I've almost got this working. I have successfully logged in a user via OpenLDAP rather than a local user. But now, I want to use NFS/AutoFS to auto-mount that user's home directory.
I used the migration tools to export local users (of which "ldapuser1" is included in) so the ldapuser1 user has a /home/ldapuser1 home directory on the server. I export the /home directory under /etc/exports with: -
Code:
/home 192.168.1.0/24(rw,sync,no_root_squash,no_subtree_check)
On the client, I used the following authconfig command to enable LDAP authentication: -
Code:
authconfig --enableldap --enableldapauth --ldapserver='ldap://ldapserver.example.local/' --ldapbasedn='dc=example,dc=local' --enablemkhomedir --enableshadow --enablelocauthorize --passalgo=sha256 --update
In /etc/auto.master I added: -
Code:
/home /etc/auto.home
...and the /etc/auto.home file contains: -
Code:
* -fstype=nfs 192.168.1.81:/home/&
where the IP address is the IP address of the LDAP server.
The autofs and nslcd services are running and SELinux is disabled. When I now login through localhost with the user that only exists on the LDAP server, I get: -
Code:
[root@client etc]# ssh ldapuser1@localhost
ldapuser1@localhost's password:
Creating directory '/home/ldapuser1'.
Unable to create and initialize directory '/home/ldapuser1'.
Last login: Wed Mar 18 11:23:04 2015 from localhost
Could not chdir to home directory /home/ldapuser1: No such file or directory
-bash-4.1$
There isn't anything in /var/log/messages, but /var/log/secure has this: -
Code:
Mar 18 11:23:41 client sshd[1427]: Accepted password for ldapuser1 from ::1 port 55712 ssh2
Mar 18 11:23:41 client mkhomedir_helper: PAM unable to create directory /home/ldapuser1: Permission denied
Mar 18 11:23:41 client sshd[1427]: pam_unix(sshd:session): session opened for user ldapuser1 by (uid=0)
Mar 18 11:24:33 client sshd[1432]: Received disconnect from ::1: 11: disconnected by user
Mar 18 11:24:33 client sshd[1427]: pam_unix(sshd:session): session closed for user ldapuser1
So PAM is unable to create the directory with 'permission denied' error. However, if I stop the autofs service and login, LDAP creates the user's home directory for me, but it's empty of the files that are present on the LDAP server's user home directory.
If I start the autofs service and try and create the user's home directory manually, I also get "permission denied" even though I am root and the file permissions look okay so it looks as though autofs has some sort of lock on the client's /home directory.
All I want to do is login via LDAP (which works currently) and auto-mount the /home/ldapuser1 directory on the client so that the user has everything centralised on the LDAP/NFS server.
Am I doing it wrong?
