Sami Hulkko via FreeIPA-users wrote: > To add: > > If mounted with -S (no sssd) upon login the mount is not accepted and > error: > > key has expired: /home/foo.org/foouser > > though with klist: > > non expired krb5 key.
I'd follow standard SSSD troubleshooting by increasing the debug level and reproduce. Then they can analyze the log(s). rob > > SH > > On 10/08/2022 09:33, Sami Hulkko via FreeIPA-users wrote: >> I can add that with: >> >> ipa-client-automount -S (no sssd) >> >> it works. >> >> On 10/08/2022 09:23, Sami Hulkko wrote: >>> Hi, >>> >>> I have a home folders shared at server.foo.org on folder >>> /srv/home/foo.org and I can mount this share on client.foo.org with >>> kerberos security. >>> >>> /etc/export is: >>> >>> /srv/home/foo.org >>> *(rw,sec=krb5:krb5i:krb5p,sync,no_root_squash,no_subtree_check) >>> >>> On Freeipa server under Network Services I have: >>> >>> default >>> >>> under it : >>> >>> auto.master that has /home/foo.org key and auto.home mount information. >>> >>> auto.home has: >>> >>> * -fstype=nfs4,rw,sec=krb5 server.foo.org:/srv/home/foo.org/& >>> >>> So, NFS share mount on manual mount command with Kerberos5 security. >>> Yet the automount fails on login. I don't see any error on config. >>> >>> SH >>> >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> >> Do not reply to spam, report it: >> https://pagure.io/fedora-infrastructure/new_issue > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
