Hi Rob/all,

The original freeipa-client 2.1.4 on ubuntu 12.04 doesn't have "ipa-client-automount" command. I manually configured the autofs as following:

===*/etc/autofs_ldap_autofs*===
root@ecs-94a55510:/etc# more autofs_ldap_auth.conf
<?xml version="1.0" ?>
<!--
This files contains a single entry with multiple attributes tied to it.
See autofs_ldap_auth.conf(5) for more information.
-->

<autofs_ldap_sasl_conf
        usetls="yes"
        tlsrequired="yes"
        authrequired="yes"
        authtype="GSSAPI"
clientprinc="host/ecs-94a55510.ecs.ads.xxx....@ecs.ads.xxx.com"
        credentialcache="/tmp/krb5cc_0"

/>
===end of autofs_ldap_autofs===
===*/etc/default/autof**s*===
MASTER_MAP_NAME="automountmapname=auto.master,cn=default,cn=automount,dc=ecs,dc=ads,dc=xxx,dc=com"
LOGGING="debug"
MAP_OBJECT_CLASS="automountMap"
ENTRY_OBJECT_CLASS="automount"
MAP_ATTRIBUTE="automountMapName"
ENTRY_ATTRIBUTE="automountKey"
VALUE_ATTRIBUTE="automountInformation"
LDAP_URI="ldap://ecs-1a5d4287.ecs.ads.xxx.com";
SEARCH_BASE="cn=default,cn=automount,dc=ecs,dc=ads,dc=xxx,dc=com"
===end of /etc/default/autofs===
===*/etc/nsswitch.conf*===
passwd:         compat sss
group:          compat sss
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis sss
sudoers:        files ldap
automount: files ldap
===end of /etc/nsswitch.conf===
===*/etc/default/nfs-common*===
NEED_STATD=
STATDOPTS=
NEED_IDMAP=yes
NEED_GSSD=yes
===end of nfs-common===
===here is*/etc/auto.master*===
#cat "+auto.master" >> /etc/auto.master
===end of auto.master===

On IPA server, I add the NFS service for that client as:
# ipa service-add nfs/ecs-94a55510.ecs.ads.xxx.com

But none ldap automount maps are shown in "automount -m" output. From below syslog error messages, client server can't directly connect to IPA(ldap server) for auto.master map.
*===*
root@ecs-94a55510:/etc# automount -m
find_server: trying server uri ldap://ecs-1a5d4287.ecs.ads.xxx.com
init_ldap_connection: lookup(ldap): TLS required but START_TLS failed: Connect error
lookup(ldap): couldn't connect to server ldap://ecs-1a5d4287.ecs.ads.xxx.com
do_reconnect: lookup(ldap): failed to find available server

autofs dump map information
===========================

global options: none configured
no master map entries found

In /var/log/syslog, here are the errors:
Apr 19 23:09:40 ecs-94a55510 automount[17476]: parse_init: parse(sun): init gathered global options: (null) Apr 19 23:09:40 ecs-94a55510 automount[17476]: lookup_nss_read_master: reading master ldap auto.master Apr 19 23:09:40 ecs-94a55510 automount[17476]: parse_init: parse(sun): init gathered global options: (null) Apr 19 23:09:40 ecs-94a55510 automount[17476]: lookup(file): failed to read included master map auto.master
*===*

The same ubuntu 12.04 host, sudo also can't retrieve sudoers information from IPA server using ldap(sudo on ubuntu 12.04 doesn't support sssd), I double the problem is with ldap client function on this host. If I missed anything obvious, please let me know.

thanks,

carl


On 14-04-07 08:28 AM, Rob Crittenden wrote:
Carl E. Ma wrote:
Hi,

My environment has Redhat5, 6, Centos 6.x and Ubuntu 12.04. Following Redhat identity management manual, I am able to configure user authentication, kerberos NFS, SSSD and autofs on most of my systems.

The only trouble is integrating ubuntu 12.04 with autofs.

1. automount in /etc/nsswitch.conf doesn't recognize sss as the name service, you need to put ldap instead. 2. automount on ubuntu 12.04 doesn't recognize the auto.master map from IPA server.

On our IPA server:
ipaserver# ipa automountlocation-tofiles default
/etc/auto.master:
/-      /etc/auto.direct
/home   /etc/auto.home
---------------------------
/etc/auto.direct:
---------------------------
/etc/auto.home:
* -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192 nfs:/opt/shares/home/&


From ubuntu 12.04 IPA client:
#automount -f -d <=shows it can't find the auto.master map, in /etc/default/autofs, I tried both ways to specify the auto.master map.
==
#cat /etc/default/autofs  | grep MASTER
#MASTER_MAP_NAME="automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com"
MASTER_MAP_NAME="auto.master"
==

From the error messages, it seems automount on ubuntu doesn't lookup LDAP for auto.master information.

Apr 4 17:25:26 ecs-94a55510 automount[1032]: lookup(file): file map /etc/automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com missing or not readable

Although I am using pam to automount user home directory, i am curious whether anyone else experienced the same problem, or maybe I missed something.

Can you provide more information on how you configured automount (e.g. can we see the config files)? Did you use the ipa-client-automount command or configure things by hand?

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to