{"id":719,"date":"2017-05-10T15:05:29","date_gmt":"2017-05-10T13:05:29","guid":{"rendered":"http:\/\/drfugazi.eu.org\/?p=719"},"modified":"2017-05-24T12:08:17","modified_gmt":"2017-05-24T10:08:17","slug":"linux-ldap-autofs-client-configuration","status":"publish","type":"post","link":"https:\/\/drfugazi.eu.org\/en\/linux-ldap-autofs-client-configuration\/","title":{"rendered":"Linux LDAP autofs client configuration"},"content":{"rendered":"<p>There is a plenty of Linux distributions, so there is not my point to describe how to configure autofs in every one of them. This description is based on RedHat\/CentOS, but it can be applied to other distributions with very small changes.<br \/>\nIf you have local users and their directories located in <code>\/home<\/code> you may want to move their directories to e.g.: <code>\/export\/home<\/code>. Then you should change default HOME entry in <code>\/etc\/default\/useradd<\/code>:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# sed -i &quot;s|\/home|\/export\/home|&quot; \/etc\/default\/useradd\r\n<\/pre>\n<p>You should also change \/etc\/passwd entries for these users:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# usermod -m -d \/export\/home\/&lt;username&gt; &lt;username&gt;\r\n<\/pre>\n<p>or<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# sed -i &quot;s|:\/home|:\/export\/home|&quot; \/etc\/passwd\r\n<\/pre>\n<p>If <code>\/home<\/code> is separate filesystem, you should umount it, adjust the <code>\/etc\/fstab<\/code> and remount this as <code>\/export\/home<\/code>.<br \/>\nCheck the <code>\/etc\/autofs.conf<\/code> for <code>master_map_name<\/code>, default is:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nmaster_map_name = auto.master\r\n<\/pre>\n<p>then <code>\/etc\/auto.master<\/code> file, it should contain following entry:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n+auto.master\r\n<\/pre>\n<p>plus sign &#8220;+&#8221; means that the maps will be also read from the external source (NIS, LDAP).<br \/>\nYour LDAP configuration should be already defined in appropriate files (<code>\/etc\/ldap.conf<\/code>), please also check <code>\/etc\/autofs_ldap_auth.conf<\/code> file if it contains proper settings:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n&lt;autofs_ldap_sasl_conf\r\n        usetls=&quot;yes&quot;\r\n        tlsrequired=&quot;yes&quot;\r\n        authrequired=&quot;no&quot;\r\n\/&gt;\r\n<\/pre>\n<p>Now it&#8217;s time to add ldap source to <code>\/etc\/nsswitch.conf<\/code>:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# grep auto \/etc\/nsswitch.conf\r\nautomount:  files ldap\r\n<\/pre>\n<p>and start automounter service:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# service autofs start\r\n<\/pre>\n<p>Now, if you make <code>su - ldapuser<\/code> or <code>cd \/home\/ldapdir<\/code>, automounter should be able to mount user directory from NFS server defined in LDAP. <\/p>\n<p>Useful links:<br \/>\n<a href=\"https:\/\/access.redhat.com\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/6\/html\/Storage_Administration_Guide\/s2-nfs-config-autofs-LDAP.html\" target=\"_blank\">Using LDAP to Store Automounter Maps<\/a><br \/>\n<a href=\"https:\/\/access.redhat.com\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/6\/html\/Storage_Administration_Guide\/s2-nfs-config-autofs-augmenting.html\" target=\"_blank\">NFS autofs augmenting<\/a><br \/>\n<a href=\"https:\/\/help.ubuntu.com\/community\/AutofsLDAP\" target=\"_blank\">AutoFS LDAP<\/a><br \/>\n<a href=\"https:\/\/linux.die.net\/man\/8\/automount_selinux\" target=\"_blank\">Automount SELinux<\/a><br \/>\n<\/p>","protected":false},"excerpt":{"rendered":"<p>There is a plenty of Linux distributions, so there is not my point to describe how to configure autofs in every one of them. This description is based on RedHat\/CentOS, but it can be&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":675,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[115,98],"tags":[6,99,44],"jetpack_publicize_connections":[],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/10\/linux-logo.jpg?fit=300%2C300&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7M9Tz-bB","jetpack-related-posts":[{"id":692,"url":"https:\/\/drfugazi.eu.org\/en\/solaris-ldap-autofs-client-configuration\/","url_meta":{"origin":719,"position":0},"title":"Solaris LDAP autofs client configuration","author":"drfugazi","date":"Thursday December 15th, 2016","format":false,"excerpt":"Last time I wrote about autofs configuration on LDAP server, now it is time to configure autofs client in Solaris. I assume that in DUAConfigProfile, objectClasses and attributes are already defined. You can check this with simply commands: [bash] % ldaplist -l auto_master dn: automountMapName=auto_master,ou=service,dc=mycompany,dc=com automountMapName: auto_master objectClass: automountMap objectClass:\u2026","rel":"","context":"In &quot;LDAP&quot;","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/02\/Solaris_OS_logo.png?fit=800%2C393&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/02\/Solaris_OS_logo.png?fit=800%2C393&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/02\/Solaris_OS_logo.png?fit=800%2C393&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/02\/Solaris_OS_logo.png?fit=800%2C393&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":672,"url":"https:\/\/drfugazi.eu.org\/en\/linux-ldap-client-configuration\/","url_meta":{"origin":719,"position":1},"title":"Linux LDAP client configuration","author":"drfugazi","date":"Thursday October  6th, 2016","format":false,"excerpt":"The simplest way to configure LDAP client in Linux is to use some kind of tool delivered with system. SuSE has yast (yast2), RedHat family has authconfig (authconfig-tui). This should install required packages like: nss-pam-ldapd, nscd, pam_ldap, ldapclient etc. Unfortunatelly I don't remember list of packages for particular distributions, because\u2026","rel":"","context":"In &quot;LDAP&quot;","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/10\/linux-logo.jpg?fit=300%2C300&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":729,"url":"https:\/\/drfugazi.eu.org\/en\/sudoers-in-ldap\/","url_meta":{"origin":719,"position":2},"title":"Sudoers in LDAP","author":"drfugazi","date":"Wednesday June 28th, 2017","format":false,"excerpt":"In addition to the standard sudoers file, sudo may be configured via LDAP. This can be especially useful for synchronizing sudoers in a large, distributed environment. You need to have LDAP server and client configured, if you do not have already, see my previous posts. LDAP schema extension for sudo\u2026","rel":"","context":"In &quot;LDAP&quot;","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2017\/06\/sudo-sudoers-make-me-sandwich.jpg?fit=360%2C299&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":685,"url":"https:\/\/drfugazi.eu.org\/en\/autofs-in-ldap-configuration-linux-solaris\/","url_meta":{"origin":719,"position":3},"title":"Autofs in LDAP configuration &#8211; for Linux and Solaris","author":"drfugazi","date":"Friday November 25th, 2016","format":false,"excerpt":"If you have LDAP server as user repository it is also good to have NFS server to store their home directories. To avoid autofs map configuration on every host, you can use LDAP service to store maps. I assume that NFS server (NFSHOME) is already installed, LDAP server and client\u2026","rel":"","context":"In &quot;LDAP&quot;","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"LDAP DIT","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":641,"url":"https:\/\/drfugazi.eu.org\/en\/solaris-ldap-client-configuration\/","url_meta":{"origin":719,"position":4},"title":"Solaris LDAP client configuration","author":"drfugazi","date":"Tuesday June 21st, 2016","format":false,"excerpt":"Oracle Solaris has native LDAP support built in OS, so there is no need to install third-party software to configure Solaris to use LDAP as users\/groups and other repository. You can use different ways to do this, and I will describe few of them. If secure communication is required, and\u2026","rel":"","context":"In &quot;LDAP&quot;","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"LDAP DIT","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":599,"url":"https:\/\/drfugazi.eu.org\/en\/ldap-server-for-solaris-and-linux-clients\/","url_meta":{"origin":719,"position":5},"title":"LDAP server for Solaris and Linux clients","author":"drfugazi","date":"Thursday June  2nd, 2016","format":false,"excerpt":"Few months ago I received a task to set up LDAP authentication for Solaris 10, Solaris 11 and Linux machines in Customer's infrastructure. As LDAP server was chosen OpenLDAP 2.4.x in Master-Slave configuration with SSL\/TLS support. Servers was installed on Virtual Machines with CentOS 6.7. I will not describe LDAP\u2026","rel":"","context":"In &quot;LDAP&quot;","block_context":{"text":"LDAP","link":"https:\/\/drfugazi.eu.org\/en\/category\/ldap\/"},"img":{"alt_text":"LDAP DIT","src":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/drfugazi.eu.org\/wp-content\/uploads\/2016\/06\/LDAP-DIT.jpg?fit=1200%2C1016&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/719"}],"collection":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/comments?post=719"}],"version-history":[{"count":8,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/719\/revisions"}],"predecessor-version":[{"id":777,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/posts\/719\/revisions\/777"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/media\/675"}],"wp:attachment":[{"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/media?parent=719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/categories?post=719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/drfugazi.eu.org\/en\/wp-json\/wp\/v2\/tags?post=719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}