<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html; charset=UTF-8" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000066"> Your LDAP_URI is incorrect. Please make sure you follow the documentation exactly. Perhaps you actually wanted to say: LDAP_URI=<a class="moz-txt-link-rfc2396E" href="ldap:///dc=ipa,dc=domain,dc=nx">"ldap:///dc=ipa,dc=domain,dc=nx"</a> Alternatively, if you do not specify the LDAP_URI parameter at all, autofs will try SRV lookup against your default dnsdomain. Also, there is no nee for debugging automount with -d now, you can also try: automount -m which causes automount to dump all tables. Ondrej On 03/11/2012 09:09 PM, Natxo Asenjo wrote: <blockquote cite="mid:CAHBEJzXC3ZY4izaTqtTppvT8=SQKhLYWWVP-JS2RAixznTR+og@mail.gmail.com" type="cite">hi, First question: according to the docs in <a moz-do-not-send="true" href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/configuring-automount.html#Configuring_Automount-Configuring_autofs_on_Linux">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/configuring-automount.html#Configuring_Automount-Configuring_autofs_on_Linux</a> when configuring autofs you can choose to enter LDAP_URI in two ways, the lazy on (+1) or the specific one. The 'lazy' one requires a srv record query, in the specific one one enters the ldap server we want to query. In my limited experience, the srv record query does not work., the other one does. This is the relevant piece of /etc/sysconfig/autofs config that does not work: LDAP_URI=<a class="moz-txt-link-rfc2396E" href="ldap:///ipa.domain.nx">"ldap:///ipa.domain.nx"</a> if I query this domain for an srv ldap record it works: [root@ipaclient01 sysconfig]# dig -t srv _ldap._tcp.ipa.domain.nx +short 0 100 389 kdc.ipa.domain.nx. But autofs cannot find it: Mar 11 20:44:39 ipaclient01 automount[3236]: Starting automounter version 5.0.5-39.el6_2.1, master map auto.master Mar 11 20:44:39 ipaclient01 automount[3236]: using kernel protocol version 5.02 Mar 11 20:44:39 ipaclient01 automount[3236]: lookup_nss_read_master: reading master files auto.master Mar 11 20:44:39 ipaclient01 automount[3236]: parse_init: parse(sun): init gathered global options: (null) Mar 11 20:44:39 ipaclient01 automount[3236]: lookup_read_master: lookup(file): read entry /misc Mar 11 20:44:39 ipaclient01 automount[3236]: lookup_read_master: lookup(file): read entry /net Mar 11 20:44:39 ipaclient01 automount[3236]: lookup_read_master: lookup(file): read entry +auto.master Mar 11 20:44:39 ipaclient01 automount[3236]: lookup_nss_read_master: reading master files auto.master Mar 11 20:44:39 ipaclient01 automount[3236]: parse_init: parse(sun): init gathered global options: (null) Mar 11 20:44:39 ipaclient01 automount[3236]: lookup_nss_read_master: reading master ldap auto.master Mar 11 20:44:39 ipaclient01 automount[3236]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "auto.master". Mar 11 20:44:39 ipaclient01 automount[3236]: parse_server_string: lookup(ldap): mapname auto.master Mar 11 20:44:39 ipaclient01 automount[3236]: parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: Mar 11 20:44:39 ipaclient01 automount[3236]: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 2, sasl_mech: GSSAPI Mar 11 20:44:39 ipaclient01 automount[3236]: parse_ldap_config: lookup(ldap): user: (null), secret: unspecified, client principal: <a class="moz-txt-link-abbreviated" href="mailto:host/ipaclient01.ipa.domain.nx@IPA.DOMAIN.NX">host/ipaclient01.ipa.domain.nx@IPA.DOMAIN.NX</a> c redential cache: (null) Mar 11 20:44:39 ipaclient01 automount[3236]: parse_init: parse(sun): init gathered global options: (null) Mar 11 20:44:39 ipaclient01 automount[3236]: get_dc_list: Could not turn dn "ipa.domain.nx" into a domain Mar 11 20:44:39 ipaclient01 automount[3236]: do_reconnect: lookup(ldap): failed to find available server When I enter the LDAP_URI="kdc.ipa.domain.nx" with an specific search base, it works perfectly. Second question: is it normal that one has to restart the autofs service after adding an automount key in a direct map for the client to see it? If I do not do it, then the client does not see the new key so it cannot mount it either. Third question: is it safe to restart the autofs service when people have mounted shares on a client? Thanks in advance. -- Groeten, natxo <pre wrap=""> <fieldset class="mimeAttachmentHeader"></fieldset> _______________________________________________ Freeipa-users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Freeipa-users@redhat.com">Freeipa-users@redhat.com</a> <a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a></pre> </blockquote> <HR>The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited. Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18 <HR> </body> </html>