Introduction
Samba4 uses Microsoft's 2008 AD schema and so has all the classes and attributes we need to automount cifs in Linux. Despite what the pros will tell you, there is NO NEED to extend the schema. Out of the box it has the NIS schema. If you are brave however, you may wish to try one of the other schemas.
The Schemas
| attribute | RFC2307bis | NIS | RFC2307 extension |
|---|---|---|---|
| map objectclass | automountMap | nisMap | automountMap |
| entry objectclass | automount | nisObject | automount |
| map attribute | automountMapName | nisMapName | ou |
| entry attribute | automountKey | cn | cn |
| value attribute | automountInformation | nisMapEntry | automountInformation |
To illustrate this, I'll take a domain called hh3.site and convert an existing flat file automount setup to LDAP.
We have a Samba4 DC serving the domain, with a Samba4 file server called altea and a client called catral. In this example, the latter is being converted from flat file autofs to AD autofs.
Aim
To go from this:
/etc/auto.master
/home/users /etc/auto.users
and
/etc/auto.users
* -fstype=cifs,sec=krb5,username=cifsuser, multiuser ://altea/users/&
. . .to LDAP that AD can understand
Method
1. Prepare the container
container.ldif
dn: CN=defaultMigrationContainer30,DC=hh3,DC=site
objectClass: top
objectClass: container
cn: defaultMigrationContainer30
distinguishedName: CN=defaultMigrationContainer30,DC=hh3,DC=site
instanceType: 4
showInAdvancedViewOnly: TRUE
adminDisplayName: DefaultMigrationContainer30
adminDescription: DefaultMigrationContainer30
name: defaultMigrationContainer30
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=hh3,DC=site
dn: CN=HH3,CN=defaultMigrationContainer30,DC=hh3,DC=site
objectClass: top
objectClass: container
cn: HH3
distinguishedName: CN=HH3,CN=defaultMigrationContainer30,DC=hh3,DC=site
instanceType: 4
showInAdvancedViewOnly: TRUE
name: HH3
objectCategory: CN=Container,CN=Schema,CN=Configuration,DC=hh3,DC=site
2. Prepare auto.master
auto.master.ldif
auto.master.ldif
dn: CN=auto.master,CN=HH3,CN=defaultMigrationContainer30,DC=hh3,DC=site
objectClass: top
objectClass: nisMap
cn: auto.master
name: auto.master
nisMapName: auto.master
dn: cn=/home/users,CN=auto.master,CN=HH3,CN=defaultMigrationContainer30,DC=hh3,DC=site
objectClass: top
objectClass: nisObject
cn: /home/users
name: /home/users
nisMapName: auto.master
nisMapEntry: auto.users
3. Prepare auto.users
auto.users.ldif
dn: CN=auto.users,CN=HH3,CN=defaultMigrationContainer30,DC=hh3,DC=site
objectClass: top
objectClass: nisMap
cn: auto.users
name: auto.users
nisMapName: auto.users
dn: cn=*,CN=auto.users,CN=HH3,CN=defaultMigrationContainer30,DC=hh3,DC=site
objectClass: top
objectClass: nisObject
cn: *
name: *
msSFU30Name: *
msSFU30NisDomain: hh3
nisMapName: auto.users
nisMapEntry: -fstype=cifs,sec=krb5,username=cifsuser,multiuser ://altea/users/&
4. Add them to the directory
In the same order as above:
ldbmodify --url=/usr/local/samba/private/sam.ldb <name.of.ldif>
5. Tell nss to use AD
We'll use sssd to extract the maps from AD. Edit sssd.conf to include:
We'll use sssd to extract the maps from AD. Edit sssd.conf to include:
services = nss, pam, autofs
config_file_version = 2
domains = default
[nss]
[pam]
[autofs]
ldap_sasl_mech = gssapi
ldap_sasl_authid = CATRAL$@HH3.SITE
ldap_krb5_init_creds = true
autofs_provider = ldap
ldap_autofs_search_base=CN=hh3,CN=defaultMigrationContainer30,DC=hh3,DC=site
ldap_autofs_map_object_class = nisMap
ldap_autofs_entry_object_class = nisObject
ldap_autofs_map_name = nisMapName
ldap_autofs_entry_key = cn
ldap_autofs_entry_value = nisMapEntry
6. Everyone forgets
/etc/nsswitch.conf
automount: files sss
7. Restart sssd and autofs
8. Administer all your clients without leaving your desk!
That's it!
8. Administer all your clients without leaving your desk!
That's it!