On Mon, Apr 21, 2014 at 4:03 PM, Dean Hunter <deanhun...@comcast.net> wrote: > On Mon, 2014-04-21 at 14:05 -0500, Dean Hunter wrote: > > I am sorry, but I have forgotten where to start to diagnose this problem. > Please remind me. > > [dean@host ~]$ ssh desktop.hunter.org > Last login: Sun Apr 20 21:12:38 2014 from host.hunter.org > Could not chdir to home directory /home/net/dean: Permission denied > -bash: /home/net/dean/.bash_profile: Permission denied > -bash-4.2$ pwd > / > -bash-4.2$ ls -l /home > total 4 > drwx------. 4 local local 4096 Apr 20 21:04 local > drwxr-xr-x. 3 root root 0 Apr 21 13:48 net > -bash-4.2$ ls -l /home/net > total 8 > drwx--x---. 29 dean dean 4096 Apr 20 21:28 dean > -bash-4.2$ ls -l /home/net/dean > ls: cannot access /home/net/dean: Permission denied > -bash-4.2$ whoami > dean > -bash-4.2$ exit > logout > -bash: /home/net/dean/.bash_logout: Permission denied > Connection to desktop.hunter.org closed. > [dean@host ~]$ > > desktop.hunter.org is a VM that I have rebuilt several times trying to work > around this problem. ipa-client-install and ipa-client-automount completed > without error messages. /home/net/dean is accessible when I log-in through > gdm and Virtual Machine Manager. > > > _______________________________________________ > Freeipa-users mailing list > Freeipaemail@example.com > https://www.redhat.com/mailman/listinfo/freeipa-users > > > Now it appears as though that ssh fails to access the auto-mount home > directory until after successful gdm log-in: > I still suck at osssd (I assume the host you are connecting to is rh/centos/fedora), but in pam you have to define each way you are logging (gdm, ssh, screensaver) in to get a kerberos ticket, and create the cache in /tmp after you are successfully authenticated. automount then can use that ticket to do its thing. You will also notice if you kinit manually you will then be able to cd to that directory.
That is where I would start looking at. > > [dean@host ~]$ ssh desktop.hunter.org > Last login: Mon Apr 21 14:34:51 2014 from host.hunter.org > [dean@desktop ~]$ pwd > /home/net/dean > [dean@desktop ~]$ sudo -l > Matching Defaults entries for dean on desktop: > requiretty, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE > INPUTRC > KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG > LC_ADDRESS > LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT > LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER > LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET > XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin > > User dean may run the following commands on desktop: > (root : root) NOPASSWD: ALL > [dean@desktop ~]$ yum list installed freeipa-* > Loaded plugins: langpacks, refresh-packagekit > Installed Packages > freeipa-client.x86_64 3.3.4-3.fc20 > @local-updates > freeipa-python.x86_64 3.3.4-3.fc20 > @local-updates > [dean@desktop ~]$ logout > > Connection to desktop.hunter.org closed. > [dean@host ~]$ > > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users