Re: automount with LDAP

I am implementing an LDAP directory for account authentication. I would like the ldapclient to query the LDAP directory for automount information, but I gather that this is not possible. Instead, I am going to have to use local automount files which I would like to look this:

/etc/auto_master:
/home /etc/auto_home -nosuid

/etc/auto_home:
* hostname:/export/home/&

The problem is that with this configuration, even if a non-ldap user (such as oracle or root) logs on, it tries to mount up using this map. I don't really want to maintain a list of users in this auto_home file, unless there is no other alternative. Is it possible to configure only my ldap accounts to query for the auto_home information?

12 REPLIES 12

What is your passwd directive in /etc/nsswitch.conf directive??

It should be file [NOTFOUND = continue] ldap
So that root/oracle will get resolved form passwd file and will have valid local home dir.

Anil

There is no substitute to HARDWORK

nsswitch.conf has the following entries (among others):

passwd: files [NOTFOUND=continue] ldap
automount: files

My oracle and root account do log in OK, with the correct home directory, but I can see from a snoop that they are trying to automount (and fail). I would expect that only home directories under /home would try and nfs mount (the oracle home is /opt/oracle) - but this doesn't seem to be the case. My snoop shows messages like :
NFS "No such file or directory"
which it then seems to keep retrying. The only solution I can find is to put explicit entries in /etc/auto_home, but from a manageability point of view I would like to avoid that.

Are you using new or old automount?? the old automount has option -tm for timeout. (Default is 30 sec), may be you can use it. Don't know if new automount has that option.

Anil

There is no substitute to HARDWORK

Thanks for that - it still seems a bit odd that all accounts search for a mount from auto_home - as I would have thought that the entry (/home) in the auto_master would restrict auto_home searches to users with home directories off /home??

Also, is it possible to have local accounts mount up a local directory (eg /home/user) if they aren't an LDAP user. I have tried to achieve this, but it seems that once I have the /home entry in auto_home, I can't have local /home entries (even if I put named users in the auto_home file instead of *)....Any thoughts??

Do you have automount entry in /etc/nsswitch.conf?? and does it point to ldap only?? We have similar environment (no ldap, but nis) and local user's login fine. and nis user go to automount and login fine. Local users's certainly do not go to automount-timeout-and then back to local mount.

Anil

There is no substitute to HARDWORK

My automount entry in /etc/nsswitch.conf only points to files. This is because the HP ldap client doesn't support automount, so I'm forced to use /etc/auto_home and /etc/auto_master on each client. I presume that in your case, you specify "automount nis" in nsswitch.conf and therefore only your nis users are reading the auto_home information, so maybe this is why you don't have a clash for local users?

Your only options looks to maintain list of users in auto_home file.
I am sure that your error (that local users also go to automount.map) is out of this entry.

/etc/auto_home:
* hostname:/export/home/&
Coming out of "*" I think your /etc/auto_home needs to be as follows.

user1 hostsname:/export/home/&
user2 hostname:/export/home/&

Where user1 and user2 are ldap users. Define such entries for all ldap users. Now local user should not be going to automounter.

Anil

There is no substitute to HARDWORK

what you said is correct. my automount entry point to nis and works fine. I am surprised, hp ldap does not support automount!!!

Anil

There is no substitute to HARDWORK

thanks Anil,

I will try this when i get in tomorrow and I'll let you know how I get on. I have a feeling that I have already tried it with users named in the auto_home file, but I'll give it another go....it gives me a bit more hope now I know it can be done with nis

Alec

Hi,

I have tested this but unfortunately it didn't work. If I have the following entries:

/etc/auto_home
pringlea ostram01:/export/home/$
/etc/automaster
/home auto_home -nobrowse

(I restart the nfs.client)... and then

-pringlea can log on with mounted home directory
- when a local user (tuser) logs on the home directory /home/tuser is unavailable.

If I stop the nfsclient daemon, then tuser is able to login.

Is there a way around this?

..OK I've done a bit more testing and I can get this to work as follows:

/etc/auto_master
/home2 auto_home -nobrowse

/etc/auto_home
* ostram01:/export/home/pringlea/&

...but I've had to use the later version of automount (autofs), it doesn't seem to work with the old automounter.

Thanks for all your help!

issue resolved by using the latest version of autofs