Re: Autmount issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2015-05-28 at 09:46 +0800, Ian Kent wrote:
> On Thu, 2015-05-28 at 10:00 +1000, Sohnaeo wrote:
> > Hi Ian,
> > 
> > Thanks heaps looking further into this. We do have only one master map
> > which is auto_home. You are right about auto_master, in fact in my
> > LDAP server there was only auto_home but somehow Linux ldap client
> > always looking for auto_master so I had to create auto_master and
> > create a entry in it but then I hit syntax error. But anyways I
> > reverted back to auto_home and fix things in autofs.conf and it looks
> > much better now but still having syntax error. I try again to provide
> > you as much as information as I can.
> 
> I don't think you understand the difference between the master map and
> the maps that it refers to.
> 
> You need to look at the example maps I mentioned in the beginning.
> 
> The master map defines autofs managed mount points and specifies the map
> they use.
> 
> There are other cases but I'm only going to describe a simple master map
> with one entry that refers to an indirect map with three entries.
> 
> For example:
> 
> Create an ldap object to contain master map entries (one ldap container
> entry is needed for each distinct map, a master map in this case):
> 
> dn: automountMapName=auto_master,dc=themaw,dc=net
> objectClass: top
> objectClass: automountMap
> automountMapName: auto_master
> 
> Create ldap objects for each master map entry (only one entry in this
> example):
> 
> dn: description=/ldap, automountMapName=auto_master,dc=themaw,dc=net
> objectClass: top
> objectClass: automount
> automountKey: /ldap
> automountInformation: auto_indirect
> description: /ldap
> 
> These entries are equivalent to this in a file based master map (such
> as /etc/auto_master):
> 
> /ldap               auto_indirect
> 
> Note: the first field, the key, is always an absolute path in the master
> map (except for direct map entries, but I digress).
> 
> Then create an ldap object to contain the map entries for each map
> referred to in the master map (only one in this example,
> auto_indirect): 
> 
> dn: automountMapName=auto_indirect,dc=themaw,dc=net
> objectClass: top
> objectClass: automountMap
> automountMapName: auto_indirect
> 
> Create ldap objects for each entry in the given map (auto_indirect with
> three map entries in this case):
> 
> dn: automountKey=bin,automountMapName=auto_indirect,dc=themaw,dc=net
> objectClass: top
> objectClass: automount
> automountKey: bin
> automountInformation:   budgie:/usr/local/bin
> 
> dn: automountKey=etc,automountMapName=auto_indirect,dc=themaw,dc=net
> objectClass: top
> objectClass: automount
> automountKey: etc
> automountInformation:   budgie:/usr/local/etc
> 
> dn: automountKey=lib,automountMapName=auto_indirect,dc=themaw,dc=net
> objectClass: top
> objectClass: automount
> automountKey: lib
> automountInformation:   budgie:/usr/local/lib
> 
> These entries are equivalent to this in a file based indirect
> map, /etc/auto_indirect:
> 
> bin           budgie:/usr/local/bin
> etc           budgie:/usr/local/etc
> lib           budgie:/usr/local/lib
> 
> Note that the first field is a single path component only without any
> path component separators (again different for direct maps, but we
> aren't talking about them here).
> 
> > 
> > 
> > LDAP Server:
> > -----------------
> > 
> > dn: automountMapName=auto_home,dc=drivess,dc=rtaa
> > aci: (target = ldap:///automountMapName=auto_home,dc=drivess,dc=rtaa)
> > (targetscope = subtree) (targetattr="*") (version 3.0; acl "Adding
> > automount"; allow (all, import, export, proxy) (userdn = "ldap:///all";
> > or userdn = "ldap:///self"; or userdn =
> > "ldap:///cn=proxyagent,ou=profile,dc=drivess,dc=rtaa";) ;)
> > automountmapname: auto_home
> > objectclass: top
> > bjectclass: automountMap
> 
> Assuming "bjectclass" is a typo.
> 
> Given the above description this is not a master map, it's a container
> for the map auto_home.
> 
> > 
> > 
> > dn: automountkey=ahmedf,automountMapName=auto_home,dc=drivess,dc=rtaa
> > automountinformation: nfs-cluster:/san/users/cmes/ahmedf
> > automountkey: ahmedf
> > objectclass: top
> > objectclass: automount
> 
> And this is a map entry belonging to auto_home.
> 
> You've not provided any master map ldap objects so I have no idea how
> the above entries can be used but see below as it might become clear ...
> 
> > 
> > 
> > Linux client
> > ----------------
> 
> Judging by the Solaris configuration below (and assuming it also has
> "automount: files ldap" in /etc/nsswitch.conf you might have more
> success with ...
> 
> > 
> > autofs.conf
> > 
> > [ autofs ]
> > master_map_name = "ldap://x.x.x.x/automountMapName=auto_home,dc=drivess,dc=rtaa";
> 
> Set this to auto_master and ensure /etc/auto_master exists so that the
> "files" nsswitch source is used for the master map.
> 
> > ldap_uri = "ldap://x.x.x.x";
> > search_base = "automountMapName=auto_home,dc=drivess,dc=rtaa
> 
> It's usually better to put the server address and ldap base
> in /etc/openldap/ldap.conf.
> 
> In this case it should be:
> BASE   dc=drivess,dc=rtaa
> URI   ldap://x.x.x.x
> 
> > map_object_class = automountMap
> > entry_object_class = automount
> > map_attribute = automountMapName
> > entry_attribute = automountKey
> > value_attribute= automountInformation
> 
> If you create the ldap entries as described Linux should be able to work
> this out automatically and I believe Solaris should still function.
> 
> > auth_conf_file = /etc/autofs_ldap_auth.conf
> 
> 
> > normalize_slashes = "yes"
> > ldap_base = "dc=drivess,dc=rtaa"
> > ldap_base = "ldap://x.x.x.x/automountMapName=auto_home,dc=drivess,dc=rtaa";
> 
> There's no such configuration options as normalize_slashes or ldap_base
> in the [ autofs ] section of the configuration (ie. Sun format maps).
> They are only valid in the [ amd ] section (ie. for amd format maps).
> 
> > [ amd ]
> > 
> >  map_type = ldap
> 
> AFAICT you aren't using amd format maps so this is not used.
> 
> Now create /etc/auto_master as:
> +auto_master
> /net            -hosts          -nosuid,nobrowse,hard,intr
> /home           auto_home       -nobrowse,hard,intr
> 
> or as:
> 
> /net            -hosts          -nosuid,nobrowse,hard,intr
> /home           auto_home       -nobrowse,hard,intr
> +auto_master
> 
> depending on whether you want to be able to override the file based
> master map entries for /net or /home, in the former case, or override
> master map ldap entries (if they exist) for the later case.
> 
> Ensure that /etc/auto_home does not exist so that the nsswitch.conf
> entry "automount: files ldap" will not find a local auto_home and will
> then look to ldap and should find the ldap auto_home map entries.
> 
> This approach is I think common on Solaris installs since it fits easily
> with the default install.
> 
> Note that IIUC there's no ldap auto_master in your case so the plus map
> inclusion of the master map ("+auto_master") will not find anything as
> the "files" nsswitch source is skipped because plus map inclusion is
> only allowed in file based maps.

One more thing.

I recommended setting master_map_name to auto_master in the Linux autofs
configuration. That's is purely so that you can use the same map names
everywhere, auto_master and auto_home in this case. If you later add
master map entries to ldap for auto_master then you'll already have the
same names on Solaris and Linux clients so all should work ok. Also all
clients will be consistent so anyone looking around will be able to
relate to the same names everywhere.

> 
> > 
> > 
> > [root@splunk-tst ~]# automount -m
> > lookup_nss_read_master: reading master ldap
> > //x.x.x.x/automountMapName=auto_home,dc=drivess,dc=rtaa
> > parse_server_string: lookup(ldap): Attempting to parse LDAP
> > information from string
> > "ldap://x.x.x.x/automountMapName=auto_home,dc=drivess,dc=rtaa";.
> > parse_server_string: lookup(ldap): server "ldap://x.x.x.x/";, base dn
> > "automountMapName=auto_home,dc=drivess,dc=rtaa"
> > parse_ldap_config: lookup(ldap): ldap authentication configured with
> > the following options:
> > parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0,
> > auth_required: 1, sasl_mech: (null)
> > parse_ldap_config: lookup(ldap): user: (null), secret: unspecified,
> > client principal: (null) credential cache: (null)
> > parse_init: parse(sun): init gathered global options: (null)
> > spawn_mount: mtab link detected, passing -n to mount
> > spawn_umount: mtab link detected, passing -n to mount
> > do_bind: lookup(ldap): auth_required: 1, sasl_mech (null)
> > do_bind: lookup(ldap): ldap simple bind returned 0
> > get_query_dn: lookup(ldap): found query dn
> > automountMapName=auto_home,dc=drivess,dc=rtaa
> > lookup_read_master: lookup(ldap): searching for
> > "(objectclass=automount)" under
> > "automountMapName=auto_home,dc=drivess,dc=rtaa"
> > lookup_read_master: lookup(ldap): examining entries
> > syntax error in map near [ adels nfs-cluster: ]
> > syntax error in map near [ san ]
> > syntax error in map near [ users ]
> > syntax error in map near [ ad ]
> > syntax error in map near [ soma ]
> > 
> > 
> > 
> > [root@splunk-tst ~]# more /etc/nsswitch.conf|grep autom
> > automount:  files ldap
> > 
> > 
> > 
> > Working through auto.home on Linux clients
> > ===============================
> > 
> > [root@splunk-tst ~]# more /etc/autofs.conf |grep auto.master
> > 
> > master_map_name = auto.master
> > 
> > 
> > I can make it work through auto.master like below but I wanted to
> > mount the users home directory via LDAP automount
> > 
> > [root@splunk-tst ~]# more /etc/auto.master
> > /home /etc/auto.home
> > /net  -hosts
> > +auto.master
> > 
> > [root@splunk-tst ~]# more /etc/auto.home
> > * -fstype=nfs,rw nfs-cluster:/san/users/cmes/& \
> >                  nfs-cluster:/san/users/techdev/& \
> >                  nfs-cluster:/san/users/ad/& \
> >                  nfs-cluster:/san/users/systest/&
> > 
> > 
> > [root@splunk-tst ~]# cat /etc/mtab |grep autofs
> > systemd-1 /proc/sys/fs/binfmt_misc autofs
> > rw,relatime,fd=34,pgrp=1,timeout=300,minproto=5,maxproto=5,direct 0 0
> > /etc/auto.home /home autofs
> > rw,relatime,fd=7,pgrp=10163,timeout=300,minproto=5,maxproto=5,indirect
> > 0 0
> > -hosts /net autofs
> > rw,relatime,fd=13,pgrp=10163,timeout=300,minproto=5,maxproto=5,indirect
> > 0 0
> > 
> > 
> > 
> > Solaris Client
> > --------
> > 
> > I can login as LDAP user and my home directory mounted in right way
> > through automount
> > 
> > asqcsat:/ # more /etc/auto_master
> > 
> > +auto_master
> > /net            -hosts          -nosuid,nobrowse,hard,intr
> > /home           auto_home       -nobrowse,hard,intr
> > 
> > asqcsat:/ # more /etc/auto_home
> > 
> > +auto_home
> > 
> > On Wed, May 27, 2015 at 9:10 PM, Ian Kent <raven@xxxxxxxxxx> wrote:
> > > On Wed, 2015-05-27 at 17:38 +1000, Sohnaeo wrote:
> > >> Hi Ian,
> > >>
> > >> Here is the mnttab of Solaris client
> > >>
> > >> asqcsat:/ # cat /etc/mnttab |grep autofs
> > >
> > > So there is no auto_master references here so why does your ldap entry
> > > say it belongs to auto_master?
> > >
> > > Perhaps you load the master map from a file, what's in /etc/auto_master?
> > >
> > >>
> > >> -hosts  /net    autofs
> > >> nosuid,indirect,ignore,nobrowse,zone=asqcsat,dev=5340047
> > >> 1430995592
> > >> auto_home       /home   autofs
> > >> nodevices,indirect,ignore,nobrowse,zone=asqcsat,dev=5340048
> > >> 1430995592
> > >
> > > I'd think the ldap entry you mentioned would belong to this indirect
> > > mount map, auto_home and not auto_master.
> > >
> > >> -hosts  /net/nfs-cluster/san    autofs
> > >> nosuid,ignore,nest,nobrowse,zone=asqcsat,dev=5340061    1430995660
> > >> -hosts  /net/nfs-cluster/san/sys        autofs
> > >> nosuid,ignore,nest,nobrowse,zone=asqcsat,dev=5340062    1430995660
> > >> -hosts  /net/nfs-cluster/san/www        autofs
> > >> nosuid,ignore,nest,nobrowse,zone=asqcsat,dev=5340063    1430995660
> > >> -hosts  /net/nfs-cluster/san/appl       autofs
> > >> nosuid,ignore,nest,nobrowse,zone=asqcsat,dev=5340064    1430995660
> > >> -hosts  /net/nfs-cluster/san/gen85      autofs
> > >> nosuid,ignore,nest,nobrowse,zone=asqcsat,dev=5340065    1430995660
> > >> -hosts  /net/nfs-cluster/san/nottn      autofs
> > >> nosuid,ignore,nest,nobrowse,zone=asqcsat,dev=5340066    1430995660
> > >> -hosts  /net/nfs-cluster/san/model      autofs
> > >> nosuid,ignore,nest,nobrowse,zone=asqcsat,dev=5340067    1430995660
> > >> -hosts  /net/nfs-cluster/san/users      autofs
> > >> nosuid,ignore,nest,nobrowse,zone=asqcsat,dev=5340068    1430995660
> > >> -hosts  /net/nfs-cluster/san/project    autofs
> > >> nosuid,ignore,nest,nobrowse,zone=asqcsat,dev=5340069    1430995660
> > >> -hosts  /net/nfs-cluster/san/workdmp    autofs
> > >> nosuid,ignore,nest,nobrowse,zone=asqcsat,dev=534006a    1430995660
> > >> -hosts  /net/nfs-cluster/san/repository autofs
> > >> nosuid,ignore,nest,nobrowse,zone=asqcsat,dev=534006b    1430995660
> > >
> > > Right, a few host map entries have been accessed by the look of it.
> > >
> > >>
> > >> Users home directories are on NFS, path is nfs-cluster:/san/users/
> > >
> > > Yes but the ldap entry below doesn't quite match that either.
> > >
> > >>dn: automountkey=ahmedf,automountMapName=auto_master,dc=drivess,dc=rtaa
> > >
> > > So the automountMapName possibly should be auto_home but ...
> > >
> > >>automountinformation: nfs-cluster:/san/users/cmes/ahmedf
> > >
> > > the key should be cmes and not ahmedf or perhaps the
> > > automountInformation should be nfs-cluster:/san/users/ahmedf
> > > but I don't know what your trying to achieve and I don't know what else
> > > you have in ldap.
> > >
> > >>automountkey: ahmedf
> > >>objectclass: top
> > >>objectclass: automount
> > >
> > > What do you have in /etc/nsswitch.conf?
> > > Presumably it's "automount: files ldap" or "automount: ldap", I can't
> > > tell from this.
> > >
> > > In any case Linux autofs is not tolerant of configurations that aren't
> > > quite right and won't just ignore them as Solaris seems to do in some
> > > cases. Perhaps this is the source of the problem.
> > >
> > > Really, putting map entries in what should be the master map is the
> > > wrong thing to do and will lead to even more confusion later. For
> > > example, what if you have two distinct indirect maps that have some keys
> > > of the same name but point to different mount locations, how will the
> > > key lookup work out which key belongs to what map?
> > >
> > > Even if putting them in the master map ldap object works I recommend
> > > separating them to be under specific map object holders as is seen in
> > > the example I originally pointed you at. It will be much easier to
> > > maintain, especially if your maps grow over time (as most do).
> > >
> > >>
> > >> Regards,
> > >>
> > >> Farhan
> > >>
> > >>
> > >> On Wed, May 27, 2015 at 1:55 PM, Ian Kent <raven@xxxxxxxxxx> wrote:
> > >> > On Wed, 2015-05-27 at 10:07 +0800, Ian Kent wrote:
> > >> >> On Tue, 2015-05-26 at 16:31 +1000, Sohnaeo wrote:
> > >> >> > Hello Ian,
> > >> >> >
> > >> >> > Thank you very much for looking into this. Solaris clients didn't have
> > >> >> > any issue with the existing master map. In my environment, I do have
> > >> >> > 99% Solaris clients and I don't want to change master map for few
> > >> >> > Linux clients. below is the auto_master map on Sun Directory Server
> > >> >> >
> > >> >> > dn: automountkey=ahmedf,automountMapName=auto_master,dc=drivess,dc=rtaa
> > >> >> > automountinformation: nfs-cluster:/san/users/cmes/ahmedf
> > >> >> > automountkey: ahmedf
> > >> >> > objectclass: top
> > >> >> > objectclass: automount
> > >> >>
> > >> >> I don't see how that could work, it's not a master map entry, it's a map
> > >> >> entry.
> > >> >>
> > >> >> The problem with this entry is it doesn't provide the information about
> > >> >> what indirect mount this key belongs to?
> > >> >>
> > >> >> You'll need to give me more info about what's in ldap and what the
> > >> >> mounts look like after automount is started on Solaris.
> > >> >>
> > >> >> Start autofs on an idle system, do nothing else, and post the contents
> > >> >> of /etc/mnttab (assuming that hasn't changed over the years since I
> > >> >> worked on Solaris systems). If there are obvious things you don't want
> > >> >> people to see in it then delete those lines but don't delete autofs
> > >> >> related lines.
> > >> >
> > >> > And what path do you use to cause this entry to mount?
> > >> >
> > >> >>
> > >> >> If you want you could log a bug at bugzilla.redhat.com and have it made
> > >> >> private to so the information isn't available to people not included on
> > >> >> the cc list or allowed groups.
> > >> >>
> > >> >> >
> > >> >> >
> > >> >> > I am clueless.
> > >> >> >
> > >> >> > On Thu, May 21, 2015 at 4:41 PM, Ian Kent <raven@xxxxxxxxxx> wrote:
> > >> >> > > On Thu, 2015-05-21 at 12:42 +1000, Sohnaeo wrote:
> > >> >> > >> Hello Guys,
> > >> >> > >>
> > >> >> > >> I am having an issue with the autofs/automount on Cent OS 7, below is the detail
> > >> >> > >>
> > >> >> > >> LDAP Server
> > >> >> > >>
> > >> >> > >>
> > >> >> > >> Solaris 10
> > >> >> > >> Sun Directory Server 6.2
> > >> >> > >>
> > >> >> > >>
> > >> >> > >> LDAP Client
> > >> >> > >>
> > >> >> > >>
> > >> >> > >> CentOS 7
> > >> >> > >>
> > >> >> > >> OpenLdap
> > >> >> > >>
> > >> >> > >>
> > >> >> > >> I issued the below command to enable LDAP authetication. LDAP users
> > >> >> > >> can successfully authenticated now on CentOs
> > >> >> > >>
> > >> >> > >>  authconfig --enableldap --enableldapauth --ldapserver=x.x.x.x
> > >> >> > >> --ldapbasedn=dc=drivess,dc=rtta --disablemkhomedir --update
> > >> >> > >>
> > >> >> > >> But somehow users home directories can't be mounted through autofs.
> > >> >> > >> Below is my autofs.conf file
> > >> >> > >>
> > >> >> > >>  autofs
> > >> >> > >> master_map_name = ldap://xxxxx/automountMapName=auto_master,dc=drivess,dc=rtaa
> > >> >> > >> mount_nfs_default_protocol = 3
> > >> >> > >> logging = debug
> > >> >> > >> ldap_uri = "ldap://x.x.x.x";
> > >> >> > >> search_base = "automountMapName=auto_master,dc=drivess,dc=rtaa"
> > >> >> > >> map_object_class = automountMap
> > >> >> > >> entry_object_class = automount
> > >> >> > >> map_attribute = automountMapName
> > >> >> > >> entry_attribute = automountKey
> > >> >> > >> value_attribute= automountInformation
> > >> >> > >> auth_conf_file = /etc/autofs_ldap_auth.conf
> > >> >> > >> map_type = ldap
> > >> >> > >>
> > >> >> > >> When I run the below command , it throws an error
> > >> >> > >>
> > >> >> > >> automount -m
> > >> >> > >> get_query_dn: lookup(ldap): found query dn
> > >> >> > >> automountMapName=auto_master,dc=drivess,dc=rtaa
> > >> >> > >> lookup_read_master: lookup(ldap): searching for
> > >> >> > >> "(objectclass=automount)" under
> > >> >> > >> "automountMapName=auto_master,dc=drivess,dc=rtaa"
> > >> >> > >> lookup_read_master: lookup(ldap): examining entries
> > >> >> > >> syntax error in map near  ahmedf nfs-cluster:
> > >> >> > >>
> > >> >> > >> Below is ldapsearch command result
> > >> >> > >>   ldapsearch -x -b 'automountMapName=auto_master,dc=drivess,dc=rtaa'
> > >> >> > >> "(objectClass=automountMap)"
> > >> >> > >>
> > >> >> > >> dn: automountMapName=auto_master,dc=drivess,dc=rtaa
> > >> >> > >> automountMapName: auto_master
> > >> >> > >> objectClass: top
> > >> >> > >> objectClass: automountMap
> > >> >> > >>
> > >> >> > >>  ldapsearch -x -b
> > >> >> > >> 'automountkey=ahmedf,automountMapName=auto_master,dc=drivess,dc=rtaa
> > >> >> > >> dn: automountkey=ahmedf,automountMapName=auto_master,dc=drivess,dc=rtaa
> > >> >> > >> automountInformation: nfs-cluster:/san/users/cmes/ahmedf
> > >> >> > >> automountKey: ahmedf
> > >> >> > >> objectClass: automount
> > >> >> > >> objectClass: top
> > >> >> > >>
> > >> >> > >> In short, automountInformation is nfs-cluster:/san/users/cmes/ahmedf
> > >> >> > >> but somehow autmount is complaining "syntax error in map near [ ahmedf
> > >> >> > >> nfs-cluster: ]"
> > >> >> > >
> > >> >> > > That's telling you that your master map is not right.
> > >> >> > >
> > >> >> > >>
> > >> >> > >>
> > >> >> > >> Any ideas?
> > >> >> > >
> > >> >> > > Have a look at the example in /usr/share/doc/autofs:
> > >> >> > > ldap-automount-rfc2307-bis-auto.master
> > >> >> > > ldap-automount-rfc2307-bis-auto.indirect
> > >> >> > > ldap-automount-rfc2307-bis-auto.direct
> > >> >> > >
> > >> >> > > For the indirect mount case above you need master map ldap entries that
> > >> >> > > contain an entry that specifies the indirect mount mount point and the
> > >> >> > > map where the entries for that mount point are stored.
> > >> >> > >
> > >> >> > > Ian
> > >> >> > >
> > >> >> > >
> > >> >> > >
> > >> >>
> > >> >>
> > >> >> --
> > >> >> To unsubscribe from this list: send the line "unsubscribe autofs" in
> > >> >> the body of a message to majordomo@xxxxxxxxxxxxxxx
> > >> >> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > >> >
> > >> >
> > >
> > >
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe autofs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


--
To unsubscribe from this list: send the line "unsubscribe autofs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Filesystem Development]     [Linux Ext4]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux