19.9.13

Samba4 autofs with the rfc2307bis schema

Warning: DO NOT TRY THIS AT HOME. One false move and you destroy your domain. 

Intro
Samba4 comes with the NIS schema for describing automount maps. See this post for using autofs with that schema. But it is not the only schema which provides automount capabilities. 

The schemas
attributeRFC2307bisNISRFC2307 extension
map objectclassautomountMapnisMapautomountMap
entry objectclassautomountnisObjectautomount
map attributeautomountMapNamenisMapNameou
entry attributeautomountKeycncn
value attributeautomountInformationnisMapEntryautomountInformation

The W-2008 schema that comes with Samba4 does not contain the objectClass entries for either of the rfc2307 schemas. We must add them (extend) to the schema to be able to use the automount attributes. To illustrate this, I'll take a domain called hh3.site and convert an existing flat file automount setup to LDAP using an extended AD schema. The RFC2307 schemas are mutually exclusive.

Big thanks to RP over on the samba list for my sanity checks and the ldifs:) 

We have a Samba4 DC serving the domain, with a Samba4 file server called altea and a client called alcoi. In this example, the latter is being converted from flat file autofs to RFC2307bis autofs. 

Method
Working on the DC with the schema FSMO, kill all samba processes.
attr.ldif

dn: CN=automountMapName,CN=Schema,CN=Configuration,DC=hh3,DC=site
objectClass: top
objectClass: attributeSchema
attributeID: 1.3.6.1.1.1.1.31
schemaIdGuid:: SQGtFScvaoDZ8hUMHirmCw==
cn: automountMapName
name: automountMapName
lDAPDisplayName: automountMapName
description: automount Map Name
attributeSyntax: 2.5.5.5
oMSyntax: 22
isSingleValued: TRUE

dn: CN=automountKey,CN=Schema,CN=Configuration,DC=hh3,DC=site
objectClass: top
objectClass: attributeSchema
attributeID: 1.3.6.1.1.1.1.32
schemaIdGuid:: qGFH0ubAc2p2pJgxor8N7A==
cn: automountKey
name: automountKey
lDAPDisplayName: automountKey
description: Automount Key value
attributeSyntax: 2.5.5.5
oMSyntax: 22
isSingleValued: TRUE


dn: CN=automountInformation,CN=Schema,CN=Configuration,DC=hh3,DC=site
objectClass: top
objectClass: attributeSchema
attributeID: 1.3.6.1.1.1.1.33
schemaIdGuid:: WJnCqDrTLttu+RyBBWWpPQ==
cn: automountInformation
name: automountInformation
lDAPDisplayName: automountInformation
description: Automount information
attributeSyntax: 2.5.5.5
oMSyntax: 22
isSingleValued: TRUE

class.ldif

dn: CN=automountMap,CN=Schema,CN=Configuration,DC=hh3,DC=site
objectClass: top
objectClass: classSchema
governsID: 1.3.6.1.1.1.2.16
schemaIdGuid:: d51ct3yZs79jXxoAG2zfHA==
cn: automountMap
name: automountMap
lDAPDisplayName: automountMap
subClassOf: top
objectClassCategory: 3
mustContain: automountMapName
mayContain: description
defaultObjectCategory:CN=automountMap,CN=Schema,CN=Configuration,DC=hh3,DC=site

dn: CN=automount,CN=Schema,CN=Configuration,DC=hh3,DC=site
objectClass: top
objectClass: classSchema
governsID: 1.3.6.1.1.1.2.17
schemaIdGuid:: LKPdMpqFmsHw2t6Ewsj9Rw==
cn: automount
name: automount
lDAPDisplayName: automount
subClassOf: top
objectClassCategory: 3
description: Automount information
mustContain: automountKey
mustContain: automountInformation
mayContain: description
defaultObjectCategory: CN=automount,CN=Schema,CN=Configuration,DC=hh3,DC=site

These must be added as schema extensions:
ldbmodify --url=/usr/local/samba/private/sam.ldb  attr.ldif --option="dsdb:schema update allowed"=true
Repeat for class.ldif in that order. Attributes first.


Convert the flat files to LDAP syntax

Here are the existing files we want to stick in AD:

/etc/auto.master
/home/users    /etc/auto.users

/etc/auto.users
* -fstype=cifs,sec=krb5,username=cifsuser,multiuser ://altea/users/&

users.ldif

dn: OU=automount,DC=hh3,DC=site
objectClass: top
objectClass: organizationalUnit
ou: automount
name: automount

dn: ou=auto.master,ou=automount,DC=hh3,DC=site
objectClass: top
objectClass: automountMap
objectClass: organizationalUnit
ou: auto.master
name: auto.master
automountMapName: auto.master

dn: CN=/home/users,ou=auto.master,OU=automount,DC=hh3,DC=site
objectClass: top
objectClass: automount
objectClass: container
cn: /home/users
name: /home/users
automountKey: /home/users
automountInformation: auto.users

dn: ou=auto.users,ou=automount,DC=hh3,DC=site
objectClass: top
objectClass: automountMap
objectClass: organizationalUnit
ou: auto.users
name: auto.users
automountMapName: auto.users

dn: CN=*,ou=auto.users,ou=automount,DC=hh3,DC=site
objectClass: top
objectClass: automount
objectClass: container
cn: *
name: *
automountKey: *
automountInformation: -fstype=cifs,sec=krb5,username=cifsuser,multiuser ://altea/users/&

Add it to AD
ldbmodify --url=/usr/local/samba/private/sam.ldb users.ldif

sssd.conf

Make sure you have added:
services = nss, pam,autofs
[autofs]

autofs_provider = ldap
ldap_autofs_search_base = OU=automount,DC=hh3,DC=site
ldap_autofs_map_object_class = automountMap
ldap_autofs_entry_object_class = automount
ldap_autofs_map_name = automountMapName
ldap_autofs_entry_key = automountKey
ldap_autofs_entry_value = automountInformation

Don't forget your /etc/nsswitch.conf

Restart sssd and autofs

¡Ya está!