Wednesday 19 March 2014

NFS/LDAP only at home

NOTE: This doesn't work reliable for only some users. It seems like nsswitch.conf needs faking earlier than that. A better answer might be to iptables-rst the ldap requests or something so that ldap fails quickly.

I have this pre-init script in /etc/init/autofs.conf

start on runlevel [2345] and net-device-up IFACE=wlan0
...
pre-start script
    modprobe -q autofs4 || true
    if iwconfig | grep 00:18:84:26:7E:1B 
    then sed -e 's/ #ldap/ ldap/' /etc/nsswitch.conf > /var/tmp/nsswitch.conf && mount /var/tmp/nsswitch.conf /etc/nsswitch.conf -o bind
    else ! true
    fi
end script

and these lines in my /etc/nsswitch.conf

passwd:         compat #ldap
group:          compat #ldap
shadow:         compat #ldap

When I'm on my home wireless network (detected by the access-point mac address, autofs will run to mount home directories, and ldap will be enabled and used to validate user accounts.

Otherwise it is a standalone laptop and will revert to built in accounts and home directories.