Thnks a lot for all the replies!
This is a 64 bit machine. So I will try to install 32 bit and let you know the 
Also, I was trying to configure NFS service on the FreeIPA machine. I followed 
exactly as given in the deployment guide and tested with another RHEL 6.1 
client machine with ipa-client installed on it. When I try to mount the nfs 
export I am getting the following error,
[root@abc Packages]# mount -v -t nfs4 -o sec=krb5 openipa.cohort.org:/ 
/mntmount.nfs4: timeout set for Mon May  9 17:36:14 2011mount.nfs4: trying 
text-based options 
'sec=krb5,addr=,clientaddr='mount.nfs4: mount(2): 
Permission deniedmount.nfs4: access denied by server while mounting 
openipa.cohort.org:/[root@abc Packages]#
But when I try to remove the kerberos authentication (i.e without -o sec=krb5) 
it gets mounted without any problem. I googled a lot for this error and tried 
all the suggestions like adding allow_weak_crypto parameter in the krb5.conf 
file, checking host/DNS/Keytab entries etc. Still it does not work. When I give 
weak crypto entry and add some weak crypto like des-cbc-md5, server rejects and 
says that it is not supported. My /etc/export file and all the necessary 
commands are copy pasted from the deployment guide with only the necessary 
modifications to suite my values.
Please suggest me what to do.
Thanks indeed in advance and regards,Nidal

--- On Mon, 5/9/11, Adam Young <ayo...@redhat.com> wrote:

From: Adam Young <ayo...@redhat.com>
Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment
To: "nasir nasir" <kollath...@yahoo.com>
Cc: freeipa-users@redhat.com
Date: Monday, May 9, 2011, 6:17 AM


    On 05/08/2011 11:57 PM, nasir nasir wrote:


              I truly
                appreciate your persistence ! 

              I tried
                using alien and it generated the .deb file successfully
                and even installed the ipa client package without any
                error on the client machine(Kubuntu 11.04). But when I
                run the ipa-client-install command, it gave the
                following error,


                openway@dl-360:~/rpm$ sudo
                There was a problem importing one of the
                      required Python modules. The
                error was:

                    No module named
    I'm guessing that this is a 64 bit system?  It might be an arch
    issue.  IU know that Debian and RH mde different choices for 32 on
    64.  RH/Fedora puts the Python code into 




    Debian might be looking under /usr/lib/  for Python.


    Try a 32bit RPM.




                  I even created the deb file out of ipa-python
                    package and installed it on the kubuntu
                    machine(without any error). Still, its the same. Any
                    idea ?

                  Thanks and regards,

                  --- On Sun, 5/8/11, Adam Young <ayo...@redhat.com> wrote:


                  From: Adam Young <ayo...@redhat.com>

                  Subject: Re: [Freeipa-users] FreeIPA for Linux desktop

                  To: "nasir nasir" <kollath...@yahoo.com>

                  Cc: freeipa-users@redhat.com

                  Date: Sunday, May 8, 2011, 4:39 PM


                    On 05/08/2011 06:20 AM, nasir nasir wrote:

                              Thanks indeed again for the reply. I went
                              through the deployment guide and installed
                              and configured FreeIPA 2.0 on a RHEL 6.1
                              beta machine for testing. I also
                              configured the browsers on this server and
                              a client Kubuntu machine as per the guide.
                              But I can't find any doc which explain how
                              to configure a client (kubuntu in my case)
                              for single sign on or even accessing a
                              service like nfs using the browser when
                              native ipa-client package is not
                              available. All the docs are focused on
                              configuring client machines using
                              ipa-client package. Is this possible? if
                              so could anyone suggest me some guide
                              lines or docs for the same ?

                    Did you try installing the ipa-client rpms with



                              Thanks and Regards,

                                --- On Mon, 5/2/11, Adam Young 


                                  From: Adam Young <ayo...@redhat.com>

                                  Subject: Re: [Freeipa-users] FreeIPA
                                  for Linux desktop deployment

                                  To: "nasir nasir" <kollath...@yahoo.com>

                                  Cc: freeipa-users@redhat.com

                                  Date: Monday, May 2, 2011, 8:03 AM


                                   On 05/01/2011
                                    08:49 AM, nasir nasir wrote:
                                               Thanks for all the
                                                replies and great
                                                suggestions! I do
                                                appreciate it a lot.

                                                Apologies for being a
                                                bit confusing about the
                                                cetralized /home foder
                                                in my previous mail.
                                                What I want is that all
                                                the users should have
                                                their /home folder
                                                stored in the storage.
                                                This entire partition
                                                (or LUN) can be attached
                                                to my Authentication
                                                server(i.e FreeIPA) by
                                                using iSCSI. From the
                                                Authentication server, I
                                                am NOT looking for iSCSI
                                                to get it mounted to the
                                                individual users'
                                                machine. I think
                                                NFS/automount would do
                                                that(appreciate any
                                                suggestion on this !)
                                                And whenever a new user
                                                is created, /home should
                                                be allocated out of this
                                                partition so that
                                                whichever machine the
                                                user is using to login
                                                later, she should be
                                                able to access the same
                                                /home specific to her
                                                regardless of the
                                                machine. I hope it is
                                                clear to all :-)

                                              Thanks and regards,


                                                     -- Centralized
                                                  storage with iSCSI for
                                                  /home folder for each
                                                  user by means of a
                                                  dedicated storage

                                                  IPA manages Automount,
                                                  which is possibly what
                                                  you want.  Are you
                                                  going to give each
                                                  user their own
                                                  partition that follows
                                                  them around, or are
                                                  you going to give the
                                                  a home directory on a
                                                  a NAS server?  I Have
                                                  to admit, the iSCSI
                                                  home mount sounds
                                                  interesting.  You
                                                  could probably get
                                                  automount to help you
                                                  out there, but at this
                                                  point I think that you
                                                  would need a separate
                                                  key line for each


                                                  Note that iSCSI won't
                                                  help you if you want
                                                  to mount the same
                                                  partition on multiple
                                                  clients.  For this,
                                                  you either need a
                                                  distributed File
                                                  System, or stick to






                                    OK, I'd probably do something like
                                    this:  After install IPA, add one
                                    host as an IPA client with the
                                    following switch:  --mkhomedir,,
                                    something like  ipa-client-install
                                    --mkhomedir -p admin.   Then, mount
                                    the directory that you are going to
                                    use a /home on that machine.  Once
                                    you create users in IPA, the first
                                    time you log in as that user, do so
                                    from that client, and it will
                                    attempt to create the home directory
                                    for you.    This should be the only
                                    machine that has permissions to
                                    create directories under /home. 
                                    Now, create an automount location
                                    and map, and create a key for /home


                                    The instructions from our test day
                                    should get you started:








Freeipa-users mailing list

Reply via email to