Hello,
I try to configure automount to use a Solaris LDAP Server for accessing automounter configuration files (auto.master, auto.net, etc), but the authentication keeps failing on the Solaris LDAP Server, although an ldapsearch works:
ldapsearch -h ldapserver -w Password
-U “dn:cn=linuxproxy,ou=profile,dc=org1”
-X “dn:cn=linuxproxy,ou=profile,dc=org1”
-Y DIGEST-MD5
-b “dc=org1” “(uid=userid)”
shows the information for user “userid”.
Here are my configuration files:
/etc/autofs_ldap_auth.conf
<autofs_ldap_sasl_conf
usetls=“no”
tlsrequired=“no”
authrequired=“yes”
authtype=“DIGEST-MD5”
user=“dn:cn=linuxproxy,ou=profile,dc=org1”
secret=“Password”
/>
/etc/sysconfig/autofs:
AUTOFS_OPTIONS=""
LDAP_URI=“ldap://ldapserver”
SEARCH_BASE=“dc=org1”
LOCAL_OPTIONS=""
APPEND_OPTIONS=“yes”
DEFAULT_MASTER_MAP_NAME=“auto_master”
DEFAULT_TIMEOUT=600
DEFAULT_BROWSE_MODE=“yes”
DEFAULT_LOGGING=“debug”
DEFAULT_MAP_OBJECT_CLASS=“automountMap”
DEFAULT_ENTRY_OBJECT_CLASS=“automount”
DEFAULT_MAP_ATTRIBUTE=“automountMapName”
DEFAULT_ENTRY_ATTRIBUTE=“automountKey”
DEFAULT_VALUE_ATTRIBUTE=“automountInformation”
DEFAULT_AUTH_CONF_FILE="/etc/autofs_ldap_auth.conf"
When I use snoop on ldapserver, I can see, that the client tries to authenticate several times. The first try works, but then it fails and the automounter can’t find its configuratiuon files.
Here is the log:
May 14 17:44:08 linux-22l1 automount[3463]: Starting automounter version 5.0.3, master map auto_master
May 14 17:44:08 linux-22l1 automount[3463]: using kernel protocol version 5.00
May 14 17:44:08 linux-22l1 automount[3463]: lookup_nss_read_master: reading master ldap auto_master
May 14 17:44:08 linux-22l1 automount[3463]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string “auto_master”.
May 14 17:44:08 linux-22l1 automount[3463]: parse_server_string: lookup(ldap): mapname auto_master
May 14 17:44:08 linux-22l1 automount[3463]: parse_ldap_config: lookup(ldap): ldap authentication configured with the following options:
May 14 17:44:08 linux-22l1 automount[3463]: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 2, sasl_mech: DIGEST-MD5
May 14 17:44:08 linux-22l1 automount[3463]: parse_ldap_config: lookup(ldap): user: dn:cn=linuxproxy,ou=profile,dc=ae2, secret: specified, client principal: (null) credential cache: (null)
May 14 17:44:08 linux-22l1 automount[3463]: find_server: trying server ldap://ldapserver
May 14 17:44:08 linux-22l1 automount[3463]: sasl_bind_mech: Attempting sasl bind with mechanism DIGEST-MD5
May 14 17:44:08 linux-22l1 automount[3463]: sasl_log_func: DIGEST-MD5 client step 2
May 14 17:44:08 linux-22l1 automount[3463]: getuser_func: called with context (nil), id 16386.
May 14 17:44:09 linux-22l1 automount[3463]: getuser_func: called with context (nil), id 16385.
May 14 17:44:09 linux-22l1 automount[3463]: getpass_func: context (nil), id 16388
May 14 17:44:09 linux-22l1 automount[3463]: sasl_log_func: DIGEST-MD5 client step 3
May 14 17:44:09 linux-22l1 automount[3463]: sasl_bind_mech: sasl bind with mechanism DIGEST-MD5 succeeded
May 14 17:44:09 linux-22l1 automount[3463]: do_bind: lookup(ldap): auth_required: 2, sasl_mech DIGEST-MD5
May 14 17:44:09 linux-22l1 automount[3463]: sasl_bind_mech: Attempting sasl bind with mechanism DIGEST-MD5
May 14 17:44:09 linux-22l1 automount[3463]: sasl_log_func: DIGEST-MD5 client step 1
May 14 17:44:09 linux-22l1 automount[3463]: getuser_func: called with context (nil), id 16386.
May 14 17:44:09 linux-22l1 automount[3463]: getuser_func: called with context (nil), id 16385.
May 14 17:44:09 linux-22l1 automount[3463]: getpass_func: context (nil), id 16388
May 14 17:44:09 linux-22l1 automount[3463]: The LDAP server indicated that the LDAP SASL bind was incomplete, but did not provide the required data to proceed. LDAP SASL bind with mechanism DIGEST-MD5 failed.
May 14 17:44:09 linux-22l1 automount[3463]: sasl bind with mechanism DIGEST-MD5 failed
May 14 17:44:09 linux-22l1 automount[3463]: do_bind: lookup(ldap): autofs_sasl_bind returned -1
May 14 17:44:09 linux-22l1 automount[3463]: connect_to_server: lookup(ldap): cannot bind to server
May 14 17:44:09 linux-22l1 automount[3463]: lookup_init: lookup(ldap): failed to find available server
May 14 17:44:09 linux-22l1 automount[3463]: no mounts in table
May 14 17:45:31 linux-22l1 automount[3463]: autofs stopped
When I allow anonymous authentication on the server, which does not require a bind, then it works, but of course I do not want to allow that.
Can anyone help me solve this problem?
Thank you,
Andreas