我正在尝试设置 SSSD 以从 Active Directory 获取自动挂载映射。
我认为我的设置是正确的,但它使用错误的用户名来查询 AD。它采用从 中设置为“mapname”(符号后面+)的任何内容/etc/auto.master,例如+auto.master会产生以下调试日志 (sssd_autofs debug_level=6):
[sssd[autofs]] [accept_fd_handler] (0x0400): Client connected!
[sssd[autofs]] [sss_cmd_get_version] (0x0200): Received client version [1].
[sssd[autofs]] [sss_cmd_get_version] (0x0200): Offered version [1].
[sssd[autofs]] [sss_autofs_cmd_setautomntent] (0x0400): Got request for automount map named [email protected]
[sssd[autofs]] [sss_parse_name_for_domains] (0x0200): name '[email protected]' matched expression for domain 'example.com', user is auto.master
[sssd[autofs]] [setautomntent_send] (0x0400): Requesting info for automount map [auto.master] from [example.com]
[sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [[email protected]]
[sssd[autofs]] [sysdb_get_map_byname] (0x0400): No such map
[sssd[autofs]] [lookup_automntmap_step] (0x0080): No automount map [auto.master] in cache for domain [example.com]
[sssd[autofs]] [sss_dp_issue_request] (0x0400): Issuing request for [0x406840:0:[email protected]]
[sssd[autofs]] [sss_dp_get_autofs_msg] (0x0400): Creating autofs request for [example.com][4105][mapname=auto.master]
[sssd[autofs]] [sss_dp_internal_get_send] (0x0400): Entering request [0x406840:0:[email protected]]
[sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [[email protected]]
[sssd[autofs]] [sysdb_autofs_entries_by_map] (0x0400): Getting entries for map auto.master
[sssd[autofs]] [sysdb_autofs_entries_by_map] (0x0400): No entries for the map
[sssd[autofs]] [lookup_automntmap_step] (0x0400): setautomntent done for map auto.master
[sssd[autofs]] [sss_autofs_cmd_setautomntent_done] (0x0400): setautomntent found data
[sssd[autofs]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x406840:0:[email protected]]
[sssd[autofs]] [sss_autofs_cmd_getautomntent] (0x0400): Requested data of map [email protected] cursor 0 max entries 512
[sssd[autofs]] [sss_autofs_cmd_getautomntent] (0x0400): Performing implicit setautomntent
[sssd[autofs]] [sss_parse_name_for_domains] (0x0200): name '[email protected]' matched expression for domain 'example.com', user is auto.master
[sssd[autofs]] [setautomntent_send] (0x0400): Requesting info for automount map [auto.master] from [example.com]
[sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [[email protected]]
[sssd[autofs]] [sss_dp_issue_request] (0x0400): Issuing request for [0x406840:0:[email protected]]
[sssd[autofs]] [sss_dp_get_autofs_msg] (0x0400): Creating autofs request for [example.com][4105][mapname=auto.master]
[sssd[autofs]] [sss_dp_internal_get_send] (0x0400): Entering request [0x406840:0:[email protected]]
[sssd[autofs]] [lookup_automntmap_step] (0x0400): Requesting info for [[email protected]]
[sssd[autofs]] [sysdb_autofs_entries_by_map] (0x0400): Getting entries for map auto.master
[sssd[autofs]] [sysdb_autofs_entries_by_map] (0x0400): No entries for the map
[sssd[autofs]] [lookup_automntmap_step] (0x0400): setautomntent done for map auto.master
[sssd[autofs]] [getautomntent_implicit_done] (0x0020): Cannot get map after setautomntent succeeded?
[sssd[autofs]] [sss_dp_req_destructor] (0x0400): Deleting request: [0x406840:0:[email protected]]
[sssd[autofs]] [sss_autofs_cmd_endautomntent] (0x0400): endautomntent called
[sssd[autofs]] [client_recv] (0x0200): Client disconnected!
有人能做到这一点吗?
答案1
我在 #sssd IRC 频道上找到了一些帮助。
显然,user is日志条目并不意味着用户连接,而只是它正在寻找的自动挂载映射。
看来我在 AD 上配置错误。通过在我的 sssd.conf 中将域提高debug_level到 6,如下所示:
...
[domain/example.com]
debug_level = 6
...
我能够查看对我的 AD 服务器进行的 LDAP 查询。看来我必须将我的 nisObjects 放在我的 nisMap 下,我将它们放在同一个 OU=automount 中。
所以我移动了这些对象,现在一切正常!