master
dn: cn=/export/home,nisMapName=auto.master,dc=domain,dc=net
objectClass: nisObject
cn: /export/home
nisMapName: auto.master
nisMapEntry: ldap:nisMapName=auto.home,dc=domain,dc=net
thanks
Best Answer
According to messages like
lookup(ldap): couldn't connect to server defaultyournsswitch.confdoesn't usesssforautomount, but the native LDAP connector,ldap. Either usesssforautomountor configure automounter to lookup the maps directly.