我在Ubuntu 14.04操作系统中使用LDAP和NFS4设置了一个使用用户帐户的分布式系统。问题是客户端没有在启动时安装FS,所以我愿意使用Autofs-LDAP,以便在用户通过LDAP验证自己时安装主目录。
为实现这一目标,我使用NFSv4设置了NFS服务器,并在/ etc / export中导出主目录,如下所示:
/srv/nfs4/home 2001:470:736b:dfe::/64(ro,no_subtree_check,no_root_squash,fsid=0)
这个配置是正确的,从客户端,我可以挂载" / home"使用包含以下内容的mount命令以及其他设备:
[2001:470:736b:dff:5054:fff:fe0d:ff05]:/ /home nfs auto,noatime,nolock,bg,nfsvers=4,intr,actimeo=1800 0 0
我在LDAP服务器中与Automount相关的条目看起来像这些(从创建文件.ldif中提取):
dn: ou=auto.home,dc=d,dc=ff,dc=es,dc=eu,dc=org
ou: auto.home
objectClass: top
objectClass: automountMap
dn: cn=nicu,ou=auto.home,dc=d,dc=ff,dc=es,dc=eu,dc=org
objectClass: automount
cn: nicu
automountInformation: -fstype=nfs,auto,noatime,nolock,nfsvers=4,intr [2001:470:736b:dff:5054:fff:fe0d:ff05]:/nicu
如果我输入slapcat,则条目会显示在其中。 我已经按照指南Ubuntu和Debian进行了操作,这些指南在客户端中留下了以下配置:
的/ etc /默认/ autofs的
#
# Define default options for autofs.
#
# MASTER_MAP_NAME - default map name for the master map.
#
MASTER_MAP_NAME="/etc/auto.master"
#
# TIMEOUT - set the default mount timeout (default 600).
#
TIMEOUT=300
#
# NEGATIVE_TIMEOUT - set the default negative timeout for
# failed mount attempts (default 60).
#
#NEGATIVE_TIMEOUT=60
#
# MOUNT_WAIT - time to wait for a response from mount(8).
# Setting this timeout can cause problems when
# mount would otherwise wait for a server that
# is temporarily unavailable, such as when it's
# restarting. The defailt of waiting for mount(8)
# usually results in a wait of around 3 minutes.
#
#MOUNT_WAIT=-1
#
# UMOUNT_WAIT - time to wait for a response from umount(8).
#
#UMOUNT_WAIT=12
#
# BROWSE_MODE - maps are browsable by default.
#
BROWSE_MODE="no"
#
# MOUNT_NFS_DEFAULT_PROTOCOL - specify the default protocol used by
# mount.nfs(8). Since we can't identify
# the default automatically we need to
# set it in our configuration.
#
MOUNT_NFS_DEFAULT_PROTOCOL=4
#
# APPEND_OPTIONS - append to global options instead of replace.
#
#APPEND_OPTIONS="yes"
#
# LOGGING - set default log level "none", "verbose" or "debug"
#
LOGGING="debug"
#
# Define server URIs
#
# LDAP_URI - space seperated list of server uris of the form
# <proto>://<server>[/] where <proto> can be ldap
# or ldaps. The option can be given multiple times.
# Map entries that include a server name override
# this option.
#
# This configuration option can also be used to
# request autofs lookup SRV RRs for a domain of
# the form <proto>:///[<domain dn>]. Note that a
# trailing "/" is not allowed when using this form.
# If the domain dn is not specified the dns domain
# name (if any) is used to construct the domain dn
# for the SRV RR lookup. The server list returned
# from an SRV RR lookup is refreshed according to
# the minimum ttl found in the SRV RR records or
# after one hour, whichever is less.
#
LDAP_URI="ldap://nfsnis1.d.ff.es.eu.org"
#
# LDAP__TIMEOUT - timeout value for the synchronous API calls
# (default is LDAP library default).
#
#LDAP_TIMEOUT=-1
#
# LDAP_NETWORK_TIMEOUT - set the network response timeout (default 8).
#
#LDAP_NETWORK_TIMEOUT=8
#
# Define base dn for map dn lookup.
#
# SEARCH_BASE - base dn to use for searching for map search dn.
# Multiple entries can be given and they are checked
# in the order they occur here.
#
SEARCH_BASE="dc=d,dc=ff,dc=es,dc=eu,dc=org"
#
# Define the LDAP schema to used for lookups
#
# If no schema is set autofs will check each of the schemas
# below in the order given to try and locate an appropriate
# basdn for lookups. If you want to minimize the number of
# queries to the server set the values here.
#
#MAP_OBJECT_CLASS="nisMap"
#ENTRY_OBJECT_CLASS="nisObject"
#MAP_ATTRIBUTE="nisMapName"
#ENTRY_ATTRIBUTE="cn"
#VALUE_ATTRIBUTE="nisMapEntry"
#
# Other common LDAP nameing
#
MAP_OBJECT_CLASS="automountMap"
ENTRY_OBJECT_CLASS="automount"
MAP_ATTRIBUTE="ou"
ENTRY_ATTRIBUTE="cn"
VALUE_ATTRIBUTE="automountInformation"
#
#MAP_OBJECT_CLASS="automountMap"
#ENTRY_OBJECT_CLASS="automount"
#MAP_ATTRIBUTE="automountMapName"
#ENTRY_ATTRIBUTE="automountKey"
#VALUE_ATTRIBUTE="automountInformation"
#
# AUTH_CONF_FILE - set the default location for the SASL
# authentication configuration file.
#
AUTH_CONF_FILE="/etc/autofs_ldap_auth.conf"
#
# MAP_HASH_TABLE_SIZE - set the map cache hash table size.
# Should be a power of 2 with a ratio roughly
# between 1:10 and 1:20 for each map.
#
#MAP_HASH_TABLE_SIZE=1024
#
# General global options
#
#OPTIONS=""
#
的/etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
# pre_auth-client-config # passwd: compat
passwd: files ldap
# pre_auth-client-config # group: compat
group: files ldap
# pre_auth-client-config # shadow: compat
shadow: files ldap
automount: files ldap
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
# pre_auth-client-config # netgroup: nis
netgroup: nis
/etc/auto.master文件
/home ldap:ou=auto.home,dc=d,dc=ff,dc=es,dc=eu,dc=org
帐户身份验证客户端 - 服务器工作正常,但是当用户通过身份验证并访问其主目录时,无法从NFS服务器挂载该目录,并且这些日志显示在syslog中:
Apr 16 18:56:07 u automount[846]: Starting automounter version 5.0.7, master map /etc/auto.master
Apr 16 18:56:07 u automount[846]: using kernel protocol version 5.02
Apr 16 18:56:07 u automount[846]: lookup_nss_read_master: reading master file /etc/auto.master
Apr 16 18:56:07 u automount[846]: parse_init: parse(sun): init gathered global options: (null)
Apr 16 18:56:07 u automount[846]: lookup_read_master: lookup(file): read entry /home
Apr 16 18:56:07 u automount[846]: master_do_mount: mounting /home
Apr 16 18:56:07 u automount[846]: automount_path_to_fifo: fifo name /var/run/autofs.fifo-home
Apr 16 18:56:07 u automount[846]: lookup_nss_read_map: reading map ldap ldap:ou=auto.home,dc=d,dc=ff,dc=es,dc=eu,dc=org
Apr 16 18:56:07 u automount[846]: parse_init: parse(sun): init gathered global options: (null)
Apr 16 18:56:07 u automount[846]: mounted indirect on /home with timeout 300, freq 75 seconds
Apr 16 18:56:07 u automount[846]: st_ready: st_ready(): state = 0 path /home
Apr 16 18:57:07 u automount[846]: handle_packet: type = 3
Apr 16 18:57:07 u automount[846]: handle_packet_missing_indirect: token 1, name nicu, request pid 936
Apr 16 18:57:07 u automount[846]: attempting to mount entry /home/nicu
Apr 16 18:57:07 u automount[846]: parse_mount: parse(sun): expanded entry: -fstype=nfs,auto,noatime,nolock,nfsvers=4,intr#011[2001:470:736b:dff:5054:fff:fe0d:ff05]:/nicu
Apr 16 18:57:07 u automount[846]: parse_mount: parse(sun): gathered options: fstype=nfs,auto,noatime,nolock,nfsvers=4,intr
Apr 16 18:57:07 u automount[846]: parse_mount: parse(sun): dequote("[2001:470:736b:dff:5054:fff:fe0d:ff05]:/nicu") -> [2001:470:736b:dff:5054:fff:fe0d:ff05]:/nicu
Apr 16 18:57:07 u automount[846]: parse_mount: parse(sun): core of entry: options=fstype=nfs,auto,noatime,nolock,nfsvers=4,intr, loc=[2001:470:736b:dff:5054:fff:fe0d:ff05]:/nicu
Apr 16 18:57:07 u automount[846]: sun_mount: parse(sun): mounting root /home, mountpoint nicu, what [2001:470:736b:dff:5054:fff:fe0d:ff05]:/nicu, fstype nfs, options auto,noatime,nolock,nfsvers=4,intr
Apr 16 18:57:07 u automount[846]: mount_mount: mount(nfs): root=/home name=nicu what=[2001:470:736b:dff:5054:fff:fe0d:ff05]:/nicu, fstype=nfs, options=auto,noatime,nolock,nfsvers=4,intr
Apr 16 18:57:07 u automount[846]: mount_mount: mount(nfs): nfs options="auto,noatime,nolock,nfsvers=4,intr", nobind=0, nosymlink=0, ro=0
Apr 16 18:57:07 u automount[846]: mount(nfs): no hosts available
Apr 16 18:57:07 u automount[846]: dev_ioctl_send_fail: token = 1
Apr 16 18:57:07 u automount[846]: handle_packet: type = 3
Apr 16 18:57:07 u automount[846]: handle_packet_missing_indirect: token 2, name nicu, request pid 936
Apr 16 18:57:07 u automount[846]: dev_ioctl_send_fail: token = 2
Apr 16 18:57:07 u automount[846]: failed to mount /home/nicu
正如您所看到的,看起来它无法获得任何NFS服务器,但又一次,mount命令正在运行。关于这里发生了什么的任何想法?也许有一些无效的选项,但它们在客户端的/ etc / fstab和服务器LDAP条目中都是相同的。我不知道我在这里失踪了什么。
谢谢。