Distributing automount maps

You can create auto.master and auto.home files as NIS maps in Centrify zones and distribute them using symbolic links to the adauto.pl script. In this scenario, you can take advantage of the capability to support executable maps. Depending on your operating system, however, you might be able to take advantage of the Centrify NSS module to automatically mount home directories instead. If your operating system allows you to use the Centrify NSS module, you can add centrifydc to the automount line in the /etc/nsswitch.conf file.

In most cases, you can use the Centrify NSS module to distribute auto.home maps. You cannot use this approach, however, to distribute the auto.master map on most operating systems. For the auto.master map, your options are typically limited to doing one of the following:

  • using NIS.
  • using LDAP.
  • using a local file.

For information about using LDAP, see “Using the Centrify LDAP proxy service” in the Administrator’s Guide for Linux and UNIX. If you use a local file, you can use an adedit script to synchronize the auto.master map to a local /etc/auto.master file. The following example illustrates the steps to synchronize the auto.master map to a local /etc/auto.master file.

  1. Add the File Copy group policy to a Group Policy Object that applies to Centrify-managed computers.
  2. Enable the group policy to copy a script similar to the following to the directory /usr/share/centrifydc/mappers/machine:

    #!/bin/sh
    # Restart adedit using tclsh \
    exec adedit "$0" "$@"
    # Bind to an Active Directory domain \
    bind -machine domain
    # Select a zone context \
    select_zone zone
    catch {
    select_nis_map auto.master
    set output [open /etc/auto.master w 0644]
    foreach line [gnm] {
    puts $output [regsub ":1" $line ""]
    }
    close $output
    }
    }

    By adding a script similar to this sample script to a GPO, every 90 to 120 minutes the group policy update will execute the script to read the contents of the auto.master map in Active Directory and create a local copy of the /etc/auto.master file.

You can also use this same approach to synchronize all of the maps stored in Active Directory to the local /etc directory. For example:

#!/bin/sh
# Restarts using tclsh \
exec adedit "$0" "$@"
bind -machine [adinfo domain]
slz [adinfo zone]
foreach map [get_nis_maps] {
    if ([regexp "auto*" $map]) {
                slnm $map
                set output [open /etc/$map w 0644]
                  foreach line [gnm] {
                  puts $output [regsub ":1" $line ""]
                }
    close $output
    }
}