= Introduction = Automount is the modern way to mount directories over a network. It is far easier to manage and is more economic in bandwidth. In this howto, autofs will be configured through an LDAP directory: in that way, we have a centralised configuration and make maximum use of the LDAP that has been setup. Great, isn't it? = Installation = First of all, automount is composed of two parts: a kernel module and user land utilities. Kernels in modern GNU/Linux distributions are compiled with support for automount. You just have to install the user land utilities: install the following packages {{{autofs-ldap ldap-utils}}} (see InstallingSoftware). If you plan to only use flat files configuration, you do not need to install the {{{autofs-ldap }}} package: installation is described in [[Autofs]] howto. = Configuration = Configuring LDAP automount consists of several parts: * configure openldap server to load the autofs-ldap schema * entering LDAP entries for defining mountpoints * entering LDAP entries for defining directories * defining on the client to use LDAP for automount configuration This guide presumes you've already set up an LDAP server and are familiar with ldap-utils (ldapmodify, ldapadd, etc). == On the server == When you install autofs-ldap, it puts a copy of the schema in {{{/etc/ldap/schema/autofs-ldap.schema}}}. Copy the file to the same directory on your server. Your next step will depend on whether your LDAP server is configured with slapd.conf (older LDAP versions) or with {{{cn=config}}} database entries (the newer, "correct" way). Note: Autofs actually supports three different schemas for LDAP. This walk-through assumes the one that ships with the Ubuntu distribution of autofs-ldap. The steps are the same but your LDAP entries will depend on which you use. The three different schemas are covered in some detail on [[http://sadiquepp.blogspot.com/2009/02/how-to-configure-autofs-maps-in-ldap.html|this blog]]. === With slapd.conf === Add the following to your {{{/etc/ldap/slapd.conf}}} file: {{{ #Schema and objectClass definitions include /etc/ldap/schema/autofs.schema }}} The {{{autofs.schema}}} line must be inserted after {{{core.schema}}} and {{{cosine.schema}}} Now restart the slapd service: {{{ sudo /etc/init.d/slapd restart }}} Or with [[Upstart]]: {{{ sudo service slapd restart }}} === With cn=config === The autofs-ldap.schema file needs to be converted to LDIF format. You can do this with the '''slapcat''' utility as described in the [[OpenLDAPServer]] guide, or you can just visit https://launchpadlibrarian.net/55451730/autofs.ldif and grab this one that's already been converted (rename it autofs-ldap.ldif and put it in /etc/ldap/schema for consistency's sake). Use '''ldapadd''' to import it into the database. {{{ sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/autofs-ldap.ldif }}} (The -Y EXTERNAL option tells the server to authenticate you external to the server, as the user performing the command...in this case, root.) == Populating LDAP == In the LDAP directory, you have to enter two kinds of entries: * entry that defines the mountpoint * entry that defines the directory under a mountpoint Here is an example of LDAP entries based on the [[OpenLDAPServer]] installation. {{{ dn: ou=admin,dc=example,dc=com ou: admin objectClass: top objectClass: organizationalUnit dn: ou=automount,ou=admin,dc=example,dc=com ou: automount objectClass: top objectClass: organizationalUnit dn: ou=auto.master,ou=automount,ou=admin,dc=example,dc=com ou: auto.master objectClass: top objectClass: automountMap dn: cn=/home,ou=auto.master,ou=automount,ou=admin,dc=example,dc=com cn: /home objectClass: top objectClass: automount automountInformation: ldap:ou=auto.home,ou=automount,ou=admin,dc=example,dc=com --timeout=60 --ghost dn: ou=auto.home,ou=automount,ou=admin,dc=example,dc=com ou: auto.home objectClass: top objectClass: automountMap dn: cn=lionel,ou=auto.home,ou=automount,ou=admin,dc=example,dc=com cn: lionel objectClass: top objectClass: automount automountInformation: -fstype=nfs,rw,hard,intr,nodev,exec,nosuid,rsize=8192,wsize=8192 nfs.example.com:/export/home/lionel }}} Save your map to a .ldif file and add it with '''ldapadd''' (depending on your database's ACL you might have to authenticate as your admin user instead of using the external option). {{{ sudo ldapadd -D cn=admin,dc=example,dc=com -W -f automounttree.ldif }}} Some notes: * You need {{{ObjectClass: automountMap}}} in every ou: auto.x entry. This was always required, but autofs version 4 let you get away with having the objectClass of maps be organizationalUnit. Autofs5 does not. If you upgraded from v4 to v5 and your LDAP mappings stop working, this might be one reason why. You'll have to delete your old entries and their children and replace them with the corrected ones. * The {{{ou: admin}}} group is optional, and could be named anything else (something you may wish to do if you want to avoid confusion with, say, the LDAP admin user). == On the client == There are three files you need to concern yourself with: * /etc/default/autofs * /etc/autofs_ldap_auth.conf * /etc/nsswitch.conf === /etc/default/autofs === Open up {{{/etc/default/autofs}}} and read it though. Some of the entries are explained in more detail in {{{man auto.master}}}. What follows are the minimal settings to get autofs talking to your LDAP tree. {{{ MASTER_MAP_NAME="ou=auto.master,ou=automount,ou=admin,dc=example,dc=com" }}} You could write this in the form {{{//servername/ou=auto.master}}}... instead; without it autofs will check nsswitch for the server location, which is fine. {{{ LOGGING="verbose" }}} Be sure to uncomment it. Log output goes to {{{var/log/syslog}}} You can set it back to its default later but for now you really want it on. Use "debug" instead for even more detailed output. {{{ LDAP_URI="ldap://192.168.x.x" }}} The address of your LDAP server. Use ldaps:// if your setup calls for it, though you may wish to test that everything else works before adding encryption into the mix. {{{ SEARCH_BASE="ou=automount,ou=admin,dc=example,dc=com" }}} Where in the tree autofs should look for auto.master {{{ # Define the LDAP schema to used for lookups # # If no schema is set autofs will check each of the schemas # below in the order given to try and locate an appropriate # basdn for lookups. If you want to minimize the number of # queries to the server set the values here. # # (...) # MAP_OBJECT_CLASS="automountMap" ENTRY_OBJECT_CLASS="automount" MAP_ATTRIBUTE="ou" ENTRY_ATTRIBUTE="cn" VALUE_ATTRIBUTE="automountInformation" }}} If using a different schema, uncomment the one that applies to you. === autofs_ldap_auth.conf === The contents of this file will vary greatly depending on your LDAP and NFS setup. You should read {{{man autofs_ldap_auth.conf}}} for a full description. The default config looks like this: {{{ }}} This is sufficient for many "basic" configurations, allowing reads without any extra authentication. TLS users will want to change the {{{usetls}}} and (if applicable) the {{{tlsrequired}}} entries to "yes". If you are using your own Certificate Authority to sign your certs, you need the CA certificate installed on the client machine and it's location defined in ldap.conf (see below). If your NFS setup relies on Kerebos authentication, you need to add/change the following lines: {{{ authrequired="yes" authtype="GSSAPI" clientprinc="user1@EXAMPLE.COM" credentialcache="/tmp/krb5cc_0" }}} Change the values of clientprinc and credentialcache to match your setup. === nsswitch.conf === Lastly, you have to add the LDAP map to the automount entry of {{{/etc/nsswitch.conf}}}. Edit your {{{/etc/nsswitch.conf}}} and add the line: {{{ automount: files ldap }}} If you haven't already (and you may have for other purposes), you should also edit {{{/etc/ldap/ldap.conf}}} with the appropriate values for your LDAP server: {{{ BASE dc=example,dc=com URI ldap://ldap.example.com #If using TLS: TLS_CACERT /usr/share/ca-certificates/example.com/cacert.pem }}} = Launch = Start or restart {{{autofs}}}: {{{ sudo /etc/init.d/autofs restart }}} or {{{ sudo service autofs restart }}} Have a look in /var/log/syslog: {{{ Apr 7 12:54:44 vm-sandbox1 automount[7951]: Starting automounter version 5.0.5, master map ou=auto.master,ou=automount,ou=sysconfig,dc=tempe,dc=grindwork,dc=com Apr 7 12:54:44 vm-sandbox1 automount[7951]: using kernel protocol version 5.01 Apr 7 12:54:44 vm-sandbox1 automount[7951]: ignoring duplicate indirect mount /common Apr 7 12:54:44 vm-sandbox1 automount[7951]: mounted indirect on /common with timeout 60, freq 15 seconds Apr 7 12:54:44 vm-sandbox1 automount[7951]: ghosting enabled }}} So far, so good - it found auto.master. Try to ls or cd to your subdirectories and make sure they mount properly. If the mount is failing at any point, check the log again and see what it's complaining about. Restart autofs again after making configuration changes.