SUSE Manager/salt state and ad
Using AD users and AD groups with salt
Normally when you set the ownership of a file or directory to a user and/or group from AD you will use something like:
chown "domain\user1":"domain\user group" file
In a salt state this could look like:
manage_dir_ssh_user1: file.directory: - name: /home/user1/.ssh - user: domain\user1 - group: "domain\user group" - mode: 700 - makedirs: True
This will work normally. But not in all cases.
If a customers doesn't want to add the domain during login, the can define in /etc/samba/smb.conf in the global section the parameter:
winbind use default domain = Yes
If this has been set, the above state file will fail with the following:
[INFO ] Directory /scripts is in the correct state [INFO ] Completed state [/scripts] at time 15:33:33.042038 duration_in_ms=29.996 [INFO ] Running state [/home/user1/.ssh] at time 15:33:33.042324 [INFO ] Executing state file.directory for /home/user1/.ssh [ERROR ] Failed to change user to domain\user1
To find the error entered 2 extra lines in the file.py to see what could be happening, and received the following results:
[ERROR ] get_name: user1 [ERROR ] user_ domain\user1
Also when checking the directory, the ownership has been set. Remarkable is that you will expect that the owner will be preceded with "domain\" but that is not the case. And the 2 extra lines confirm this. The state file will fail when it checks if the ownership has been set correctly.
The state will work with:
manage_dir_ssh_user1: file.directory: - name: /home/user1/.ssh - user: user1 - group: "user group" - mode: 700 - makedirs: True