Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-0616: Mapping home directories for AD users in Linux using automount and the Centrify adauto.pl script

Auditing and Monitoring Service ,   Authentication Service ,   Mac & PC Management Service ,  

14 December,16 at 08:14 PM

Applies to:

All versions of Centrify DirectControl on all platforms


Question:

Is there any solution offered by Centrify to map home directories for AD users who login to a Linux system running the DirectControl agent?


Solution:

Centrify provides a script called adauto.pl script located in the /usr/share/centrifydc/etc directory that can be used to dynamically set an automount path to the user's home directory.  This script gets mount point information directly from Active Directory using LDAP. With the adauto.pl script, home directories can be automounted using the information from our NIS maps feature without requiring any optional components.

The adauto.pl script uses the information stored in the auto.home NIS map for the local Zone or parent Zone (via inheritance) the computer is a member of.  Once the script to the automount configuration is added, the automounter program (autofs) invokes the script and passes it the user name of the user logging on. The adauto.pl script then uses ldapsearch command to retrieve the mount point information from Active Directory and returns the path to the remote home directory for the user logging on. The automounter will then attempt to connect to that home directory.

How to use the adauto.pl script:

1) Add the appropriate mount points to AD by importing or creating automount NIS maps.

    For more information about importing or creating network maps in DirectControl console, please
    refer to the session “Importing and creating additional NIS maps” in "Centrify DirectControl
    Network Information Service Administrator’s Guide".

    For example, to automount the remote file system from the host lmrh2:

    a. Open Centrify Admin Console.

    b. In the console tree, select Zones and open a specific Zone to work with.

    c. Right-click on NIS Maps and click "New".

    d. Select "Automount" map and name it as same as the map file on the Linux/Unix machine.

        On Linux and IRIX machines,
        The map file is:  auto.home

        On Solaris and AIX machines,
        The map file is: auto_home 

     e. Double-click on the "Automount" map.

     f. In the details pane, right-click and select "New" to add a new map entry.

        For example:
        ------------------------------------------------------------------
        Name : fred
        Network Path: lmrh2:/home/fred
        Options :
        Comments : “This is the automount path for fred”
        ------------------------------------------------------------------

        or
        ------------------------------------------------------------------
        Name : *
        Network Path: lmrh2:/home/&
        Options :
        Comments : “This is the automount path for all AD users in this zone”
        ------------------------------------------------------------------


2) On Linux or Solaris, edit the /etc/nsswitch.conf file to change the automount entry as follows:

     automount: files

     For other platforms such as AIX, this step can be skipped.


3) Create a symbolic link for the map file to the adauto.pl file.

    On Solaris and AIX:
    ln -s /usr/share/centrifydc/etc/adauto.pl /etc/auto_home

    On Linux and IRIX machines:
    ln -s /usr/share/centrifydc/etc/adauto.pl /etc/auto.home


4) Edit the /etc/auto.master file to call the map file.

    On Linux machines:
    /export/home     program:/etc/auto.home

    On SuSE Linux 9 or below:
    /export/home     /etc/auto.home

    On SuSE Linux 10:
    /export/home     program /etc/auto.home

    On Solaris and AIX:
    /export/home     /etc/auto_home

    On IRIX 6.5
    /home     /etc/auto.home
 
    On CentOS machines:
    /home   program:/etc/auto.home
     Note: The syntax for the entry may be different across different platforms, so please
                check the man page for auto.master.

 
5) Restart the autofs services.

    On Linux:
    service autofs restart
 

    On IRIX:

    /etc/init.d/network stop

    /etc/init.d/network start 

 

    On AIX:
    stopsrc -s automountd
    startsrc -s automountd

    On Solaris 10:
    svcadm restart autofs
   

6) Test that the adauto.pl script is working by entering the following command:

    On Linux:
    /etc/auto.home username

    On Solaris and AIX:
    /etc/auto_home username
 
    On IRIX:
    /etc/auto.home username   

    Then, it returns the path from the auto.home or auto_home NIS map stored in Active Directory.
    For example: /server/home/userid


Notes:
1) On Linux machines, the automounter can be invoked from the command line as follows:
     automount /export/home/ program /etc/auto.home

2) If any changes are done to NIS Maps in AD, please restart the automount services on the
     Linux/Unix machine.

3) For the server provided in step 1, please note if this is a Unix-based NAS device that it must have the capability to resolve AD users to their correct UID/GID for file access purposes.  Centrify's ldapproxy component, is an ideal solution for this as it supports industry standard RFC2307 ldap queries.  For more information on Centrify ldapproxy, please see the latest Centrify Unix Admin Guide.  
 

Related Articles

 No related Articles