ldap autofs /etc/auto.master


# Sample auto.master file that uses an LDAP server
#
# autofs can use either the automountMap or the nisMap schema.
#
# When using the automountMap schema use an entry like
#
# /home   ldap://budgie/ou=auto.indirect,dc=themaw,dc=net
#
# or if the default LDAP server is set in your LDAP config
# you can use this
#
/home   ldap:ou=auto.indirect,dc=themaw,dc=net




Configuring an LDAP Client to Use Automount Maps

If you have configured an automount map for auto.home in LDAP, you can configure an LDAP client to mount the users' home directories when they log in.
To configure an LDAP client to automount users' home directories:
  1. Install the autofs package:
    # yum install autofs 
  2. Verify that the auto.home map is available :
    # ldapsearch -LLL -x -b "dc=mydom,dc=com" nisMapName=auto.home
    dn: nisMapName=auto.home,dc=mydom,dc=com
    objectClass: top
    objectClass: nisMap
    nisMapName: auto.home
    
    dn: cn=*,nisMapName=auto.home,dc=mydom,dc=com
    objectClass: nisObject
    cn: *
    nisMapEntry: -rw,sync nfssvr.mydom.com:/nethome/&
    nisMapName: auto.home
    In this example, the map is available. For details of how to make this map available, see Section 24.4.6, “Adding an Automount Map to LDAP”.
  3. If the auto.home map is available, edit /etc/auto.master and create an entry that tells autofs where to find the auto.home map in LDAP, for example:
    /nethome    ldap:nisMapName=auto.home,dc=mydom,dc=com
    If you use LDAP over SSL, specify ldaps: instead of ldap:.
  4. Edit /etc/autofs_ldap_auth.conf and configure the authentication settings for autofs with LDAP, for example:
    <autofs_ldap_sasl_conf
         usetls="yes"
         tlsrequired="no"
         authrequired="autodetect"
         authtype="GSSAPI"
         clientprinc="host/ldapclient.mydom.com@MYDOM.COM" 
         />
    This example assumes that Kerberos authentication with the LDAP server uses TLS for the connection. The principal for the client system must exist in the Kerberos database. You can use the klist -k command to verify this. If the principal for the client does not exist, use kadmin to add the principal.
  5. If you use Kerberos Authentication, use kadmin to add a principal for the LDAP service on the LDAP server, for example:
    # kadmin -q "addprinc ldap/ldap.mydom.com@MYDOM.COM
  6. Restart the autofs service, and configure the service to start following a system reboot:
    # systemctl restart autofs
    # systemctl enable autofs
    The autofs service creates the directory /nethome. When a user logs in, the automounter mounts his or her home directory under /nethome.
    If the owner and group for the user's files are unexpectedly listed as the anonymous user or group (nobody or nogroup) and all_squash has not been specified as a mount option, verify that the Domain setting in /etc/idmapd.conf on the NFS server is set to the DNS domain name. Restart the NFS services on the NFS server if you change this file.
For more information, see the auto.master(5) and autofs_ldap_auth.conf(5) manual pages.

Comments

Popular posts from this blog

HAproxy logging

teamcity Automatic Agent Start under Linux

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all