[Freeipa-users] Automounter maps

Jakub Hrozek jhrozek at redhat.com
Fri Jul 1 14:40:50 UTC 2011 

On 07/01/2011 03:48 AM, Ondrej Valousek wrote:
> Hi,
>
> On 30.06.2011 17:29, Dmitri Pal wrote:
>> Can you please rephrase? Do you mean that instead of documenting what
>> we already have or in addition to it, we should also document how to
>> configure automount with DNS?
>> Does DNS allow specifying the search base?
>> Can you please point on any doc/man page that describes how to
>> configure DNS for automount. We might add it as a reference into the
>> doc. Is this what you are looking for?
>
> First of all, I believe you guys in Redhat did a great job with the IPA.
> Why? Because with all the install scripts and the framework around it,
> you managed to integrate all services (DNS, Kerberos, LDAP) into simply
> manageable Identity management for Linux.
>
> Normal IT admin no longer has to dig various howtos in the Internet.
> Just run the install script and you get something very similar to Active
> Directory - robust and standard-based system.
>
> The key thing is for me the simplicity and the scripts around it. One
> should no longer be afraid of setting up all the services separately.
>  From the client's prospective, You already covered Kerberos
> configuration and NSS, that's fine.
>
> Because of the reasons I outlined above I also believe that the
> *ipa-client-install* script should take care of the automounter, too (or
> at least offer the autofs configuration) - and this includes everything.
>
> As a helping hand I offer my adds to your existing howtos (I have
> already checked its functionality).
>
> [root at draco etc]# cat /etc/sysconfig/autofs:
> ...
> LDAP_URI="ldap:///dc=example,dc=com"     # let the automounter discover
> LDAP server on its own
> ....
>
> [root at draco etc]# cat /etc/autofs_ldap_auth.conf
> <autofs_ldap_sasl_conf
>       usetls="no"
>       tlsrequired="no"
>       authrequired="yes"
>       authtype="GSSAPI"
>       clientprinc="host/draco.prague.s3group.com at EXAMPLE.COM"  # taken
> from klist -k
> />
>
> This is I believe the best configuration you can get for autofs. It is
> not difficult (as you can see) so the ipa-client-install script should
> be able to take care of it automatically.
>
> And finally, regarding your question - see man auto.master. The DNS SRV
> lookup ability was added there because I asked autofs maintainer Ian
> Kent from Redhat to do it and he was kind enough to implement it for us
> (he actually grabbed a piece of Samba code to make it working). If you
> feel there should be something more (like you mentioned getting the
> search base from DNS as well), talk to him, I am sure he will help you.
>
> The ldap server SRV lookup has been there for quite some time so it is
> in RHEL5/6 already.
> Thanks!
>
> Ondrej
>
>
>

I agree with Adam that there is quite a lot of possible configurations 
wrt. automount.

With that in mind, I think that it would make sense to add the above 
into the HOWTO section on freeipa.org -- do we still maintain the section?

More information about the Freeipa-users mailing list