Fedora Directory Server
Fedora DS + Automount HomeDir
I have written a quick howto on setting up Fedora Directory server. I have provided a server kickstart template I used to setup a quick minimal server setup.
NOTE:
This install guide also applies to Centos Directory server. Where steps are not required for Centos Directory server I have mentioned (Do Not need for Centos Directory Server). Also when the installation is complete replace the word "fedora" with centos to start the admin console i.e fedora-idm-console becomes centos-idm-console.
Kickstart for minimal Centos 5 server setup
install nfs --server=192.168.1.10 --dir=/exports/build/yum/5/os/x86_64 lang en_US.UTF-8 keyboard uk skipx network --device eth0 --bootproto static --ip 192.168.1.120 --netmask 255.255.255.0 --gateway 192.168.1.254 --nameserver 192.168.1.10 --hostname fds.unixcraft.com rootpw --iscrypted $1$4xYxBCiB$z/ecCMTwxkd4sSl1dcPOB. firewall --disabled authconfig --enableshadow --enablemd5 selinux --disabled timezone --utc Europe/London bootloader --location=mbr --driveorder=sda zerombr yes reboot text clearpart --linux --drives=sda part /boot --fstype ext3 --size=100 --ondisk=sda part pv.2 --size=0 --grow --ondisk=sda volgroup VolGroup00 --pesize=32768 pv.2 logvol / --fstype ext3 --name=LogVol00 --vgname=VolGroup00 --size=1024 --grow logvol swap --fstype swap --name=LogVol01 --vgname=VolGroup00 --size=512 --grow --maxsize=1024 %packages --resolvedeps @editors @system-tools @text-internet @core @base audit lynx device-mapper-multipath -zsh -vnc -zisofs-tools -hwbrowser -nmap -xdelta -openldap-clients -bluez-hcidump -slrn -mutt -cadaver -bind-chroot -sysreport %post --log=/root/ks-post.log ## Logging ## set -x /sbin/chkconfig autofs off /sbin/chkconfig cups off /sbin/chkconfig cups-config-daemon off /sbin/chkconfig isdn off /sbin/chkconfig kudzu off /sbin/chkconfig lm_sensors off /sbin/chkconfig mdmonitor off # Intel chips require this service /sbin/chkconfig --level 345 microcode_ctl off /sbin/chkconfig netfs off /sbin/chkconfig pcmcia off /sbin/chkconfig smartd off /sbin/chkconfig xinetd off /sbin/chkconfig haldaemon off /sbin/chkconfig messagebus off # disable gpm because the ibm remote console doesn't handle it well /sbin/chkconfig --del gpm # disable nfs but leave portmap running /sbin/chkconfig --level 345 portmap on /sbin/chkconfig nfs off /sbin/chkconfig nfslock off /sbin/chkconfig rpcgssd off /sbin/chkconfig rpcidmapd off /sbin/chkconfig rpcsvcgssd off # turn off by default (web, firewall) /sbin/chkconfig iptables off /sbin/chkconfig ip6tables /sbin/chkconfig avahi-daemon off /sbin/chkconfig wpa_supplicant off /sbin/chkconfig bluetooth off /sbin/chkconfig avahi-dnsconfd off /sbin/chkconfig hidd off /sbin/chkconfig yum-updatesd off /sbin/chkconfig pcscd off /sbin/chkconfig firstboot off /sbin/chkconfig xfs off /sbin/chkconfig httpd off
Kickstart the server, once its finished, make sure its updated with the latest fixes. Once updates have finished you may want to restart (just incase you have new kernel update).
You now need to install packages required to get FDS on Centos 5.2 working.
yum install svrcore mozldap perl-Mozilla-LDAP libicu (Do not need for Centos Directory Server) yum install xorg-x11-xauth bitstream-vera-fonts dejavu-lgc-fonts urw-fonts
You will need Java for this, so install OpenJDK from teh Centos Testing repo
cd /etc/yum.repos.d wget http://dev.centos.org/centos/5/CentOS-Testing.repo
The testing repo is disabled by default, but we can still install OpenJDK using the following command:
yum --enablerepo=c5-testing install java-1.6.0-openjdk
If you want to use the console, yum install ldapjdk - or get it from jpackage.org
Set up system to install Fedora Core 6 packages - GPG keys first: (Do not need for Centos Directory Server)
rpm --import http://www.mirrorservice.org/sites/download.fedora.redhat.com/pub/fedora/linux/core/6/i386/os/RPM-GPG-KEY-fedora rpm --import http://www.mirrorservice.org/sites/download.fedora.redhat.com/pub/fedora/linux/extras//RPM-GPG-KEY-Fedora-Extras
NOTE: Many of the packages are now signed by a personal key - this key will need to be imported into RPM - the key is available here -
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA7B02652
(Do not need for Centos Directory Server)
rpm --import 'http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xA7B02652'
Note the single quotes above - to avoid ? and & being interpreted by the shell.
Install adminutil and jss from FC6 (Do not need for Centos directory server)
rpm -ivh http://www.mirrorservice.org/sites/download.fedora.redhat.com/pub/fedora/linux/extras/6/x86_64/adminutil-1.1.5-1.fc6.x86_64.rpm rpm -ivh http://www.mirrorservice.org/sites/download.fedora.redhat.com/pub/fedora/linux/extras/6/x86_64/jss-4.2.5-1.fc6.x86_64.rpm
Set up your Fedora DS yum repo - as root (Do Not need for Centos Directory Server)
cd /etc/yum.repos.d wget http://directory.fedoraproject.org/sources/idmcommon.repo wget http://directory.fedoraproject.org/sources/dirsrv.repo
Edit the idmcommon.repo and dirsrv.repo files - replace $releasever with 6 - otherwise it will attempt to use "5" as the release version
(Do Not need for Centos Directory Server)
Then install Fedora Directory Server
yum install fedora-ds or: yum install centos-ds (To install Centos Directory Server).
Run the script
/usr/sbin/setup-ds-admin.pl
This is where all of the information about the new Directory Server instance is supplied. The "typical setup" is the most commonly-used setup process, it offers control over the ports for the Directory and Administration Servers, the domain name, and directory suffix. For the step by step example:
Start the console to log in - NOTE: Java 1.5 and possibly some earlier versions have a problem with window order/focus. This means that when you run fedora-idm-console, you will see only the splash screen and not the login dialog. If this occurs, please use
fedora-idm-console -x nologo ... other args ...
Once you have completed the scripted installation you should see something along like this:
Creating directory server . . . Your new DS instance 'fds' was successfully created. Creating the configuration directory server . . . Beginning Admin Server creation . . . Creating Admin Server files and directories . . . Updating adm.conf . . . Updating admpw . . . Registering admin server with the configuration directory server . . . Updating adm.conf with information from configuration directory server . . . Updating the configuration for the httpd engine . . . Starting admin server . . . The admin server was successfully started. Admin server was successfully created, configured, and started. Exiting . . . Log file is '/tmp/setup2RLIK5.log'
Once this is complete run the following command to start the admin console (Remote Xsession is required if running from windows)
grep \^Listen /etc/dirsrv/admin-serv/console.conf
Now you know the port run the following command and start configuring your Directory Server.
fedora-idm-console -a http://localhost:9830
You need to get the clients to use the LDAP server for authentication. You can do this using the following line below.
authconfig --enableldap --enableldapauth --enablemkhomedir --ldapserver=192.168.1.120 --ldapbasedn="dc=unixcraft,dc=com" --update
The above line will configure the client to use the Directory Server, and also configure mkhomedir module, which will create users home directories as they login. If the directories are located centrally this would only happen the first time the user logs into a system.
On your NFS server, you need to export the /home directory (which is where users home directories will be).
Edit the file
/etc/exports
Place the following entry in the file
/home *(rw,no_root_squash,sync)
The above line is a basic entry and more option can be applied, this is just an example to get you started.
Now that the server side configurations are completed you can start working on the clients.
Edit the auto.master file
/etc/auto.master
Place the following line at the bottom of the file
/- /etc/auto.home
Now you need to create the /etc/auto.home file, create this file and place the following in the file:
/home -rsize=8192,wsize=8192,soft,intr,nosuid fds.unixcraft.com:/home/
Restart the autofs service
service autofs restart
Now you should be able to login with the users in you directory and there home directories will be created if they do not exist 
NOTE:
When loging in with users you may the following error
cannot find name for group ID
This is because the gidnumber for the users has no name assigned to it (this is not an issue but you may want to get rid of this message).
Roght click on the user and click advanced properties. Now click on "objectclass" values, then click on "Add Value" button on the right hand side, select "posixgroup". Thats it, this should now sort out the group name not found issue.
Groups
To allow users to join a group which will be used by your Unix/Linux clients, create a group in your directory. Then you must add posixGroup to the objectclass (in advanced properties). Once you have done this you must give the group a gidNumber.
You can now use the groups in you Linux/Unix servers, you can also have the entry AllowGroups in your sshd_config.