On 05/12/2011 03:30 PM, nasir nasir wrote:
Adam,
I tried to follow your recommendations with RHEL 6.1 beta on server
and client machine. Centralized login and such things work. I have NFS
service too working. But automount is not working. For the time being
I configured my server as NFS server and created a folder /export as a
share for creating home folder. I have *pam_oddjob_mkhomedir.so
*enabled in pam files for autocreation of home folders. Now I can
manually mount the /export nfs share on the server and the client
successfully. But when I do that on server for testing and try to
login as a new user(e.g abc), it is not creating home folder. It gives
the following error,
*oddjob-mkhomedir[16401]: error setting permissions on /home/abc:
Operation not permitted*
It might be a root squash issue. My guess is that the order of
operations for creating a root directory, which is done by root, is:
1. mkdir /home/userid
2. chown uid:gid /home/userid
It sounds from the error message that the first stage happened, but NFS
is not allowing the second stage. To confirm, as a root (and kinit
admin) user on the client machine, just try these two steps in order and
see if they still fail.
chown is a different system call from mkdir, and might have different
nfs enforced permissions. You probably need rwx permissions in /etc/export.
I have given 777 for my /export and rw permission in /etc/export.
Output of the command *ipa automountlocation-tofiles default*.
*
*
*/etc/auto.master:*
*/- /etc/auto.direct*
*/share /etc/auto.share*
*/home /etc/auto.home*
*---------------------------*
*/etc/auto.direct:*
*---------------------------*
*/etc/auto.share:*
*---------------------------*
*/etc/auto.home:*
** -rw,nfs4,sec=krb5,soft,rsize=8192,wsize=8192
openipa.cohort.org:/export/home/&*
**
I tried reading many docs(RHEL deployment guide, google, FreeIPA doc
etc). The problem is that they are confusing and conflicting in many
cases.
There is a lot of old information on the site that needs to be updated
to 2.0, and we are working on that. the more input (tickets logged into
Trac) we can get for that the better.
Please advice me how to proceed.
Thanks and Regards,
Nidal
Nidal,
OK, I'd probably do something like this: After
install IPA, add one host as an IPA client with the
following switch: --mkhomedir,, something like
ipa-client-install --mkhomedir -p admin. Then,
mount the directory that you are going to use a
/home on that machine. Once you create users in
IPA, the first time you log in as that user, do so
from that client, and it will attempt to create the
home directory for you. This should be the only
machine that has permissions to create directories
under /home. Now, create an automount location and
map, and create a key for /home
The instructions from our test day should get you
started:
https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
