> On 19 Mar 2015, at 21:18, Roberto Cornacchia <[email protected]> > wrote: > > It's possible that I'm simply not getting the point, or that I don't > understand the documentation correctly, but this is what I don't find clear: > > I had seen the instructions you pointed me at. These are not specifically > about home directories. > > However, this section is: > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#homedir-reqs > > > It first suggests that automatic creation of home directories over NFS shares > is possible: just automount /home and then use pam_oddjob_mkhomedir or > pam_mkhomedir to create homedirs at first login. > > But then it also suggests that mounting the whole /home tree could be an > issue, and says: "Use automount to mount only the user's home directory and > only when the user logs in, rather than loading the entire /home tree." > > That means that automatic homedir creation is out of the game, doesn't it? > > That's what I find confusing. What's the recommended way? >
It really depends on your environment. For your size, it's perfectly fine to NFS mount the whole /home tree and be done with it. Don't optimize prematurely :-) > > > On 19 March 2015 at 20:49, Dmitri Pal <[email protected]> wrote: > On 03/19/2015 02:46 PM, Roberto Cornacchia wrote: >> Hi Dmitri, >> >> I do realise my question is borderline and I accept that it is considered >> off-topic. >> >> I did post it here because I believe it's not *only* about NFS, but also >> about its interaction with freeIPA. The issue of NFS home and in particular >> about their creation is touched in all the links I posted (all about >> freeIPA) and never really answered. >> > > This is what documented and recommended: > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#kerb-nfs > > RHEL6 has a similar chapter in its doc set though books have changed > significantly between 6 and 7. > > I do not see any chicken and egg problem there. > The instructions show how to create home dirs on the first login. > > It mounts the volume and then creates dirs on it as users log in if they are > not already there. > > It is unclear what problem you see with doing it the way it is recommended. > > > >> Best, >> Roberto >> >> On 19 March 2015 at 19:36, Dmitri Pal <[email protected]> wrote: >> On 03/19/2015 05:29 AM, Roberto Cornacchia wrote: >>> On 6 March 2015 at 11:15, Martin Kosek <[email protected]> wrote: >>> On 03/06/2015 10:56 AM, Roberto Cornacchia wrote: >>> Hi there, >>> >>> I'm planning to deploy freeIPA on our lan. >>> It's small-ish and completely based on FC21, so I expect everything to work >>> like a charm. >>> >>> Except one detail. We have Synology NAS station, which uses DSM 5.0. >>> The ideal plan is to use it as host for shared NFS home dirs once we switch >>> our >>> desktops to freeIPA. >>> >>> Great! >>> >>> >>> Hello, >>> >>> The first thing I'm struggling with is to find the correct approach about >>> NFS home dirs. >>> The ideal setting would be: >>> - home dirs on the NAS >>> - IPA manages automount maps >>> - home dirs are created automatically at first login >>> >>> The documentation I could find on these topics includes only not-so-recent >>> pages (anything I missed?): >>> >>> http://wiki.linux-nfs.org/wiki/index.php/NFS_and_FreeIPA >>> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/automount.html >>> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/users.html#home-directories >>> http://adam.younglogic.com/2011/06/automount-and-home-directory-creation/ >>> >>> Now, I admit I don't have much experience with setting up NFS homes, with >>> or without freeIPA, so trying to get this done correctly in the context of >>> freeIPA and without clear howtos isn't very easy, but I'm willing to get my >>> hands dirty. >>> >>> The first problem I struggle with is on the correct approach. >>> From the documentation above, I understand that there is a bit of a >>> chicken-egg problem about the creation of home dirs. >>> On the one hand, it would be optimal to have automount maps to load only >>> single home dirs on demand, rather than the entire /home tree. >>> On the other hand, if the /home tree is not available, then creating >>> /home/user1 dir automatically isn't really possible. >>> >>> Just mounting the whole /home tree would make things easier, but I don't >>> have a feeling of when it starts to become a performance issue (assuming >>> recent hardware and up to date software). 10 users? 50? 100? 500? No idea. >>> The realm I'm dealing with at the moment is in the range of 5-10 users and >>> probably won't be larger than 50 in the next few years (and if it will, it >>> means things are going well, so what the heck ;) >>> Also true that, with such few users, I could just create the homedirs >>> manually when needed (this is not an organisation where many users come and >>> go) and just mount the individually. >>> Any tips about this? >>> >>> Best, Roberto >>> >>> >>> >>> >> Some of these questions are really outside the scope of this list. >> You might consider asking them on the NFS list. >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager IdM portfolio >> Red Hat, Inc. >> >> >> -- >> Manage your subscription for the Freeipa-users mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-users >> Go to http://freeipa.org for more info on the project >> >> >> > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager IdM portfolio > Red Hat, Inc. > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
