KB-3036: How to automount an NFSv4 share in Centrify

Centrify DirectControl ,  

12 April,16 at 11:08 AM

Applies to: All versions of Centrify DirectControl and CentOS 6.x

How to automount an NFSv4 share in Centrify?
Example setup for reference:
= DirectControl Setup =
Open the DirectControl/DirectManage Access Manager Console and navigate to a specific Zone.
- Expand the Zone to display NIS Maps.
- Select NIS Maps, right-click, then click New > autoMount.
- Select auto.home or auto_home as the map name, then click OK.
- Select the new map, right click, then click New to add a new individual map record.
For example, create a map record similar to this for all users in a Zone:
Name: *
Network Path:
Options: -fstype=nfs4,sec=krb5p
= NFSv4 Server Setup =
- Install nfs:
yum install nfs-utils
- Edit /etc/exports for configuring a pseudo file system
[root@sp220 ~]# cat /etc/exports
/nfs    gss/krb5p(rw,sync,fsid=0)
/nfs/myhome    gss/krb5p(rw,sync)
- Create folders to match above pseudo file system
[root@sp220 ~]# ls -l /nfs/myhome/
total 8
drwxr-x---. 17 ivan007 ivan007 4096 Apr 18 15:11 ivan007
drwxr-x---  25 jcha001 jcha001 4096 Apr 18 14:59 jcha001
- Edit /etc/sysconfig/nfs for configuring NFS to use Kerberos
- Start NFS
service nfs start
= NFSv4 Client Setup =
- Install nfs
yum install nfs-utils
- Get NFS service key
/usr/share/centrifydc/kerberos/bin/kinit -kf sp219$
- Run GSSAPI for RPC
/usr/sbin/rpc.gssd -n
- Edit /etc/rc.local to get NFS service key and run GSSAPI for RPC in case the machine reboots
/usr/share/centrifydc/kerberos/bin/kinit -kf sp219$
/usr/sbin/rpc.gssd -n
- Configure a cron job for renewing NFS service once every 8 hours
*     8     *     *     *         /usr/share/centrifydc/kerberos/bin/kinit -kf sp219$
- Install autofs
yum install autofs
- Edit /etc/nsswitch.conf to change automount from nis to files
automount: files
- Create a symbolic link for /etc/auto.home
ln -s /usr/share/centrifydc/etc/ /etc/auto.home
- Edit /etc/auto.master to call /etc/auto.home
/home program:/etc/auto.home
- Restart autofs
service autofs restart
- Logout and logon as an AD user

