<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Hi Rob/all,<br>
<br>
The original freeipa-client 2.1.4 on ubuntu 12.04 doesn't have
"ipa-client-automount" command. I manually configured the autofs
as following:<br>
<br>
===<b>/etc/autofs_ldap_autofs</b>===<br>
root@ecs-94a55510:/etc# more autofs_ldap_auth.conf <br>
<?xml version="1.0" ?><br>
<!--<br>
This files contains a single entry with multiple attributes tied
to it.<br>
See autofs_ldap_auth.conf(5) for more information.<br>
--><br>
<br>
<autofs_ldap_sasl_conf<br>
usetls="yes"<br>
tlsrequired="yes"<br>
authrequired="yes"<br>
authtype="GSSAPI"<br>
clientprinc=<a class="moz-txt-link-rfc2396E" href="mailto:host/ecs-94a55510.ecs.ads.xxx.com@ECS.ADS.XXX.COM">"host/ecs-94a55510.ecs.ads.xxx.com@ECS.ADS.XXX.COM"</a> <br>
credentialcache="/tmp/krb5cc_0"<br>
<br>
/><br>
===end of autofs_ldap_autofs===<br>
===<b>/etc/default/autof</b><b>s</b>===<br>
MASTER_MAP_NAME="automountmapname=auto.master,cn=default,cn=automount,dc=ecs,dc=ads,dc=xxx,dc=com"<br>
LOGGING="debug"<br>
MAP_OBJECT_CLASS="automountMap"<br>
ENTRY_OBJECT_CLASS="automount"<br>
MAP_ATTRIBUTE="automountMapName"<br>
ENTRY_ATTRIBUTE="automountKey"<br>
VALUE_ATTRIBUTE="automountInformation"<br>
LDAP_URI=<a class="moz-txt-link-rfc2396E" href="ldap://ecs-1a5d4287.ecs.ads.xxx.com">"ldap://ecs-1a5d4287.ecs.ads.xxx.com"</a><br>
SEARCH_BASE="cn=default,cn=automount,dc=ecs,dc=ads,dc=xxx,dc=com"<br>
===end of /etc/default/autofs===<br>
===<b>/etc/nsswitch.conf</b>===<br>
passwd: compat sss<br>
group: compat sss<br>
shadow: compat<br>
<br>
hosts: files dns<br>
networks: files<br>
<br>
protocols: db files<br>
services: db files<br>
ethers: db files<br>
rpc: db files<br>
<br>
netgroup: nis sss<br>
sudoers: files ldap<br>
automount: files ldap<br>
===end of /etc/nsswitch.conf===<br>
===<b>/etc/default/nfs-common</b>===<br>
NEED_STATD=<br>
STATDOPTS=<br>
NEED_IDMAP=yes<br>
NEED_GSSD=yes<br>
===end of nfs-common===<br>
===here is<b> /etc/auto.master</b>===<br>
#cat "+auto.master" >> /etc/auto.master<br>
===end of auto.master===<br>
<br>
On IPA server, I add the NFS service for that client as:<br>
# ipa service-add nfs/ecs-94a55510.ecs.ads.xxx.com<br>
<br>
But none ldap automount maps are shown in "automount -m" output.
From below syslog error messages, client server can't directly
connect to IPA(ldap server) for auto.master map.<br>
<b>===</b><br>
root@ecs-94a55510:/etc# automount -m<br>
find_server: trying server uri <a class="moz-txt-link-freetext" href="ldap://ecs-1a5d4287.ecs.ads.xxx.com">ldap://ecs-1a5d4287.ecs.ads.xxx.com</a><br>
init_ldap_connection: lookup(ldap): TLS required but START_TLS
failed: Connect error<br>
lookup(ldap): couldn't connect to server
<a class="moz-txt-link-freetext" href="ldap://ecs-1a5d4287.ecs.ads.xxx.com">ldap://ecs-1a5d4287.ecs.ads.xxx.com</a><br>
do_reconnect: lookup(ldap): failed to find available server<br>
<br>
autofs dump map information<br>
===========================<br>
<br>
global options: none configured<br>
no master map entries found<br>
<br>
In /var/log/syslog, here are the errors:<br>
Apr 19 23:09:40 ecs-94a55510 automount[17476]: parse_init:
parse(sun): init gathered global options: (null)<br>
Apr 19 23:09:40 ecs-94a55510 automount[17476]:
lookup_nss_read_master: reading master ldap auto.master<br>
Apr 19 23:09:40 ecs-94a55510 automount[17476]: parse_init:
parse(sun): init gathered global options: (null)<br>
Apr 19 23:09:40 ecs-94a55510 automount[17476]: lookup(file):
failed to read included master map auto.master<br>
<b>===</b><br>
<br>
The same ubuntu 12.04 host, sudo also can't retrieve sudoers
information from IPA server using ldap(sudo on ubuntu 12.04
doesn't support sssd), I double the problem is with ldap client
function on this host. If I missed anything obvious, please let
me know. <br>
<br>
thanks,<br>
<br>
carl<br>
<br>
<br>
On 14-04-07 08:28 AM, Rob Crittenden wrote:<br>
</div>
<blockquote cite="mid:534299F6.8090200@redhat.com" type="cite">Carl
E. Ma wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
My environment has Redhat5, 6, Centos 6.x and Ubuntu 12.04.
Following Redhat identity management manual, I am able to
configure user authentication, kerberos NFS, SSSD and autofs on
most of my systems.
<br>
<br>
The only trouble is integrating ubuntu 12.04 with autofs.
<br>
<br>
1. automount in /etc/nsswitch.conf doesn't recognize sss as the
name service, you need to put ldap instead.
<br>
2. automount on ubuntu 12.04 doesn't recognize the auto.master
map from IPA server.
<br>
<br>
On our IPA server:
<br>
ipaserver# ipa automountlocation-tofiles default
<br>
/etc/auto.master:
<br>
/- /etc/auto.direct
<br>
/home /etc/auto.home
<br>
---------------------------
<br>
/etc/auto.direct:
<br>
---------------------------
<br>
/etc/auto.home:
<br>
* -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192
nfs:/opt/shares/home/&
<br>
<br>
<br>
<blockquote type="cite">From ubuntu 12.04 IPA client:
<br>
</blockquote>
#automount -f -d <=shows it can't find the auto.master
map, in /etc/default/autofs, I tried both ways to specify the
auto.master map.
<br>
==
<br>
#cat /etc/default/autofs | grep MASTER
<br>
#MASTER_MAP_NAME="automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com"
<br>
MASTER_MAP_NAME="auto.master"
<br>
==
<br>
<br>
<blockquote type="cite">From the error messages, it seems
automount on ubuntu doesn't lookup LDAP for auto.master
information.
<br>
</blockquote>
<br>
Apr 4 17:25:26 ecs-94a55510 automount[1032]: lookup(file): file
map
/etc/automountmapname=auto.master,cn=default,cn=automount,dc=x,dc=x,dc=x,dc=com
missing or not readable
<br>
<br>
Although I am using pam to automount user home directory, i am
curious whether anyone else experienced the same problem, or
maybe I missed something.
<br>
</blockquote>
<br>
Can you provide more information on how you configured automount
(e.g. can we see the config files)? Did you use the
ipa-client-automount command or configure things by hand?
<br>
<br>
rob
<br>
</blockquote>
<br>
</body>
</html>