This discussion is archived
2 Replies Latest reply: Dec 27, 2012 12:20 AM by User501878 RSS

Automount Home Directories from LDAP

User501878 Newbie
Currently Being Moderated
I have a Red Hat Linux LDAP/kerberos Server (IPA Server) that i beside authentication also use as a NFS Server sharing users Home Directories.

All information for Solaris machine is provided from a custom DUAProfile in LDAP.

Relevant autofs information in DUAProfile:

serviceSearchDescriptor: automount:cn=default,cn=automount,dc=example,dc=org
serviceSearchDescriptor:auto_master:automountMapName=auto.master,cn=default,cn=automount,dc=example,dc=org

All users on the network have their home directories under /home

I have a auto.home map on the server with key:

* -rw,soft ipaserver.example.org:/home/&

This setup works perfect for our Linux clients but not for Solaris.

In Solaris, autofs seems to look for local users home directories too in the LDAP tree and thus making them unavailable when logging in.
Even though +auto_home is after the local usermappings.

t4 LOOKUP REQUEST: Tue Dec 25 22:08:36 2012
t4 name=localuser[] map=auto.home opts= path=/home direct=0
t4 LOOKUP REPLY : status=2

Removing autofs entries in DUAProfile and specifying every user directly in /etc/auto_home works with a delay in mount.
This is however a less than satisfactory solution.

I thought about just removing local user mounts to /home from /export/home but that does not seem to be a good idea.
How could i make this work the way i want with wildcards?

Regards,
Johan.
  • 1. Re: Automount Home Directories from LDAP
    User501878 Newbie
    Currently Being Moderated
    I have now tried with a different share and mountpoint (/nethome) on a different test server.

    Verified that i can mount it through krb5 and automount works for Red Hat Linux clients.

    ssh, su and console login works on Solaris 11 except for finding home directory through automount.

    root@solaris2:~# ldapclient list
    NS_LDAP_FILE_VERSION= 2.0
    NS_LDAP_BINDDN= uid=solaris,cn=sysaccounts,cn=etc,dc=example,dc=org
    NS_LDAP_BINDPASSWD= {XXX}XXXXXXXXXXXXXX
    NS_LDAP_SERVERS= server.example.org
    NS_LDAP_SEARCH_BASEDN= dc=example,dc=org
    NS_LDAP_AUTH= tls:simple
    NS_LDAP_SEARCH_REF= TRUE
    NS_LDAP_SEARCH_SCOPE= one
    NS_LDAP_SEARCH_TIME= 10
    NS_LDAP_CACHETTL= 6000
    NS_LDAP_PROFILE= solaris_authssl1
    NS_LDAP_CREDENTIAL_LEVEL= proxy
    NS_LDAP_SERVICE_SEARCH_DESC= passwd:cn=users,cn=accounts,dc=example,dc=org
    NS_LDAP_SERVICE_SEARCH_DESC= group:cn=groups,cn=compat,dc=example,dc=org
    NS_LDAP_SERVICE_SEARCH_DESC= netgroup:cn=ng,cn=compat,dc=example,dc=org
    NS_LDAP_SERVICE_SEARCH_DESC= ethers:cn=computers,cn=accounts,dc=example,dc=org
    NS_LDAP_SERVICE_SEARCH_DESC= automount:cn=default,cn=automount,dc=example,dc=org
    NS_LDAP_SERVICE_SEARCH_DESC= auto_master:automountMapName=auto.master,cn=default,cn=automount,dc=example,dc=org
    NS_LDAP_SERVICE_SEARCH_DESC= aliases:ou=aliases,ou=test,dc=example,dc=org
    NS_LDAP_SERVICE_SEARCH_DESC= printers:ou=printers,ou=test,dc=example,dc=org
    NS_LDAP_BIND_TIME= 5
    NS_LDAP_OBJECTCLASSMAP= shadow:shadowAccount=posixAccount
    NS_LDAP_OBJECTCLASSMAP= printers:sunPrinter=printerService

    root@solaris2:~# sharectl get autofs
    timeout=600
    automount_verbose=true
    automountd_verbose=true
    nobrowse=false
    trace=2
    environment=

    From /var/svc/log/system-filesystem-autofs\:default.log:

    t4 LOOKUP REQUEST: Wed Dec 26 12:28:43 2012
    t4 name=user02[] map=auto.nethome opts= path=/nethome direct=0
    t4 getmapent_ldap called
    t4 getmapent_ldap: key=[ user02 ]
    t4 ldap_match called
    t4 ldap_match: key =[ user02 ]
    t4 ldap_match: ldapkey =[ user02 ]
    t4 ldap_match: Requesting list for (&(objectClass=automount)(automountKey=user02)) in auto.nethome
    t4 ldap_match: __ns_ldap_list FAILED (2)
    t4 ldap_match: no entries found
    t4 ldap_match called
    t4 ldap_match: key =[ \2a ]
    t4 ldap_match: ldapkey =[ \2a ]
    t4 ldap_match: Requesting list for (&(objectClass=automount)(automountKey=\2a)) in auto.nethome
    t4 ldap_match: __ns_ldap_list FAILED (2)
    t4 ldap_match: no entries found
    t4 getmapent_ldap: exiting ...
    t4 do_lookup1: action=2 wildcard=FALSE error=2
    t4 LOOKUP REPLY : status=2


    The automount map is called auto.nethome
    key is: * -rw,soft server.example.org:/nethome/&

    Is it that Solaris automount dont like asterisk(*) in a automount key?

    At least now the local users home directories work when i am not trying to autofs mount to /home.

    Anyone know what is wrong here?

    Thank you for your help.

    Regards,
    Johan.
  • 2. Re: Automount Home Directories from LDAP
    User501878 Newbie
    Currently Being Moderated
    Solved the problem myself, it was a simple thing.
    All i had to do was rename the automount map in LDAP from auto.nethome to auto_nethome and now everything works.

    There is a delay though of about 20 seconds when logging in or doing su - user, will investigate that with pam module debug logging.
    Seems as if the whole pam configuration have changed for Solaris 11.1 but the documentation like man pages have not, still reference /etc/pam.conf pam configuration instead of /etc/pam.d/. :)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points