Samba4 autofs I

*** Update: Want to automount using the modern rfc2307bis schema? See this post.

Samba4 uses Microsoft's 2008 AD schema and so has all the classes and attributes we need to automount cifs in Linux. Despite what the pros will tell you, there is NO NEED to extend the schema. Out of the box it has the NIS schema. If you are brave however, you may wish to try one of the other schemas.

The Schemas
attributeRFC2307bisNISRFC2307 extension
map objectclassautomountMapnisMapautomountMap
entry objectclassautomountnisObjectautomount
map attributeautomountMapNamenisMapNameou
entry attributeautomountKeycncn
value attributeautomountInformationnisMapEntryautomountInformation

To illustrate this, I'll take a domain called hh3.site and convert an existing flat file automount setup to LDAP. 

We have a Samba4 DC serving the domain, with a Samba4 file server called altea and a client called catral. In this example, the latter is being converted from flat file autofs to AD autofs. 

To go from this:
/home/users /etc/auto.users
* -fstype=cifs,sec=krb5,username=cifsuser, multiuser ://altea/users/&

.  .  .to LDAP that AD can understand

1. Prepare the container

dn: CN=defaultMigrationContainer30,DC=hh3,DC=site

objectClass: top
objectClass: container
cn: defaultMigrationContainer30
distinguishedName: CN=defaultMigrationContainer30,DC=hh3,DC=site
instanceType: 4
showInAdvancedViewOnly: TRUE
adminDisplayName: DefaultMigrationContainer30
adminDescription: DefaultMigrationContainer30
name: defaultMigrationContainer30
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=hh3,DC=site

dn: CN=HH3,CN=defaultMigrationContainer30,DC=hh3,DC=site

objectClass: top
objectClass: container
cn: HH3
distinguishedName: CN=HH3,CN=defaultMigrationContainer30,DC=hh3,DC=site
instanceType: 4
showInAdvancedViewOnly: TRUE
name: HH3
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=hh3,DC=site

2. Prepare auto.master

dn: CN=auto.master,CN=HH3,CN=defaultMigrationContainer30,DC=hh3,DC=site
objectClass: top
objectClass: nisMap
cn: auto.master
name: auto.master
nisMapName: auto.master

dn: cn=/home/users,CN=auto.master,CN=HH3,CN=defaultMigrationContainer30,DC=hh3,DC=site 
objectClass: top
objectClass: nisObject
cn: /home/users
name: /home/users
nisMapName: auto.master
nisMapEntry: auto.users

3. Prepare auto.users

dn: CN=auto.users,CN=HH3,CN=defaultMigrationContainer30,DC=hh3,DC=site
objectClass: top
objectClass: nisMap
cn: auto.users
name: auto.users
nisMapName: auto.users

dn: cn=*,CN=auto.users,CN=HH3,CN=defaultMigrationContainer30,DC=hh3,DC=site
objectClass: top
objectClass: nisObject
cn: *
name: *
msSFU30Name: *
msSFU30NisDomain: hh3
nisMapName: auto.users
nisMapEntry: -fstype=cifs,sec=krb5,username=cifsuser,multiuser ://altea/users/&

4. Add them to the directory
In the same order as above:

ldbmodify --url=/usr/local/samba/private/sam.ldb <name.of.ldif>

5. Tell nss to use AD
We'll use sssd to extract the maps from AD. Edit sssd.conf to include:

services = nss, pam, autofs
config_file_version = 2
domains = default

ldap_sasl_mech = gssapi
ldap_sasl_authid = CATRAL$@HH3.SITE
ldap_krb5_init_creds = true

autofs_provider = ldap
ldap_autofs_map_object_class = nisMap
ldap_autofs_entry_object_class = nisObject
ldap_autofs_map_name = nisMapName
ldap_autofs_entry_key = cn
ldap_autofs_entry_value = nisMapEntry

6. Everyone forgets
automount: files sss

7. Restart sssd and autofs

8. Administer all your clients without leaving your desk! 
That's it!