SUSE Manager/salt state and ad

From MicroFocusInternationalWiki
Revision as of 17:41, 18 April 2018 by Mbrookhuis (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

SUSE Manager Main Page

Using AD users and AD groups with salt

Normally when you set the ownership of a file or directory to a user and/or group from AD you will use something like:

  chown "domain\user1":"domain\user group" file

In a salt state this could look like:

manage_dir_ssh_user1:
  file.directory:
    - name: /home/user1/.ssh
    - user: domain\user1
    - group: "domain\user group"
    - mode: 700
    - makedirs: True

This will work normally. But not in all cases.

If a customers doesn't want to add the domain during login, the can define in /etc/samba/smb.conf in the global section the parameter:

 winbind use default domain = Yes

If this has been set, the above state file will fail with the following:

 [INFO    ] Directory /scripts is in the correct state
 [INFO    ] Completed state [/scripts] at time 15:33:33.042038 duration_in_ms=29.996
 [INFO    ] Running state [/home/user1/.ssh] at time 15:33:33.042324
 [INFO    ] Executing state file.directory for /home/user1/.ssh
 [ERROR   ] Failed to change user to domain\user1

To find the error entered 2 extra lines in the file.py to see what could be happening, and received the following results:

 [ERROR   ] get_name: user1
 [ERROR   ] user_ domain\user1

Also when checking the directory, the ownership has been set. Remarkable is that you will expect that the owner will be preceded with "domain\" but that is not the case. And the 2 extra lines confirm this. The state file will fail when it checks if the ownership has been set correctly.

The state will work with:

 manage_dir_ssh_user1:
   file.directory:
     - name: /home/user1/.ssh
     - user: user1
     - group: "user group"
     - mode: 700
     - makedirs: True