'=?utf-8?q?=5BSSSD-users=5D?= Re: Mixing both local files and LDAP for automount maps.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sssd-users
Subject:    =?utf-8?q?=5BSSSD-users=5D?= Re: Mixing both local files and LDAP for automount maps.
From:       Prentice Bisbal <pbisbal () pppl ! gov>
Date:       2023-05-15 21:04:03
Message-ID: ca6d7811-1fcb-36d6-2f4b-ef727ab53569 () pppl ! gov
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Nevermind... I found my own answer seconds after sending the e-mail 
below.   This was working last week, but then when I put the working 
config in Ansible, I made a typo, and then ran Ansible to test my 
changes there. The automount map name is 'auto.project', not 'auto.projects'

Prentice

On 5/15/23 4:04 PM, Prentice Bisbal wrote:
>
> SSSD Users,
>
> I'm having a problem using a combination of both local files and LDAP 
> as sources for automount information.
>
> Historically, our site has always used LDAP for automount map 
> information, and all systems used the same NFS home directories.
>
> I'm now setting up a new HPC cluster, and I want the home directories 
> (mounted as /u/<username>to be local to that cluster. The home 
> directories will be provided by the master note of that cluster, but I 
> still want to use the LDAP provided mount information for our project 
> directories (mounted as /p/<project_name>. I want /etc/auto.home to be 
> consulted for /u, but use the auto.projects automountmap in LDAP for 
> /p. This should be simple, but it's not working for me:
>
> # automount -m
> autofs dump map information
> ===========================
>
> global options: none configured
>
> Mount point: /u
> source(s):
>
>     instance type(s): file
>     map: /etc/auto.home
>
>     * | ranger-master:/home/&
> Mount point: /p
>
> source(s):
>
>     instance type(s): sss
>     map: auto.projects
>
>     no keys found in map
>
> I created this /etc/auto.master file:
>
> /u        /etc/auto.home
> /p       auto.projects
>
> And have this in my /etc/auto.home:
>
> *       cluster-master:/home/&
>
> I could swear this worked last week, but is not working now. My 
> /etc/nsswitch.conf contains the following for entry for automounting:
>
> automount:   files sss
>
> and my /etc/sssd/sssd.conf looks like this:
> [domain/default]
> id_provider = ldap
> autofs_provider = ldap
> sudo_provider = ldap
> cache_credentials = True
> auth_provider = krb5
> chpass_provider = krb5
> krb5_kpasswd = kerberos.example.com
> krb5_server = kerberos.example.com
> krb5_store_password_if_offline = True
> krb5_realm = PPPL.GOV
> ldap_uri =ldap://ldap1.example.com,ldap://ldap2.example.com
> ldap_search_base = dc=unix,dc=example,dc=com
> ldap_id_use_start_tls = False
> ldap_tls_cacertdir = /etc/openldap/cacerts
> ldap_autofs_search_base = ou=mounts,dc=unix,dc=example,dc=com
> ldap_autofs_map_object_class = automountMap
> ldap_autofs_map_name = ou
> ldap_autofs_entry_object_class = automount
> ldap_autofs_entry_key = cn
> ldap_autofs_entry_value = automountInformation
> enumerate = true
> [sssd]
> config_file_version = 2
> services = nss, pam, autofs, sudo
> domains = default
> [nss]
>
> [pam]
>
> [autofs]
>
> [sudo]
>
> What am I missing or doing wrong here?
> -- 
> Prentice
[Attachment #5 (text/html)]

<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Nevermind... I found my own answer seconds after sending the
      e-mail below.   This was working last week, but then when I put the
      working config in Ansible, I made a typo, and then ran Ansible to
      test my changes there. The automount map name is 'auto.project',
      not 'auto.projects'<br>
    </p>
    <pre class="moz-signature" cols="72">Prentice </pre>
    <div class="moz-cite-prefix">On 5/15/23 4:04 PM, Prentice Bisbal
      wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:9c9f0645-bdb2-1fc3-f22f-3e6523a9df0d@pppl.gov">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <p>SSSD Users, <br>
      </p>
      <p>I'm having a problem using a combination of both local files
        and LDAP as sources for automount information. <br>
      </p>
      <p>Historically, our site has always used LDAP for automount map
        information, and all systems used the same NFS home directories.
        <br>
      </p>
      <p>I'm now setting up a new HPC cluster, and I want the home
        directories (mounted as /u/&lt;username&gt;to be local to that
        cluster. The home directories will be provided by the master
        note of that cluster, but I still want to use the LDAP provided
        mount information for our project directories (mounted as
        /p/&lt;project_name&gt;. I want /etc/auto.home to be consulted
        for /u, but use the auto.projects automountmap in LDAP for /p.
        This should be simple, but it's not working for me: <br>
      </p>
      <pre># automount -m 
autofs dump map information
===========================

global options: none configured

Mount point: /u
source(s):

   instance type(s): file
   map: /etc/auto.home

   * | ranger-master:/home/&amp;</pre>
      <pre>Mount point: /p

source(s):

   instance type(s): sss 
   map: auto.projects

   no keys found in map</pre>
      <p>I created this /etc/auto.master file: <br>
      </p>
      <pre>/u        /etc/auto.home
/p       auto.projects
</pre>
      <p>And have this in my /etc/auto.home: <br>
      </p>
      <pre>*       cluster-master:/home/&amp;</pre>
      <p>I could swear this worked last week, but is not working now. My
        /etc/nsswitch.conf contains the following for entry for
        automounting: <br>
      </p>
      <pre>automount:   files sss

</pre>
      and my /etc/sssd/sssd.conf looks like this: <br>
      <pre>[domain/default]
id_provider = ldap
autofs_provider = ldap
sudo_provider = ldap
cache_credentials = True
auth_provider = krb5
chpass_provider = krb5
krb5_kpasswd = kerberos.example.com
krb5_server = kerberos.example.com
krb5_store_password_if_offline = True
krb5_realm = PPPL.GOV
ldap_uri = <a class="moz-txt-link-freetext" \
href="ldap://ldap1.example.com,ldap://ldap2.example.com" \
moz-do-not-send="true">ldap://ldap1.example.com,ldap://ldap2.example.com</a> \
ldap_search_base = dc=unix,dc=example,dc=com ldap_id_use_start_tls = False
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_autofs_search_base = ou=mounts,dc=unix,dc=example,dc=com
ldap_autofs_map_object_class = automountMap
ldap_autofs_map_name = ou
ldap_autofs_entry_object_class = automount
ldap_autofs_entry_key = cn
ldap_autofs_entry_value = automountInformation
enumerate = true</pre>
      <pre>[sssd]
config_file_version = 2
services = nss, pam, autofs, sudo
domains = default</pre>
      <pre>[nss]

[pam]

[autofs]

[sudo]

</pre>
      What am I missing or doing wrong here? <br>
      <pre class="moz-signature" cols="72">-- 
Prentice </pre>
    </blockquote>
  </body>
</html>


[Attachment #6 (text/plain)]

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic