Chapter 21. Using SSSD component from IdM to cache the autofs maps

Procedure

1. Open the SSSD configuration file:

   # vim /etc/sssd/sssd.conf

2. Add the autofs service to the list of services handled by SSSD.

   [sssd]
   domains = ldap
   services = nss,pam,autofs

3. Create a new [autofs] section. You can leave this blank, because the default settings for an autofs service work with most infrastructures.

   [nss]
   
   [pam]
   
   [sudo]
   
   [autofs]
   
   [ssh]
   
   [pac]

   For more information, see the sssd.conf man page on your system.

4. Optional: Set a search base for the autofs entries. By default, this is the Lightweight Directory Access Protocol (LDAP) search base. A subtree can be specified in the ldap_autofs_search_base parameter.

   [domain/EXAMPLE]
   
   ldap_search_base = "dc=example,dc=com"
   ldap_autofs_search_base = "ou=automount,dc=example,dc=com"

5. Restart SSSD service:

   # systemctl restart sssd.service

6. Check the /etc/nsswitch.conf file, so that SSSD is listed as a source for automount configuration:

   automount: sss files

7. Restart autofs service:

   # systemctl restart autofs.service

8. Test the configuration by listing a user’s /home directory, assuming there is a master map entry for /home:

   # ls /home/userName

   If this does not mount the remote file system, check the /var/log/messages file for errors. If necessary, increase the debug level in the /etc/sysconfig/autofs file by setting the logging parameter to debug.