sssd ldap 身份验证无法自动挂载主目录

sssd ldap 身份验证无法自动挂载主目录

我已经设法设置了 ldap 身份验证。但我无法让主目录在登录时自动挂载。

auto.master和auto.home存储在ldap中。

这是我的 sssd.conf:

    [sssd]
    config_file_version = 2
    services = nss, sudo, pam, autofs
    domains = default

    [nss]
    filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd

    [pam]
    reconnection_retries = 3
    offline_credentials_expiration = 2
    offline_failed_login_attempts = 3
    offline_failed_login_delay = 5

   [domain/default]
   ldap_tls_reqcert = never
   auth_provider = ldap
   ldap_search_base = dc=domain,dc=net
   ldap_group_member = uniquemember
   id_provider = ldap
   ldap_id_use_start_tls = True
   chpass_provider = ldap
   ldap_uri = ldaps://ldapsrv.domain.net
   ldap_chpass_uri = ldaps://ldapsrv.domain.net
   cache_credentials = True
   ldap_tls_cacertdir = /etc/openldap/cacerts
   entry_cache_timeout = 600
   ldap_network_timeout = 3
   sudo_provider = ldap
   ldap_sudo_search_base = ou=SUDOers,dc=domain,dc=net
   debug_level = 9

   #autofs

   autofs_provider = ldap
   ldap_autofs_search_base = dc=domain,dc=net
   ldap_autofs_map_object_class = nisMap
   ldap_autofs_entry_object_class = nisObject
   ldap_autofs_map_name = nisMapName
   ldap_autofs_entry_key = cn
   ldap_autofs_entry_value = nisMapEntry


   [sudo]
   debug_level = 9

   [autofs]
   debug_level = 9

我可以使用 ldap 凭据通过 sudo 登录,但无法挂载 ldap 服务器上由 nfs 共享的 homedir。

看来它从 ldap 读取了 auto.master,但在尝试了 ldap 和 ldaps 之后失败了。

lookup_nss_read_map: reading map ldap ldap:nisMapName=auto.home,domain.net
parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:nisMapName=auto.home,domain.net".
parse_server_string: lookup(ldap): server "(default)", base dn "nisMapName=auto.home,domain.net"
parse_ldap_config: lookup(ldap): ldap authentication configured with the following options:
parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 4, sasl_mech: (null)
parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null)
do_init: parse(sun): init gathered global options: (null)
read_one_map: map read not needed, so not done
mounted indirect on /export/home with timeout 300, freq 75 seconds
st_ready: st_ready(): state = 0 path /export/home
st_expire: state 1 path /misc
expire_proc: exp_proc = 140100367800064 path /misc
expire_cleanup: got thid 140100367800064 path /misc stat 0
expire_cleanup: sigchld: exp 140100367800064 finished, switching from 2 to 1
st_ready: st_ready(): state = 2 path /misc
handle_packet: type = 3
handle_packet_missing_indirect: token 582, name testuser, request pid 15127
attempting to mount entry /export/home/testuser
lookup_mount: lookup(ldap): looking up testuser
do_bind: lookup(ldap): auth_required: 4, sasl_mech (null)
get_server_SASL_mechanisms: Can't contact LDAP server
do_bind: lookup(ldap): autofs_sasl_bind returned -1
do_bind: lookup(ldap): auth_required: 4, sasl_mech (null)
get_server_SASL_mechanisms: Can't contact LDAP server
do_bind: lookup(ldap): autofs_sasl_bind returned -1
lookup(ldap): couldn't connect to server default
lookup(ldap): lookup for testuser failed: connection failed

这是我的 ldap 条目:

dn: nisMapName=auto.home,dc=domain,dc=net
objectClass: top
objectClass: nisMap
nisMapName: auto.home

dn: cn=*,nisMapName=auto.home,dc=domain,dc=net
objectClass: nisObject
cn: *
nisMapEntry: -rw,sync ldapsrv.domain.net:/export/home/&
nisMapName: auto.home

dn: nisMapName=auto.master,dc=domain,dc=net
objectClass: top
objectClass: nisMap
nisMapName: auto.master

dn: cn=/export/home,nisMapName=auto.master,dc=domain,dc=net
objectClass: nisObject
cn: /export/home
nisMapName: auto.master
nisMapEntry: ldap:nisMapName=auto.home,dc=domain,dc=net

谢谢

答案1

根据类似lookup(ldap): couldn't connect to server default您的消息,nsswitch.conf不使用sssfor automount,而是使用本机 LDAP 连接器ldap。使用sssforautomount或配置自动挂载器以直接查找地图。

相关内容