On Jul 15, 2011, at 7:02 AM, John Hodrien <J.H.Hodrien at leeds.ac.uk>
wrote:
> I'm trying to use autofs with Active Directory.
>
> This works:
>
> autofs_ldap_auth.conf:
>
> <autofs_ldap_sasl_conf
> usetls="yes"
> tlsrequired="yes"
> authrequired="yes"
> clientprinc="nfs/myhost at MYDOMAIN"
> />
>
> /etc/sysconfig/autofs:
>
> LDAP_URI="ldap://domaincontroller1 ldap://domaincontroller2"
>
> This also works if I replace the auth with a DIGEST-MD5 from GSSAPI (which
> gets used by default). Good so far.
>
> However, I don't want to explicitly list the domain controllers.
Discovering
> them via SRV records fails to work (even though logging clearly shows
it's
> discovered the correct records). Going via a round-robin DNS target for th
> LDAP_URI also fails, as I think autofs expects the server to think of
itself
> under the round-robin name, rather than its primary name, which breaks both
> DIGEST and GSSAPI.
>
> Anyone got any pointers on how to make this work, or is just a bug that I
> should track down?
Did you try the built-in round robin DNS, which is the domain name itself?
This works for me.
-Ross