2 Replies Latest reply on Dec 27, 2012 8:20 AM by User501878

    Automount Home Directories from LDAP

      I have a Red Hat Linux LDAP/kerberos Server (IPA Server) that i beside authentication also use as a NFS Server sharing users Home Directories.

      All information for Solaris machine is provided from a custom DUAProfile in LDAP.

      Relevant autofs information in DUAProfile:

      serviceSearchDescriptor: automount:cn=default,cn=automount,dc=example,dc=org

      All users on the network have their home directories under /home

      I have a auto.home map on the server with key:

      * -rw,soft ipaserver.example.org:/home/&

      This setup works perfect for our Linux clients but not for Solaris.

      In Solaris, autofs seems to look for local users home directories too in the LDAP tree and thus making them unavailable when logging in.
      Even though +auto_home is after the local usermappings.

      t4 LOOKUP REQUEST: Tue Dec 25 22:08:36 2012
      t4 name=localuser[] map=auto.home opts= path=/home direct=0
      t4 LOOKUP REPLY : status=2

      Removing autofs entries in DUAProfile and specifying every user directly in /etc/auto_home works with a delay in mount.
      This is however a less than satisfactory solution.

      I thought about just removing local user mounts to /home from /export/home but that does not seem to be a good idea.
      How could i make this work the way i want with wildcards?

        • 1. Re: Automount Home Directories from LDAP
          I have now tried with a different share and mountpoint (/nethome) on a different test server.

          Verified that i can mount it through krb5 and automount works for Red Hat Linux clients.

          ssh, su and console login works on Solaris 11 except for finding home directory through automount.

          root@solaris2:~# ldapclient list
          NS_LDAP_FILE_VERSION= 2.0
          NS_LDAP_BINDDN= uid=solaris,cn=sysaccounts,cn=etc,dc=example,dc=org
          NS_LDAP_SERVERS= server.example.org
          NS_LDAP_SEARCH_BASEDN= dc=example,dc=org
          NS_LDAP_AUTH= tls:simple
          NS_LDAP_SEARCH_SCOPE= one
          NS_LDAP_SEARCH_TIME= 10
          NS_LDAP_CACHETTL= 6000
          NS_LDAP_PROFILE= solaris_authssl1
          NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=example,dc=org
          NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=example,dc=org
          NS_LDAP_SERVICE_SEARCH_DESC= netgroup:cn=ng,cn=compat,dc=example,dc=org
          NS_LDAP_SERVICE_SEARCH_DESC= ethers:cn=computers,cn=accounts,dc=example,dc=org
          NS_LDAP_SERVICE_SEARCH_DESC= automount:cn=default,cn=automount,dc=example,dc=org
          NS_LDAP_SERVICE_SEARCH_DESC= auto_master:automountMapName=auto.master,cn=default,cn=automount,dc=example,dc=org
          NS_LDAP_SERVICE_SEARCH_DESC= aliases:ou=aliases,ou=test,dc=example,dc=org
          NS_LDAP_SERVICE_SEARCH_DESC= printers:ou=printers,ou=test,dc=example,dc=org
          NS_LDAP_BIND_TIME= 5
          NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount
          NS_LDAP_OBJECTCLASSMAP= printers:sunPrinter=printerService

          root@solaris2:~# sharectl get autofs

          From /var/svc/log/system-filesystem-autofs\:default.log:

          t4 LOOKUP REQUEST: Wed Dec 26 12:28:43 2012
          t4 name=user02[] map=auto.nethome opts= path=/nethome direct=0
          t4 getmapent_ldap called
          t4 getmapent_ldap: key=[ user02 ]
          t4 ldap_match called
          t4 ldap_match: key =[ user02 ]
          t4 ldap_match: ldapkey =[ user02 ]
          t4 ldap_match: Requesting list for (&(objectClass=automount)(automountKey=user02)) in auto.nethome
          t4 ldap_match: __ns_ldap_list FAILED (2)
          t4 ldap_match: no entries found
          t4 ldap_match called
          t4 ldap_match: key =[ \2a ]
          t4 ldap_match: ldapkey =[ \2a ]
          t4 ldap_match: Requesting list for (&(objectClass=automount)(automountKey=\2a)) in auto.nethome
          t4 ldap_match: __ns_ldap_list FAILED (2)
          t4 ldap_match: no entries found
          t4 getmapent_ldap: exiting ...
          t4 do_lookup1: action=2 wildcard=FALSE error=2
          t4 LOOKUP REPLY : status=2

          The automount map is called auto.nethome
          key is: * -rw,soft server.example.org:/nethome/&

          Is it that Solaris automount dont like asterisk(*) in a automount key?

          At least now the local users home directories work when i am not trying to autofs mount to /home.

          Anyone know what is wrong here?

          Thank you for your help.

          • 2. Re: Automount Home Directories from LDAP
            Solved the problem myself, it was a simple thing.
            All i had to do was rename the automount map in LDAP from auto.nethome to auto_nethome and now everything works.

            There is a delay though of about 20 seconds when logging in or doing su - user, will investigate that with pam module debug logging.
            Seems as if the whole pam configuration have changed for Solaris 11.1 but the documentation like man pages have not, still reference /etc/pam.conf pam configuration instead of /etc/pam.d/. :)