ldap autofs /etc/auto.master
# Sample auto.master file that uses an LDAP server # # autofs can use either the automountMap or the nisMap schema. # # When using the automountMap schema use an entry like # # /home ldap://budgie/ou=auto.indirect,dc=themaw,dc=net # # or if the default LDAP server is set in your LDAP config # you can use this # /home ldap:ou=auto.indirect,dc=themaw,dc=net
Configuring an LDAP Client to Use Automount Maps
If you have configured an automount map for
auto.home
in LDAP, you can configure an LDAP client to mount the users' home directories when they log in.
To configure an LDAP client to automount users' home directories:
- Install the
autofs
package:
#
yum install autofs
- Verify that the
auto.home
map is available :
#
In this example, the map is available. For details of how to make this map available, see Section 24.4.6, “Adding an Automount Map to LDAP”.ldapsearch -LLL -x -b "dc=mydom,dc=com" nisMapName=auto.home
dn: nisMapName=auto.home,dc=mydom,dc=com objectClass: top objectClass: nisMap nisMapName: auto.home dn: cn=*,nisMapName=auto.home,dc=mydom,dc=com objectClass: nisObject cn: * nisMapEntry: -rw,sync nfssvr.mydom.com:/nethome/& nisMapName: auto.home - If the
auto.home
map is available, edit/etc/auto.master
and create an entry that tellsautofs
where to find theauto.home
map in LDAP, for example:
/nethome ldap:nisMapName=auto.home,dc=mydom,dc=com
If you use LDAP over SSL, specifyldaps:
instead ofldap:
. - Edit
/etc/autofs_ldap_auth.conf
and configure the authentication settings forautofs
with LDAP, for example:
<autofs_ldap_sasl_conf usetls="yes" tlsrequired="no" authrequired="autodetect" authtype="GSSAPI" clientprinc="
This example assumes that Kerberos authentication with the LDAP server uses TLS for the connection. The principal for the client system must exist in the Kerberos database. You can use the klist -k command to verify this. If the principal for the client does not exist, use kadmin to add the principal.host/ldapclient.mydom.com@MYDOM.COM
" /> - If you use Kerberos Authentication, use kadmin to add a principal for the LDAP service on the LDAP server, for example:
#
kadmin -q "addprinc
ldap/ldap.mydom.com@MYDOM.COM
- Restart the
autofs
service, and configure the service to start following a system reboot:
#
Thesystemctl restart autofs
#systemctl enable autofs
autofs
service creates the directory/nethome
. When a user logs in, the automounter mounts his or her home directory under/nethome
.
If the owner and group for the user's files are unexpectedly listed as the anonymous user or group (nobody
ornogroup
) andall_squash
has not been specified as a mount option, verify that theDomain
setting in/etc/idmapd.conf
on the NFS server is set to the DNS domain name. Restart the NFS services on the NFS server if you change this file.
For more information, see the
auto.master(5)
and autofs_ldap_auth.conf(5)
manual pages.
Comments
Post a Comment