Yesterday I was setting up a new Debian system to act as a media center for the house and decided it would be nice to have it also attached to the FreeIPA domain. That way SSH and user management is a little easier and I get automounting NFS shares effectively for free! Also, conveniently, someone has done a great deal of the work for me by porting the FreeIPA client automount scripts over to Debian so it is effectively a pushbutton install.

First order of business is obviously to install the FreeIPA client packages from the repositories.

$ sudo apt-get install freeipa-client

Once that finished I discovered that the packages install all of the IPA client binaries into /usr/sbin instead of /usr/bin which meant that by default they were not in my PATH. No worries, I can call them directly.

$ /usr/sbin/ipa-client-install --mkhomedir --configure-firefox

I decided to go ahead and configure Firefox at the same time so that all of my internal web services would be accessible from that host as well. Next came setting up the automount configuration which again has a handy client application.

$ /usr/sbin/ipa-client-automount

Unfortunately, the installer wanted to restart the service nfs-idmapd which was not available. Turns out it is provided by the nfs-kernel-server package and after installing that the automount install completed successfully. I went to see if I could mount one of my media directories and…nothing. Turns out that autofs isn’t installed as a dependency either and so that service wasn’t running. Another quick fix:

$ sudo apt-get install autofs
$ sudo systemctl enable autofs
$ sudo systemctl start autofs

And still nothing! Now I was confused. Everything looked to be configured correctly but I wasn’t getting mounts and I wasn’t seeing error messages. Following along with some of the debugging suggestions found here I stopped the autofs service and started the application up in the foreground with debug flags enabled.

$ sudo /usr/sbin/automount -f --debug

Watching the output it looked like it wasn’t loading any external maps at all which seemed odd because the installer had finished without an error. After reviewing this slideshow I checked my SSSD configuration at /etc/sssd/sssd.conf and saw that it was loading autofs module correctly and looking at my IPA domain like I would expect. But when looking through some older documentation it struck me that I hadn’t checked /etc/nsswitch.conf and when I did I found that the automount: files sss line was totally missing from that file! No wonder autofs wasn’t loading anything, it hadn’t been told where to look beyond its own local files. I made the change and rebooted autofs before trying to ls one of my media directories. A few seconds for the NFS share to spin up and mount before I was able to browse around without any issue at all. Success!