The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
If you have configured an automount map for
auto.home
in LDAP, you can configure an
LDAP client to mount the users' home directories when they log
in.
To configure an LDAP client to automount users' home directories:
Install the
autofs
package:#
yum install autofs
Verify that the
auto.home
map is available :#
ldapsearch -LLL -x -b "dc=mydom,dc=com" nisMapName=auto.home
dn: nisMapName=auto.home,dc=mydom,dc=com objectClass: top objectClass: nisMap nisMapName: auto.home dn: cn=*,nisMapName=auto.home,dc=mydom,dc=com objectClass: nisObject cn: * nisMapEntry: -rw,sync nfssvr.mydom.com:/nethome/& nisMapName: auto.homeIn this example, the map is available. For details of how to make this map available, see Section 23.4.6, “Adding an Automount Map to LDAP”.
If the
auto.home
map is available, edit/etc/auto.master
and create an entry that tellsautofs
where to find theauto.home
map in LDAP, for example:/nethome ldap:nisMapName=auto.home,dc=mydom,dc=com
If you use LDAP over SSL, specify
ldaps:
instead ofldap:
.Edit
/etc/autofs_ldap_auth.conf
and configure the authentication settings forautofs
with LDAP, for example:<autofs_ldap_sasl_conf usetls="yes" tlsrequired="no" authrequired="autodetect" authtype="GSSAPI" clientprinc="
host/ldapclient.mydom.com@MYDOM.COM
" />This example assumes that Kerberos authentication with the LDAP server uses TLS for the connection. The principal for the client system must exist in the Kerberos database. You can use the klist -k command to verify this. If the principal for the client does not exist, use kadmin to add the principal.
If you use Kerberos Authentication, use kadmin to add a principal for the LDAP service on the LDAP server, for example:
#
kadmin -q "addprinc
ldap/ldap.mydom.com@MYDOM.COM
Restart the
autofs
service, and configure the service to start following a system reboot:#
service autofs restart
#chkconfig autofs on
The
autofs
service creates the directory/nethome
. When a user logs in, the automounter mounts his or her home directory under/nethome
.If the owner and group for the user's files are unexpectedly listed as the anonymous user or group (
nobody
ornogroup
) andall_squash
has not been specified as a mount option, verify that theDomain
setting in/etc/idmapd.conf
on the NFS server is set to the DNS domain name. Restart the NFS services on the NFS server if you change this file.
For more information, see the
auto.master(5)
and
autofs_ldap_auth.conf(5)
manual pages.