Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Ldap, Nfs And Automount
besi
post Jul 15 2004, 02:20 AM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 1
Joined: 15-July 04
Member No.: 3,345



Hi everyone!

I got a little problem with automounting the ldap-users homedirs.
Perhaps anyone of you has an idea:

On my SLOX 4.1 (as ldap-server) I use the autofs.schema for autofs 4.0.

slox-ip: 213.252.21.211
nfs-ip: 213.252.21.212
client-username: besi
client-os: suse 9.1 pro
------------
My ldap-entries are as follows:

dn: ou=auto.master,dc=sirlsped,dc=com
objectClass: top
objectClass: automountMap
ou: auto.master

dn: cn=/home,ou=auto.master,dc=sirlsped,dc=com
objectClass: top
objectClass: automount
cn: /home
automountinformation: ldap:213.252.21.211:ou=auto.home,dc=sirlsped,dc=com

dn: ou=auto.home,dc=sirlsped,dc=com
objectClass: top
objectClass: automountMap
ou: auto.home

dn: cn=besi,ou=auto.home,dc=sirlsped,dc=com
objectClass: top
objectClass: automount
cn: besi
automountinformation: -fstype=nfs,hard,intr,nodev,nosuid
213.252.21.212:/home/exports/besi
-------------
My nnswitch.conf looks like that:
passwd: compat
group: compat
automount: ldap
passwd_compat: ldap
group_compat: ldap
----------------------------
The ldap.conf on the client machine looks like that:
host sirloxs.sirlsped.com (which has the ip 213.252.21.211)
base dc=sirlsped,dc=com
----------------------------
The exports-file on the nfs looks like that:
/home/exports 213.252.21.0/255.255.255.0(rw,async) *.sirlsped.com/rw,async)
----------------------------
The hosts.allow-file on the nfs looks like that:
portmap: 213.252.21.0/255.255.255.0
mountd: 213.252.21.0/255.255.255.0
-----------------------------
Now when I login as 'besi' on the client machine, kde cannot start because
it cannot find the homedir for th user.
But when I login as root, mount the homedir like this:
automount /home ldap 213.252.21.211:cn=besi,ou=auto.home,dc=sirlsped,dc=com
it mounts the directory and i can change user to 'besi'. But when I reboot
the client and want to login in as 'besi' again, the automount doent work
again.

Any ideas, what could be wrong?

FYI: my slapd.conf looks like this:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/dnszone.schema
include /etc/openldap/schema/dhcp.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/suse-email-server.schema
include /etc/openldap/schema/autofs.schema

# Define global ACLs to disable default read access.
access to *
by peername="ip=127.0.0.1" read
by peername="ip=213.252.21" read
by peername="ip=213.252.21" auth
by peername="ip=213.252.21" write
by users read
by * none

#
# Check, if entries will match to db
#
schemacheck on

loglevel 0
sizelimit 1000
#threads 32

pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
password-hash {crypt}

TLSCertificateFile /etc/ssl/certs/cert.pem
TLSCertificateKeyFile /etc/ssl/certs/skey.pem
TLSCACertificateFile /etc/ssl/CA/usedCA.pem

#######################################################################
# ldbm database definitions
#######################################################################

# ******************************* System Backend **********************
database ldbm
cachesize 30000
directory /var/lib/ldap
lastmod on
mode 0600

suffix "dc=sirlsped,dc=com"
rootdn "uid=cyrus,dc=sirlsped,dc=com"

# ******************************* System Backend **********************

#
# cleartext passwords, especially for the rootdn,
# should be avoid. See slapd.conf(5) for details.

# Don't put all your energy in a senseless searching
#
index uid,fn,memberuid,gidnumber,alias,relayClientcert eq
index objectclass,uidnumber,mailenabled,relativeDomainName eq
index
zoneName,vaddress,reject,comFireGroupID,smtpDomain,MTALocaldomain eq
index cn,sn,givenname eq,sub

# Access controll
#

# Private AddressBook
access to dn="ou=addr,uid=(.*),dc=sirlsped,dc=com"
by dn="uid=$1,dc=sirlsped,dc=com" write
by peername="ip=213.252.21" write
by * none

# allow rootDSE queries
access to dn=""
by peername="ip=213.252.21" read
by * read

# To let PAM authenticate
access to attr=userpassword
by self write
by peername="ip=213.252.21" auth
by peername="ip=213.252.21" read
by anonymous auth
by * none

access to attr=shadowLastChange
by self write
by peername="ip=213.252.21" read
by * read

# only the Admin is allowed to change the members of the addressadmins group
access to dn.base="cn=AddressAdmins,o=AddressBook,dc=sirlsped,dc=com"
by users read
by * none

# only the members of the AddressAdmins group are allowed to write to the
# Public Address Book
access to dn.subtree="o=AddressBook,dc=sirlsped,dc=com"
by group="cn=AddressAdmins,o=AddressBook,dc=sirlsped,dc=com" write
by peername="ip=213.252.21" write
by users read
by * none

# handle write access to the personal data (system address book)
# - first look at the OpenLDAPaci attribute
# - if that doesn't exist or the user-dn is not in the subject clause,
# give write access to the owner of the entry and read acces to anyone else
access to dn="uid=[^,]+,dc=sirlsped,dc=com"
attr=c,cn,telephoneNumber,facsimileTelephoneNumber,pager,title,givenname,sn,l,de
scription,mail,street,postalCode,st,homePhone,ou,initials,mobile,labeledURI,SuSET
imeZone,faxDID,smsDID,printID,birthDay,jpegphoto,logindestination,entry,objectcla
ss
by aci write break
by self write
by users read
by peername="ip=213.252.21" write
by peername="ip=127.0.0.1" read
by * none

# if the above break statement is reached add read access for everyone
access to dn="uid=[^,]+,dc=sirlsped,dc=com"
attr=c,cn,telephoneNumber,facsimileTelephoneNumber,pager,title,givenname,sn,l,de
scription,mail,street,postalCode,st,homePhone,ou,initials,mobile,labeledURI,SuSET
imeZone,faxDID,smsDID,printID,birthDay,jpegphoto,logindestination,entry,objectcla
ss
by users +rsc
by peername="ip=127.0.0.1" +rsc
by peername="ip=213.252.21" +rsc
by * none

access to dn="uid=[^,]+,dc=sirlsped,dc=com"
attr=comFireTaskDays,comFireAppointmentDays,FUMSClientConfig,preferredLanguage,u
serPKCS12
by self write
by peername="ip=127.0.0.1" write
by peername="ip=213.252.21" read
by * none

access to attr=lmPassword,ntPassword
by peername="ip=213.252.21" read
by * none

allow bind_v2 bind_anon_dn
----------------
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 11th December 2017 - 06:33 AM