Hi Rob/all,
The original freeipa-client 2.1.4 on ubuntu 12.04 doesn't have
"ipa-client-automount" command. I manually configured the autofs as
following:
===*/etc/autofs_ldap_autofs*===
root@ecs-94a55510:/etc# more autofs_ldap_auth.conf
<?xml version="1.0" ?>
<!--
This files contains a single entry with multiple attributes tied to it.
See autofs_ldap_auth.conf(5) for more information.
-->
<autofs_ldap_sasl_conf
usetls="yes"
tlsrequired="yes"
authrequired="yes"
authtype="GSSAPI"
clientprinc="host/[email protected]"
credentialcache="/tmp/krb5cc_0"
/>
===end of autofs_ldap_autofs===
===*/etc/default/autof**s*===
MASTER_MAP_NAME="automountmapname=auto.master,cn=default,cn=automount,dc=ecs,dc=ads,dc=xxx,dc=com"
LOGGING="debug"
MAP_OBJECT_CLASS="automountMap"
ENTRY_OBJECT_CLASS="automount"
MAP_ATTRIBUTE="automountMapName"
ENTRY_ATTRIBUTE="automountKey"
VALUE_ATTRIBUTE="automountInformation"
LDAP_URI="ldap://ecs-1a5d4287.ecs.ads.xxx.com";
SEARCH_BASE="cn=default,cn=automount,dc=ecs,dc=ads,dc=xxx,dc=com"
===end of /etc/default/autofs===
===*/etc/nsswitch.conf*===
passwd: compat sss
group: compat sss
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis sss
sudoers: files ldap
automount: files ldap
===end of /etc/nsswitch.conf===
===*/etc/default/nfs-common*===
NEED_STATD=
STATDOPTS=
NEED_IDMAP=yes
NEED_GSSD=yes
===end of nfs-common===
===here is*/etc/auto.master*===
#cat "+auto.master" >> /etc/auto.master
===end of auto.master===
On IPA server, I add the NFS service for that client as:
# ipa service-add nfs/ecs-94a55510.ecs.ads.xxx.com
But none ldap automount maps are shown in "automount -m" output. From
below syslog error messages, client server can't directly connect to
IPA(ldap server) for auto.master map.
*===*
root@ecs-94a55510:/etc# automount -m
find_server: trying server uri ldap://ecs-1a5d4287.ecs.ads.xxx.com
init_ldap_connection: lookup(ldap): TLS required but START_TLS failed:
Connect error
lookup(ldap): couldn't connect to server ldap://ecs-1a5d4287.ecs.ads.xxx.com
do_reconnect: lookup(ldap): failed to find available server
autofs dump map information
===========================
global options: none configured
no master map entries found
In /var/log/syslog, here are the errors:
Apr 19 23:09:40 ecs-94a55510 automount[17476]: parse_init: parse(sun):
init gathered global options: (null)
Apr 19 23:09:40 ecs-94a55510 automount[17476]: lookup_nss_read_master:
reading master ldap auto.master
Apr 19 23:09:40 ecs-94a55510 automount[17476]: parse_init: parse(sun):
init gathered global options: (null)
Apr 19 23:09:40 ecs-94a55510 automount[17476]: lookup(file): failed to
read included master map auto.master
*===*
The same ubuntu 12.04 host, sudo also can't retrieve sudoers information
from IPA server using ldap(sudo on ubuntu 12.04 doesn't support sssd), I
double the problem is with ldap client function on this host. If I
missed anything obvious, please let me know.
thanks,
carl
On 14-04-07 08:28 AM, Rob Crittenden wrote:
Carl E. Ma wrote:
Hi,
My environment has Redhat5, 6, Centos 6.x and Ubuntu 12.04. Following
Redhat identity management manual, I am able to configure user
authentication, kerberos NFS, SSSD and autofs on most of my systems.
The only trouble is integrating ubuntu 12.04 with autofs.
1. automount in /etc/nsswitch.conf doesn't recognize sss as the name
service, you need to put ldap instead.
2. automount on ubuntu 12.04 doesn't recognize the auto.master map
from IPA server.
On our IPA server:
ipaserver# ipa automountlocation-tofiles default
/etc/auto.master:
/- /etc/auto.direct
/home /etc/auto.home
---------------------------
/etc/auto.direct:
---------------------------
/etc/auto.home:
* -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192
nfs:/opt/shares/home/&
From ubuntu 12.04 IPA client:
#automount -f -d <=shows it can't find the auto.master map, in
/etc/default/autofs, I tried both ways to specify the auto.master map.
==
#cat /etc/default/autofs | grep MASTER
#MASTER_MAP_NAME="automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com"
MASTER_MAP_NAME="auto.master"
==
From the error messages, it seems automount on ubuntu doesn't lookup
LDAP for auto.master information.
Apr 4 17:25:26 ecs-94a55510 automount[1032]: lookup(file): file map
/etc/automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com
missing or not readable
Although I am using pam to automount user home directory, i am
curious whether anyone else experienced the same problem, or maybe I
missed something.
Can you provide more information on how you configured automount (e.g.
can we see the config files)? Did you use the ipa-client-automount
command or configure things by hand?
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
