我设法设置LDAP身份validation。 但我没有设法login时自动挂载主目录。
auto.master和auto.home存储在ldap中。
这是我的sssd.conf:
[sssd] config_file_version = 2 services = nss, sudo, pam, autofs domains = default [nss] filter_users = root,ldap,named,avahi,haldaemon,dbus,radiusd,news,nscd [pam] reconnection_retries = 3 offline_credentials_expiration = 2 offline_failed_login_attempts = 3 offline_failed_login_delay = 5 [domain/default] ldap_tls_reqcert = never auth_provider = ldap ldap_search_base = dc=domain,dc=net ldap_group_member = uniquemember id_provider = ldap ldap_id_use_start_tls = True chpass_provider = ldap ldap_uri = ldaps://ldapsrv.domain.net ldap_chpass_uri = ldaps://ldapsrv.domain.net cache_credentials = True ldap_tls_cacertdir = /etc/openldap/cacerts entry_cache_timeout = 600 ldap_network_timeout = 3 sudo_provider = ldap ldap_sudo_search_base = ou=SUDOers,dc=domain,dc=net debug_level = 9 #autofs autofs_provider = ldap ldap_autofs_search_base = dc=domain,dc=net ldap_autofs_map_object_class = nisMap ldap_autofs_entry_object_class = nisObject ldap_autofs_map_name = nisMapName ldap_autofs_entry_key = cn ldap_autofs_entry_value = nisMapEntry [sudo] debug_level = 9 [autofs] debug_level = 9 我可以使用ldap凭据do sudo进行login,但无法挂载由ldap服务器上的nfs共享的homedir。
它似乎从ldap读取auto.master,但失败后…尝试ldap和ldaps。
lookup_nss_read_map: reading map ldap ldap:nisMapName=auto.home,domain.net parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "ldap:nisMapName=auto.home,domain.net". parse_server_string: lookup(ldap): server "(default)", base dn "nisMapName=auto.home,domain.net" parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 4, sasl_mech: (null) parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: (null) credential cache: (null) do_init: parse(sun): init gathered global options: (null) read_one_map: map read not needed, so not done mounted indirect on /export/home with timeout 300, freq 75 seconds st_ready: st_ready(): state = 0 path /export/home st_expire: state 1 path /misc expire_proc: exp_proc = 140100367800064 path /misc expire_cleanup: got thid 140100367800064 path /misc stat 0 expire_cleanup: sigchld: exp 140100367800064 finished, switching from 2 to 1 st_ready: st_ready(): state = 2 path /misc handle_packet: type = 3 handle_packet_missing_indirect: token 582, name testuser, request pid 15127 attempting to mount entry /export/home/testuser lookup_mount: lookup(ldap): looking up testuser do_bind: lookup(ldap): auth_required: 4, sasl_mech (null) get_server_SASL_mechanisms: Can't contact LDAP server do_bind: lookup(ldap): autofs_sasl_bind returned -1 do_bind: lookup(ldap): auth_required: 4, sasl_mech (null) get_server_SASL_mechanisms: Can't contact LDAP server do_bind: lookup(ldap): autofs_sasl_bind returned -1 lookup(ldap): couldn't connect to server default lookup(ldap): lookup for testuser failed: connection failed
这是我的ldap条目:
dn: nisMapName=auto.home,dc=domain,dc=net objectClass: top objectClass: nisMap nisMapName: auto.home dn: cn=*,nisMapName=auto.home,dc=domain,dc=net objectClass: nisObject cn: * nisMapEntry: -rw,sync ldapsrv.domain.net:/export/home/& nisMapName: auto.home dn: nisMapName=auto.master,dc=domain,dc=net objectClass: top objectClass: nisMap nisMapName: auto.master dn: cn=/export/home,nisMapName=auto.master,dc=domain,dc=net objectClass: nisObject cn: /export/home nisMapName: auto.master nisMapEntry: ldap:nisMapName=auto.home,dc=domain,dc=net
谢谢
根据类似“查询(ldap):无法连接到服务器默认值”的消息,您的nsswitch.conf不会使用sss作为自动挂载,而是使用本机LDAP连接器。 使用sss进行自动挂载或configuration自动挂载程序直接查找地图。