[Samba] Samba 4.1.8 Importing automountmap ldif entries from existing OpenLDAP setup or ?

Jefferson Davis jdavis at standard.k12.ca.us
Tue Jul 8 11:29:46 MDT 2014


If you're referring to the autofs section of sssd.conf, what are your recommended settings? 

So far the RHEL/Centos recommendations fail. So I'm thinking I'm missing something. 

My /etc/sysconfig/autofs sez: 

MASTER_MAP_NAME="auto.master" 
TIMEOUT=300 
MOUNT_NFS_DEFAULT_PROTOCOL=4 
LOGGING="debug" 
LDAP_URI=ldap://samba4dc.ad.standard.k12.ca.us 
SEARCH_BASE="CN=ad,CN=automount,DC=ad,DC=standard,DC=k12,DC=ca,DC=us" 
MAP_OBJECT_CLASS="nisMap" 
ENTRY_OBJECT_CLASS="nisObject" 
MAP_ATTRIBUTE="nisMapName" 
ENTRY_ATTRIBUTE="cn" 
VALUE_ATTRIBUTE="nisMapEntry" 
AUTH_CONF_FILE="/etc/autofs_ldap_auth.conf" 
USE_MISC_DEVICE="yes" 

This is apparently ok since it works with nsswitch.conf autofs files ldap 

The autofs section of /etc/sssd/sssd.conf sez: 

[autofs] 
autofs_provider=ldap 
ldap_autofs_search_base=CN=ad,CN=automount,DC=ad,DC=standard,DC=k12,DC=ca,DC=us 
ldap_autofs_map_object_class=nisMap 
ldap_autofs_entry_object_class=nisObject 
ldap_autofs_map_name=nisMapName 
ldap_autofs_entry_key=cn 
ldap_autofs_entry_value=nisMapEntry 

Am I missing something obvious? 

----- Original Message -----

From: "steve" <steve at steve-ss.com> 
To: "Jefferson Davis" <jdavis at standard.k12.ca.us> 
Cc: "Rowland Penny" <rowlandpenny at googlemail.com>, samba at lists.samba.org 
Sent: Tuesday, July 8, 2014 9:57:02 AM 
Subject: Re: [Samba] Samba 4.1.8 Importing automountmap ldif entries from existing OpenLDAP setup or ? 

On Tue, 2014-07-08 at 09:45 -0700, Jefferson Davis wrote: 
> OK, I've got my existing openldap entries converted, but cannot seem 
> to get autofs to "see" them. 
> 
> container.ldif 
> 
> dn: CN=automount,DC=ad,DC=standard,DC=k12,DC=ca,DC=us 
> objectClass: top 
> objectClass: container 
> cn: automount 
> distinguishedName: CN=automount,DC=ad,DC=standard,DC=k12,DC=ca,DC=us 
> instanceType: 4 
> showInAdvancedViewOnly: TRUE 
> adminDisplayName: DefaultMigrationContainer30 
> adminDescription: DefaultMigrationContainer30 
> name: automount 
> objectCategory: 
> CN=Container,CN=Schema,CN=Configuration,DC=ad,DC=standard,DC=k12,DC=ca,DC=us 
> 
> dn: CN=ad,CN=automount,DC=ad,DC=standard,DC=k12,DC=ca,DC=us 
> objectClass: top 
> objectClass: container 
> cn: ad 
> distinguishedName: 
> CN=ad,CN=automount,DC=ad,DC=standard,DC=k12,DC=ca,DC=us 
> instanceType: 4 
> showInAdvancedViewOnly: TRUE 
> name: ad 
> objectCategory: 
> CN=Container,CN=Schema,CN=Configuration,DC=ad,DC=standard,DC=k12,DC=ca,DC=us 
> 
> auto.master.ldif 
> 
> dn: 
> CN=auto.master,CN=ad,CN=automount,DC=ad,DC=standard,DC=k12,DC=ca,DC=us 
> objectClass: top 
> objectClass: nisMap 
> cn: auto.master 
> name: auto.master 
> nisMapName: auto.master 
> 
> dn: 
> cn=/u,CN=auto.master,CN=ad,CN=automount,DC=ad,DC=standard,DC=k12,DC=ca,DC=us 
> objectClass: top 
> objectClass: nisObject 
> cn: /u 
> name: /u 
> nisMapName: auto.master 
> nisMapEntry: auto.users 
> 
> dn: 
> cn=/net,CN=auto.master,CN=ad,CN=automount,DC=ad,DC=standard,DC=k12,DC=ca,DC=us 
> objectClass: top 
> objectClass: nisObject 
> cn: /net 
> name: /net 
> nisMapName: auto.master 
> nisMapEntry: auto.net 
> 
> auto.users.ldif 
> 
> dn: 
> CN=auto.users,CN=ad,CN=automount,DC=ad,DC=standard,DC=k12,DC=ca,dc=US 
> objectClass: top 
> objectClass: nisMap 
> cn: auto.users 
> name: auto.users 
> nisMapName: auto.users 
> 
> dn: 
> cn=pcheatwo,CN=auto.users,CN=ad,CN=automount,DC=ad,DC=standard,DC=k12,DC=ca,dc=US 
> objectClass: top 
> objectClass: nisObject 
> cn: pcheatwo 
> name: pcheatwo 
> msSFU30Name: pcheatwo 
> msSFU30NisDomain: ad.standard.k12.ca.us 
> nisMapName: auto.users 
> nisMapEntry: 
> -fstype=nfs,hard,intr,nodev,nosuid,nolock,noatime,rsize=32768,wsize=32768 scale.standard.k12.ca.us:/fs0/shares/Staff/pcheatwo 
> 
> dn: 
> cn=pcope,CN=auto.users,CN=ad,CN=automount,DC=ad,DC=standard,DC=k12,DC=ca,dc=US 
> objectClass: top 
> objectClass: nisObject 
> cn: pcope 
> name: pcope 
> msSFU30Name: pcope 
> msSFU30NisDomain: ad.standard.k12.ca.us 
> nisMapName: auto.users 
> nisMapEntry: 
> -fstype=nfs,hard,intr,nodev,nosuid,nolock,noatime,rsize=32768,wsize=32768 scale.standard.k12.ca.us:/fs0/shares/Staff/pcope 
> 
> Finally works with ldap in /etc/nsswitch.conf. 
> 
> sssd? no dice. 
> 
> /etc/sssd/sssd.conf is 
> 
> [sssd] 
> services = nss, pam, autofs 
> config_file_version = 2 
> domains = ad.standard.k12.ca.us 
> 
> [nss] 
> 
> [pam] 
> 
> [autofs] 
> 
> [domain/ad.standard.k12.ca.us] 
> 
> enumerate = false 
> cache_credentials = true 
> ldap_id_mapping = false 
> ldap_schema = ad 
> id_provider = ad 
> auth_provider = ad 
> access_provider = ad 
> chpass_provider = ad 
> 
> sssd is ver 1.9.2 on centos 6.5 

Hi 
You are missing the autofs entries. Also, don't forget to specify sss in 
nsswitch 
> 
> I've seen so many different approaches on the listserv to configuring 
> this file I'm going batty. 
> 
> Using ldap in nsswitch.conf finally worked this am, apparently after I 
> re-requested a new kerberos ticket, which is also problematic in my 
> mind as this should never expire for a service. Do I need to create a 
> service account for these services (autofs/sssd)? 
> 
> Sorry still climbing the kerberos learning curve. 

If you're OK with ldap then stick with that. You should not need to keep 
a ticket cache alive. The upcall (for cifs at least) will look in the 
keytab for the username specified with the autofs mount command. If you 
really must (until e.g. you've understood it a little better), you can 
maintain a ticket cache using k5start. 
Good luck, 
Steve 






-- 



Jefferson K Davis 
Technology and Information Systems Manager 
Standard School District 
1200 North Chester Ave 
Bakersfield, CA 93308 
661.392.2110 ext 120 (office) 
http://district.standard.k12.ca.us 

District Users: Click here to report technology issues 




More information about the samba mailing list