Мне удалось настроить аутентификацию ldap. но мне не удается автоматически монтировать домашние каталоги при входе в систему.
auto.master и auto.home хранятся в ldap.
это мой sssd.conf:
[sssd]
config_file_version = 2
services = nss, sudo, pam, autofs
domains = default
[nss]
filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd
[pam]
reconnection_retries = 3
offline_credentials_expiration = 2
offline_failed_login_attempts = 3
offline_failed_login_delay = 5
[domain/default]
ldap_tls_reqcert = never
auth_provider = ldap
ldap_search_base = dc=domain,dc=net
ldap_group_member = uniquemember
id_provider = ldap
ldap_id_use_start_tls = True
chpass_provider = ldap
ldap_uri = ldaps://ldapsrv.domain.net
ldap_chpass_uri = ldaps://ldapsrv.domain.net
cache_credentials = True
ldap_tls_cacertdir = /etc/openldap/cacerts
entry_cache_timeout = 600
ldap_network_timeout = 3
sudo_provider = ldap
ldap_sudo_search_base = ou=SUDOers,dc=domain,dc=net
debug_level = 9
#autofs
autofs_provider = ldap
ldap_autofs_search_base = dc=domain,dc=net
ldap_autofs_map_object_class = nisMap
ldap_autofs_entry_object_class = nisObject
ldap_autofs_map_name = nisMapName
ldap_autofs_entry_key = cn
ldap_autofs_entry_value = nisMapEntry
[sudo]
debug_level = 9
[autofs]
debug_level = 9
Я могу войти в систему, используя учетные данные ldap do sudo, но не могу смонтировать домашний каталог, который совместно используется nfs на сервере ldap.
кажется, он читает auto.master из ldap, но терпит неудачу после ... попробовал ldap и ldaps.
lookup_nss_read_map: reading map ldap ldap:nisMapName=auto.home,domain.net
parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:nisMapName=auto.home,domain.net".
parse_server_string: lookup(ldap): server "(default)", base dn "nisMapName=auto.home,domain.net"
parse_ldap_config: lookup(ldap): ldap authentication configured with the following options:
parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 4, sasl_mech: (null)
parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null)
do_init: parse(sun): init gathered global options: (null)
read_one_map: map read not needed, so not done
mounted indirect on /export/home with timeout 300, freq 75 seconds
st_ready: st_ready(): state = 0 path /export/home
st_expire: state 1 path /misc
expire_proc: exp_proc = 140100367800064 path /misc
expire_cleanup: got thid 140100367800064 path /misc stat 0
expire_cleanup: sigchld: exp 140100367800064 finished, switching from 2 to 1
st_ready: st_ready(): state = 2 path /misc
handle_packet: type = 3
handle_packet_missing_indirect: token 582, name testuser, request pid 15127
attempting to mount entry /export/home/testuser
lookup_mount: lookup(ldap): looking up testuser
do_bind: lookup(ldap): auth_required: 4, sasl_mech (null)
get_server_SASL_mechanisms: Can't contact LDAP server
do_bind: lookup(ldap): autofs_sasl_bind returned -1
do_bind: lookup(ldap): auth_required: 4, sasl_mech (null)
get_server_SASL_mechanisms: Can't contact LDAP server
do_bind: lookup(ldap): autofs_sasl_bind returned -1
lookup(ldap): couldn't connect to server default
lookup(ldap): lookup for testuser failed: connection failed
это мои записи ldap:
dn: nisMapName=auto.home,dc=domain,dc=net
objectClass: top
objectClass: nisMap
nisMapName: auto.home
dn: cn=*,nisMapName=auto.home,dc=domain,dc=net
objectClass: nisObject
cn: *
nisMapEntry: -rw,sync ldapsrv.domain.net:/export/home/&
nisMapName: auto.home
dn: nisMapName=auto.master,dc=domain,dc=net
objectClass: top
objectClass: nisMap
nisMapName: auto.master
dn: cn=/export/home,nisMapName=auto.master,dc=domain,dc=net
objectClass: nisObject
cn: /export/home
nisMapName: auto.master
nisMapEntry: ldap:nisMapName=auto.home,dc=domain,dc=net
Спасибо
Согласно сообщениям типа lookup(ldap): couldn't connect to server default
ваш nsswitch.conf
не использует sss
для automount
, но собственный соединитель LDAP, ldap
. Либо используйте sss
для automount
или настройте автомонтирование для прямого просмотра карт.