3:46 p.m.
On su, 24 touko 2020, Klaus Vink Slott via FreeIPA-users wrote:
Hi
I am trying to mix files based automount entries with some entries from
IPA. I found that in order to make this work on Centos clients I must
place files before sss in nsswitch. After this discovery I just made my
ansible setup ensure this.
grep automount /etc/nsswitch.conf
#automount: files nisplus sss
automount: files sss
Now moving to Centos 8 I found warnings in nsswitch, not to edit it
directly, so I revisited this oddity. I found that according to
Redhat(1) authselect should not be used anyway, when IPA is in charge.
But the setup made by ipa-client-automount also had the same problem:
sss before files.
This is not a correct statement, from your side, at least. The
documentation doesn't make it clear but internally in IPA authselect is
used to maintain predefined configuration that IPA relies on. It meant
to explain that you should not modify authselect profile chosen by IPA
installers to avoid breaking those assumptions.
Actually, I dont mind which one is consulted first, I have no mixed
maps. But to me it seems that when sss is consulted first, auto.master
is not used at all.
Is this a in my setup or in Centos/Redhat - or am I missing something?
I don't think this is correct either. By default, automount(8) would
read /etc/auto.master file which, in default configuration,
includes any maps from /etc/auto.master.d directory and then auto.master
map found from nsswitch.
Below is a snippet of /etc/auto.master I have on RHEL 8:
----------------------------------------------------------------------
# Include /etc/auto.master.d/*.autofs
# The included files must conform to the format of this file.
#
+dir:/etc/auto.master.d
#
[..]
# Include central master map if it can be found using
# nsswitch sources.
#
# Note that if there are entries for /net or /misc (as
# above) in the included master map any keys that are the
# same will not be seen as the first read key seen takes
# precedence.
#
+auto.master
----------------------------------------------------------------------
Fedora version has a bit more documentation details:
----------------------------------------------------------------------
# Include /etc/auto.master.d/*.autofs
# To add an extra map using this mechanism you will need to add
# two configuration items - one /etc/auto.master.d/extra.autofs file
# (using the same line format as the auto.master file)
# and a separate mount map (e.g. /etc/auto.extra or an auto.extra NIS map)
# that is referred to by the extra.autofs file.
#
+dir:/etc/auto.master.d
----------------------------------------------------------------------
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland