Hello Ondrej,
On 03/09/09 07:06, Ondrej Valousek wrote:
There is no problem with autofs - the real problem is, that windoze do
not follow RFC's in subsequent authentication (which autofs is using).
I have reported the problem to Microsoft and they agreed (internal
bugreport was generated).
The workaround is to use GSSAPI authentication instead - more at
ondarnfs.blogspot.com
Thanks,
I've been trying to avoid GSSAPI, because I believe it requires the machine to be a fully paid-up member of the AD. In
my environment that's very tricky to impossible[1].
However, your method appears to work very well (although I had to add MASTER_MAP_NAME="ldap://addns/cn=auto.master,...";
to my /etc/sysconfig/autofs).
I've now got autofs querying AD for automount information using Microsoft's default
"nisMap" schema.
As an aside, some minor comments on your (useful) blog:
1. Some of the longer lines in the quoted files appear truncated. They
cut-n-paste fine though.
2. I've found that removing /var/cache/samba/winbind* seems to work for cache
clearing.
3. You probably mean "getent passwd" (instead of "password"), and for some reason in my case it still doesn't return the
AD users (though wbinfo -u does). The users can still authenticate though.
1: Separate issue:
The reason it's so difficult is because these machines (the Linux "clients") are essentially transient. They're
diskless, often only just created, and as stateless as possible. I haven't yet worked out a way of pre-creating an AD
computer account such that a dummy user can join the machine to the AD. I can do it manually, but if I use dsadd to
pre-create the account it requires an Administrative User's password for the "net ads join". Not so handy when we might
have e.g. 100 machines to add as quickly as possible. [Pointers gratefully received :-) ]
Anyway, thanks for the pointers, and the blog
cheers
jack
_______________________________________________
autofs mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/autofs
