Samba4 autofs with the rfc2307bis schema

Warning: DO NOT TRY THIS AT HOME. One false move and you destroy your domain. 

Intro

Samba4 comes with the NIS schema for describing automount maps. See this post for using autofs with that schema. But it is not the only schema which provides automount capabilities. 

The schemas

attribute	RFC2307bis	NIS	RFC2307 extension
map objectclass	automountMap	nisMap	automountMap
entry objectclass	automount	nisObject	automount
map attribute	automountMapName	nisMapName	ou
entry attribute	automountKey	cn	cn
value attribute	automountInformation	nisMapEntry	automountInformation

The W-2008 schema that comes with Samba4 does not contain the objectClass entries for either of the rfc2307 schemas. We must add them (extend) to the schema to be able to use the automount attributes. To illustrate this, I'll take a domain called hh3.site and convert an existing flat file automount setup to LDAP using an extended AD schema. The RFC2307 schemas are mutually exclusive.


Big thanks to RP over on the samba list for my sanity checks and the ldifs:)

We have a Samba4 DC serving the domain, with a Samba4 file server called altea and a client called alcoi. In this example, the latter is being converted from flat file autofs to RFC2307bis autofs.

 
Method

Working on the DC with the schema FSMO, kill all samba processes.

attr.ldif

dn: CN=automountMapName,CN=Schema,CN=Configuration,DC=hh3,DC=site
objectClass: top
objectClass: attributeSchema
attributeID: 1.3.6.1.1.1.1.31
schemaIdGuid:: SQGtFScvaoDZ8hUMHirmCw==
cn: automountMapName
name: automountMapName
lDAPDisplayName: automountMapName
description: automount Map Name
attributeSyntax: 2.5.5.5
oMSyntax: 22
isSingleValued: TRUE

dn: CN=automountKey,CN=Schema,CN=Configuration,DC=hh3,DC=site
objectClass: top
objectClass: attributeSchema
attributeID: 1.3.6.1.1.1.1.32
schemaIdGuid:: qGFH0ubAc2p2pJgxor8N7A==
cn: automountKey
name: automountKey
lDAPDisplayName: automountKey
description: Automount Key value
attributeSyntax: 2.5.5.5
oMSyntax: 22
isSingleValued: TRUE

dn: CN=automountInformation,CN=Schema,CN=Configuration,DC=hh3,DC=site
objectClass: top
objectClass: attributeSchema
attributeID: 1.3.6.1.1.1.1.33
schemaIdGuid:: WJnCqDrTLttu+RyBBWWpPQ==
cn: automountInformation
name: automountInformation
lDAPDisplayName: automountInformation
description: Automount information
attributeSyntax: 2.5.5.5
oMSyntax: 22
isSingleValued: TRUE

class.ldif

dn: CN=automountMap,CN=Schema,CN=Configuration,DC=hh3,DC=site

objectClass: top

objectClass: classSchema

governsID: 1.3.6.1.1.1.2.16

schemaIdGuid:: d51ct3yZs79jXxoAG2zfHA==

cn: automountMap

name: automountMap

lDAPDisplayName: automountMap

subClassOf: top

objectClassCategory: 3

mustContain: automountMapName

mayContain: description

defaultObjectCategory:CN=automountMap,CN=Schema,CN=Configuration,DC=hh3,DC=site

dn: CN=automount,CN=Schema,CN=Configuration,DC=hh3,DC=site

objectClass: top

objectClass: classSchema

governsID: 1.3.6.1.1.1.2.17

schemaIdGuid:: LKPdMpqFmsHw2t6Ewsj9Rw==

cn: automount

name: automount

lDAPDisplayName: automount

subClassOf: top

objectClassCategory: 3

description: Automount information

mustContain: automountKey

mustContain: automountInformation

mayContain: description

defaultObjectCategory: CN=automount,CN=Schema,CN=Configuration,DC=hh3,DC=site

These must be added as schema extensions:

ldbmodify --url=/usr/local/samba/private/sam.ldb  attr.ldif --option="dsdb:schema update allowed"=true

Repeat for class.ldif in that order. Attributes first.

Convert the flat files to LDAP syntax

Here are the existing files we want to stick in AD:

/etc/auto.master

/home/users    /etc/auto.users

/etc/auto.users

* -fstype=cifs,sec=krb5,username=cifsuser,multiuser ://altea/users/&

users.ldif

dn: OU=automount,DC=hh3,DC=site

objectClass: top

objectClass: organizationalUnit

ou: automount

name: automount

dn: ou=auto.master,ou=automount,DC=hh3,DC=site

objectClass: top

objectClass: automountMap

objectClass: organizationalUnit

ou: auto.master

name: auto.master

automountMapName: auto.master

dn: CN=/home/users,ou=auto.master,OU=automount,DC=hh3,DC=site

objectClass: top

objectClass: automount

objectClass: container

cn: /home/users

name: /home/users

automountKey: /home/users

automountInformation: auto.users

dn: ou=auto.users,ou=automount,DC=hh3,DC=site

objectClass: top

objectClass: automountMap

objectClass: organizationalUnit

ou: auto.users

name: auto.users

automountMapName: auto.users

dn: CN=*,ou=auto.users,ou=automount,DC=hh3,DC=site

objectClass: top

objectClass: automount

objectClass: container

cn: *

name: *

automountKey: *

automountInformation: -fstype=cifs,sec=krb5,username=cifsuser,multiuser ://altea/users/&

Add it to AD

ldbmodify --url=/usr/local/samba/private/sam.ldb users.ldif

sssd.conf

Make sure you have added:

services = nss, pam,autofs

[autofs]

autofs_provider = ldap

ldap_autofs_search_base = OU=automount,DC=hh3,DC=site

ldap_autofs_map_object_class = automountMap

ldap_autofs_entry_object_class = automount

ldap_autofs_map_name = automountMapName

ldap_autofs_entry_key = automountKey

ldap_autofs_entry_value = automountInformation

Don't forget your /etc/nsswitch.conf

Restart sssd and autofs

¡Ya está!