Currently we do not have any client tool or CLI to configure automount client against an IPA server. After adding the automount keys in IPA, the user/admin has to manually configure ipa client by editing /etc/nsswitch.conf and /etc/sysconfig/autofs, having a tool to configure this would be quite useful.
Keep an eye on https://fedorahosted.org/sssd/ticket/900
Do this as a parameter on the client install. Vet with the list first.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=824522
There are two ways we can go with this:
A description of how to configure sssd is at http://jhrozek.livejournal.com/2500.html
I haven't yet gotten this to work, it seems likke we need to configure an ldap provider.
Worked with Jakub on this and discovered we need at least autofs-5.0.6-16 for this to work.
I also needed to install the libsss_autofs package.
To configure ssshd do this:
Nothing is needed in the autofs section
See related ticket https://fedorahosted.org/freeipa/ticket/2193 for configuring secure NFS.
Closed https://fedorahosted.org/freeipa/ticket/1429 as a duplicate
Have this basically working except for configure sssd as the autofs provider. Filed ticket https://fedorahosted.org/sssd/ticket/1363
Here are some basic steps for configuring a secure NFS server on F-17:
yum install nfs-utils
Set Domain to $DOMAIN in /etc/idmapd.conf
Create /etc/exports, I used:
/export *(rw,sec=sys:krb5:krb5i:krb5p)
Create the nfs service:
ipa service-add nfs/ipa.example.com ipa-getkeytab -s ipa.example.com -k /etc/krb5.keytab -p nfs/ipa.example.com
service nfs-secure restart service nfs-server restart service nfs-secure-server restart
Create an automount location
Create a key, for information use:
-fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192 ipa.example.com:/export
Now try configuring the client.
attachment freeipa-rcrit-1023-automount.patch
master: f4d2f2a
Rename component.
Metadata Update from @gowrishankar: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 3.0 Beta 1
Login to comment on this ticket.