[uyuni-users] Using AD user account
Hi, on a Linux (SLES15) salt client that is integrated in an Active Directory, the following scriptlet fails with an error message that the user (svc-backup005) is unknown: /home/svc-backup005: file.directory: - user: svc-backup005 - group: users - mode: '0700' Similar scripts with other users run fine. The only difference is, that those users are local users (/etc/passwd) and svc-backup005 is an AD user. Login (PAM + sss) and commands like getent or id run fine with this user but it seems that Salt doesn't recognize AD users. Any idea? Thanks in advance! Regards, Tobias. -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
Hi Tobias! On 20.04.20 08:48, Tobias Crefeld wrote:
Hi,
on a Linux (SLES15) salt client that is integrated in an Active Directory, the following scriptlet fails with an error message that the user (svc-backup005) is unknown:
/home/svc-backup005: file.directory: - user: svc-backup005 - group: users - mode: '0700'
Similar scripts with other users run fine. The only difference is, that those users are local users (/etc/passwd) and svc-backup005 is an AD user. Login (PAM + sss) and commands like getent or id run fine with this user but it seems that Salt doesn't recognize AD users.
Any idea?
Could you please try to run this on the minion via salt-call? Is the result the same?
Thanks in advance!
Regards, Tobias.
Regards, Jochen -- SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nuremberg Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
Am Tue, 21 Apr 2020 09:35:30 +0200 schrieb Jochen Breuer <jbreuer@suse.de>:
Could you please try to run this on the minion via salt-call? Is the result the same?
Hi Jochen, thanks for the hint! Calling "salt-call state.apply" as root on the target system the whole scriptlet (it's a little bit longer) runs as expected without any error. No complaints that "User svc-backup005 is not available" (this is the exact text from the log file minion if Apply Highstates is executed from Uyuni's WebUI). -- Gruss, Tobias Crefeld. xmpp (no email): crefeld@xabber.de -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
Am Mon, 20 Apr 2020 08:48:46 +0200 schrieb Tobias Crefeld <tclx@klekih-petra.de>:
Directory, the following scriptlet fails with an error message that the user (svc-backup005) is unknown:
/home/svc-backup005: file.directory: - user: svc-backup005 - group: users - mode: '0700'
Similar scripts with other users run fine. The only difference is, that those users are local users (/etc/passwd) and svc-backup005 is an AD user.
Today I found the solution for this problem: After replacing "- user: svc-backup005" by "- win_owner: svc-backup005" the script runs fine now. docs.saltstack.com lists this attribute but without any notice that it is the right one for AD-users. So after all it's no Uyuni problem. -- Gruss, Tobias Crefeld. xmpp (no email): crefeld@xabber.de -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
Shouldn't this not be handled by PAM? Robert sent from my mobile device -------- Originale Nachricht -------- Von: Tobias Crefeld <tclx@klekih-petra.de> Gesendet: Tue Jun 09 17:42:55 GMT+02:00 2020 An: uyuni-users@opensuse.org Betreff: Re: [uyuni-users] Using AD user account Am Mon, 20 Apr 2020 08:48:46 +0200 schrieb Tobias Crefeld <tclx@klekih-petra.de>:
Directory, the following scriptlet fails with an error message that the user (svc-backup005) is unknown:
/home/svc-backup005: file.directory: - user: svc-backup005 - group: users - mode: '0700'
Similar scripts with other users run fine. The only difference is, that those users are local users (/etc/passwd) and svc-backup005 is an AD user.
Today I found the solution for this problem: After replacing "- user: svc-backup005" by "- win_owner: svc-backup005" the script runs fine now. docs.saltstack.com lists this attribute but without any notice that it is the right one for AD-users. So after all it's no Uyuni problem. -- Gruss, Tobias Crefeld. xmpp (no email): crefeld@xabber.de -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
Am Tue, 09 Jun 2020 18:46:53 +0200 schrieb Robert Paschedag <robert.paschedag@web.de>:
Shouldn't this not be handled by PAM?
As mentioned in the thread it does not during normal central execution of the SLS (e.g. with "Apply Highstate"). Executing the same SLS locally via salt-call it works with "user", too. -- Gruss, Tobias Crefeld. xmpp (no email): crefeld@xabber.de -- To unsubscribe, e-mail: uyuni-users+unsubscribe@opensuse.org To contact the owner, e-mail: uyuni-users+owner@opensuse.org
participants (3)
-
Jochen Breuer -
Robert Paschedag -
Tobias Crefeld