我正在尝试使用存储在 AD 上的 auto.home,但运气不佳。我已关注https://care.qumulo.com/hc/en-us/articles/115014470007-Serving-AutoFS-Maps-from-Active-Directory-AD-to-AD-Bound-Linux-Clients-Using-SSSD#details-0-0我已经接近目标了,但是还缺少了一些东西。
错误摘要:
- 在地图源中未找到键“aarbid01”。
- ls:无法访问‘/home/aarbid01’:没有此文件或目录
- [objectClass] 没有子属性
- sdap_get_automntmap_recv 失败 [5]: 输入/输出错误
我收到的完整错误:
# service autofs status
autofs.service - Automounts filesystems on demand
Loaded: loaded (/lib/systemd/system/autofs.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-03-14 16:14:45 GMT; 4min 12s ago
Process: 6662 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
Process: 9419 ExecStart=/usr/sbin/automount $OPTIONS --pid-file /var/run/autofs.pid (code=exited, status=0/SUCCESS)
Main PID: 9437 (automount)
Tasks: 5 (limit: 8601)
CGroup: /system.slice/autofs.service
└─9437 /usr/sbin/automount --pid-file /var/run/autofs.pid
Mar 14 16:14:44 soyuz systemd[1]: Starting Automounts filesystems on demand...
Mar 14 16:14:45 soyuz systemd[1]: Started Automounts filesystems on demand.
Mar 14 16:14:48 soyuz automount[9437]: setautomntent: lookup(sss): setautomntent: No such file or directory
Mar 14 16:14:48 soyuz automount[9437]: **key "aarbid01" not found in map source(s).**
和
# ls /home/aarbid01
ls: cannot access '/home/aarbid01': No such file or directory
和
# tail /var/log/sssd/sssd_DCS.BBK.AC.UK.log
(Mon Mar 14 16:43:56 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_parse_entry] (0x1000): OriginalDN: [CN=aarbid01,CN=auto.home,CN=dcs,CN=defaultMigrationContainer30,DC=dcs,DC=bbk,DC
=ac,DC=uk].
(Mon Mar 14 16:43:56 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass]
(Mon Mar 14 16:43:56 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_parse_range] (0x2000): No sub-attributes for [nisMapName]
(Mon Mar 14 16:43:56 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_process_result] (0x2000): Trace: sh[0x563b443e48e0], connected[1], ops[0x563b443e6a70], ldap[0x563b44247f50]
(Mon Mar 14 16:43:56 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_ENTRY]
和
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_parse_entry] (0x1000): OriginalDN: [CN=qsong01,CN=auto.home,CN=dcs,CN=defaultMigrationContainer30,DC=dcs,DC=bbk,DC=
ac,DC=uk].
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_parse_range] (0x2000): No sub-attributes for [objectClass]
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_parse_range] (0x2000): No sub-attributes for [nisMapName]
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_process_result] (0x2000): Trace: sh[0x563b444032d0], connected[1], ops[0x563b44405e90], ldap[0x563b44209fe0]
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_process_message] (0x4000): Message type: [LDAP_RES_SEARCH_RESULT]
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_get_generic_op_finished] (0x0400): Search result: Success(0), no errmsg set
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_op_destructor] (0x2000): Operation 5 finished
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_get_automntmap_process] (0x0400): **Search for autofs maps, returned 2646 results**.
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_get_automntmap_process] (0x0040): **The search yielded more than one autofs map**
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_autofs_setautomntent_done] (0x0040): **sdap_get_automntmap_recv failed [5]: Input/output error**
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_id_op_done] (0x0200): communication error on cached connection, moving to next server
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_id_op_done] (0x4000): advising for connection retry #4
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_id_op_done] (0x4000): releasing operation connection
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_id_release_conn_data] (0x4000): releasing unused connection
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [sdap_handle_release] (0x2000): Trace: sh[0x563b444032d0], connected[1], ops[(nil)], ldap[0x563b44209fe0], destructor_loc
k[0], release_memory[0]
(Mon Mar 14 16:35:24 2022) [sssd[be[DCS.BBK.AC.UK]]] [remove_connection_callback] (0x4000): Successfully removed connection callback.
我拥有的:
# egrep autom /etc/nsswitch.conf
automount: files sss
# egrep -v ^# /etc/auto.master
/home auto.home
我也有 /etc/auto.home,但删除它没有任何区别
# egrep -v ^# /etc/auto.home
ahmed -fstype=nfs,vers=3 193.61.xx.xx:/staff/ahmed
# more /etc/sssd/sssd.conf
[sssd]
services = nss, pam, autofs
config_file_version = 2
domains = DCS.BBK.AC.UK
debug_level = 99
[autofs]
debug_level = 9
ldap_autofs_search_base= cn=dcs,cn=defaultMigrationContainer30,dc=dcs,dc=bbk,dc=ac,dc=uk
[domain/BBK.AC.UK]
debug_level = 9
id_provider = ad
access_provider = ad
ldap_id_mapping = False
override_shell = /bin/bash
# krb5_validate = false
ad_gpo_ignore_unreadable = True
# autofs
autofs_provider = ad
ldap_autofs_entry_key = cn
ldap_autofs_entry_object_class = nisObject
ldap_autofs_entry_value = nisMapEntry
ldap_autofs_map_name = nisMapName
#ldap_autofs_map_object_class = nisMap
ldap_autofs_map_object_class = nisObject
ldap_autofs_search_base= cn=dcs,cn=defaultMigrationContainer30,dc=dcs,dc=bbk,dc=ac,dc=uk
\krb5_ccname_template=FILE:%d/krb5cc_%U
Ldap 数据如下:
# ldapsearch -h host.bbk.ac.uk -b "cn=dcs,cn=defaultMigrationContainer30,dcs=dcs,dc=bbk,dc=ac,dc=uk" -D "CN=auser,OU=MSc,OU=StudentUsers,DC=dcs,DC=bbk,DC=ac,DC=uk" -w password cn=ubfabo001
#
# ubfabo001, auto.home, dcs, defaultMigrationContainer30, dcs.bbk.ac.uk
dn: CN=ubfabo001,CN=auto.home,CN=dcs,CN=defaultMigrationContainer30,DC=dcs,DC=
bbk,DC=ac,DC=uk
objectClass: top
objectClass: nisObject
cn: ubfabo001
distinguishedName: CN=ubfabo001,CN=auto.home,CN=dcs,CN=defaultMigrationContain
er30,DC=dcs,DC=bbk,DC=ac,DC=uk
instanceType: 4
uSNCreated: 30884897
uSNChanged: 30884897
showInAdvancedViewOnly: TRUE
name: ubfabo001
objectCategory: CN=NisObject,CN=Schema,CN=Configuration,DC=dcs,DC=bbk,DC=ac,DC
=uk
nisMapEntry: filesrv:/dpool/stds/itapps/itapptutors/ubfabo001
nisMapName: auto.home
msSFU30Name: ubfabo001
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
在我看来,SSSD 似乎找到了 auto.home 映射中的所有键,但无法匹配它们?可能是我的 sssd.conf ldap_autofs_* 条目与我的 AD auto.home 不匹配,但我可以看到它?
有什么建议吗?谢谢 Andrew
答案1
各位,我找到了解决方案。这是 sssd.conf 的值
autofs_provider = ad
ldap_autofs_entry_key = cn
ldap_autofs_entry_object_class = nisObject
ldap_autofs_entry_value = nisMapEntry
ldap_autofs_map_name = name
ldap_autofs_map_object_class = container
ldap_autofs_search_base= cn=dcs,cn=defaultMigrationContainer30,dc=dcs,dc=bbk,dc=ac,dc=uk
要检查所需的值,请执行以下操作:
# ldapsearch -h dcsntdc03.dcs.bbk.ac.uk -b "cn=dcs,cn=defaultMigrationContainer30,dc=dcs,dc=bbk,dc=ac,dc=uk" -D "CN=admin,DC=dcs,DC=bbk,DC=ac,DC=uk" -w password cn=auto.home objectClass name
dn: CN=auto.home,CN=dcs,CN=defaultMigrationContainer30,DC=dcs,DC=bbk,DC=ac,DC=uk
objectClass: top
objectClass: container <<== ldap_autofs_map_object_class
name: auto.home <<== ldap_autofs_map_name
# ldapsearch -h dcsntdc03.dcs.bbk.ac.uk -b "cn=dcs,cn=defaultMigrationContainer30,dc=dcs,dc=bbk,dc=ac,dc=uk" -D "CN=admin,DC=dcs,DC=bbk,DC=ac,DC=uk" -w password cn=andrew objectClass cn name nisMapName nisMapEntry
dn: CN=andrew,CN=auto.home,CN=dcs,CN=defaultMigrationContainer30,DC=dcs,DC=bbk,DC=ac,DC=uk
objectClass: top
objectClass: nisObject <<== ldap_autofs_entry_object_class
cn: andrew <<== ldap_autofs_entry_key
name: andrew
nisMapName: auto.home
nisMapEntry: filesrv:/staff/andrew <<== ldap_autofs_entry_value
谢谢