Carl E. Ma wrote:
Hi Rob/all,The original freeipa-client 2.1.4 on ubuntu 12.04 doesn't have "ipa-client-automount" command. I manually configured the autofs as following: ===*/etc/autofs_ldap_autofs*=== root@ecs-94a55510:/etc# more autofs_ldap_auth.conf <?xml version="1.0" ?> <!-- This files contains a single entry with multiple attributes tied to it. See autofs_ldap_auth.conf(5) for more information. --> <autofs_ldap_sasl_conf usetls="yes" tlsrequired="yes" authrequired="yes" authtype="GSSAPI" clientprinc="host/[email protected]" credentialcache="/tmp/krb5cc_0" /> ===end of autofs_ldap_autofs=== ===*/etc/default/autof**s*=== MASTER_MAP_NAME="automountmapname=auto.master,cn=default,cn=automount,dc=ecs,dc=ads,dc=xxx,dc=com" LOGGING="debug" MAP_OBJECT_CLASS="automountMap" ENTRY_OBJECT_CLASS="automount" MAP_ATTRIBUTE="automountMapName" ENTRY_ATTRIBUTE="automountKey" VALUE_ATTRIBUTE="automountInformation" LDAP_URI="ldap://ecs-1a5d4287.ecs.ads.xxx.com"; SEARCH_BASE="cn=default,cn=automount,dc=ecs,dc=ads,dc=xxx,dc=com" ===end of /etc/default/autofs=== ===*/etc/nsswitch.conf*=== passwd: compat sss group: compat sss shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis sss sudoers: files ldap automount: files ldap ===end of /etc/nsswitch.conf=== ===*/etc/default/nfs-common*=== NEED_STATD= STATDOPTS= NEED_IDMAP=yes NEED_GSSD=yes ===end of nfs-common=== ===here is*/etc/auto.master*=== #cat "+auto.master" >> /etc/auto.master ===end of auto.master=== On IPA server, I add the NFS service for that client as: # ipa service-add nfs/ecs-94a55510.ecs.ads.xxx.com But none ldap automount maps are shown in "automount -m" output. From below syslog error messages, client server can't directly connect to IPA(ldap server) for auto.master map. *===* root@ecs-94a55510:/etc# automount -m find_server: trying server uri ldap://ecs-1a5d4287.ecs.ads.xxx.com init_ldap_connection: lookup(ldap): TLS required but START_TLS failed: Connect error lookup(ldap): couldn't connect to server ldap://ecs-1a5d4287.ecs.ads.xxx.com do_reconnect: lookup(ldap): failed to find available server autofs dump map information =========================== global options: none configured no master map entries found In /var/log/syslog, here are the errors: Apr 19 23:09:40 ecs-94a55510 automount[17476]: parse_init: parse(sun): init gathered global options: (null) Apr 19 23:09:40 ecs-94a55510 automount[17476]: lookup_nss_read_master: reading master ldap auto.master Apr 19 23:09:40 ecs-94a55510 automount[17476]: parse_init: parse(sun): init gathered global options: (null) Apr 19 23:09:40 ecs-94a55510 automount[17476]: lookup(file): failed to read included master map auto.master *===* The same ubuntu 12.04 host, sudo also can't retrieve sudoers information from IPA server using ldap(sudo on ubuntu 12.04 doesn't support sssd), I double the problem is with ldap client function on this host. If I missed anything obvious, please let me know.
Update the openldap configuration file (/etc/openldap/ldap.conf on Fedora/RHEL) and add
TLS_CACERT /etc/ipa/ca.crt rob _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
