Thanks, Jakub.
On 19 March 2015 at 21:23, Jakub Hrozek <[email protected]> wrote: > > > On 19 Mar 2015, at 21:18, Roberto Cornacchia < > [email protected]> wrote: > > > > It's possible that I'm simply not getting the point, or that I don't > understand the documentation correctly, but this is what I don't find clear: > > > > I had seen the instructions you pointed me at. These are not > specifically about home directories. > > > > However, this section is: > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#homedir-reqs > > > > It first suggests that automatic creation of home directories over NFS > shares is possible: just automount /home and then use pam_oddjob_mkhomedir > or pam_mkhomedir to create homedirs at first login. > > > > But then it also suggests that mounting the whole /home tree could be an > issue, and says: "Use automount to mount only the user's home directory and > only when the user logs in, rather than loading the entire /home tree." > > > > That means that automatic homedir creation is out of the game, doesn't > it? > > > > That's what I find confusing. What's the recommended way? > > > > It really depends on your environment. For your size, it's perfectly fine > to NFS mount the whole /home tree and be done with it. Don't optimize > prematurely :-) > > > > > > > On 19 March 2015 at 20:49, Dmitri Pal <[email protected]> wrote: > > On 03/19/2015 02:46 PM, Roberto Cornacchia wrote: > >> Hi Dmitri, > >> > >> I do realise my question is borderline and I accept that it is > considered off-topic. > >> > >> I did post it here because I believe it's not *only* about NFS, but > also about its interaction with freeIPA. The issue of NFS home and in > particular about their creation is touched in all the links I posted (all > about freeIPA) and never really answered. > >> > > > > This is what documented and recommended: > > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#kerb-nfs > > > > RHEL6 has a similar chapter in its doc set though books have changed > significantly between 6 and 7. > > > > I do not see any chicken and egg problem there. > > The instructions show how to create home dirs on the first login. > > > > It mounts the volume and then creates dirs on it as users log in if they > are not already there. > > > > It is unclear what problem you see with doing it the way it is > recommended. > > > > > > > >> Best, > >> Roberto > >> > >> On 19 March 2015 at 19:36, Dmitri Pal <[email protected]> wrote: > >> On 03/19/2015 05:29 AM, Roberto Cornacchia wrote: > >>> On 6 March 2015 at 11:15, Martin Kosek <[email protected]> wrote: > >>> On 03/06/2015 10:56 AM, Roberto Cornacchia wrote: > >>> Hi there, > >>> > >>> I'm planning to deploy freeIPA on our lan. > >>> It's small-ish and completely based on FC21, so I expect everything to > work > >>> like a charm. > >>> > >>> Except one detail. We have Synology NAS station, which uses DSM 5.0. > >>> The ideal plan is to use it as host for shared NFS home dirs once we > switch our > >>> desktops to freeIPA. > >>> > >>> Great! > >>> > >>> > >>> Hello, > >>> > >>> The first thing I'm struggling with is to find the correct approach > about NFS home dirs. > >>> The ideal setting would be: > >>> - home dirs on the NAS > >>> - IPA manages automount maps > >>> - home dirs are created automatically at first login > >>> > >>> The documentation I could find on these topics includes only > not-so-recent pages (anything I missed?): > >>> > >>> http://wiki.linux-nfs.org/wiki/index.php/NFS_and_FreeIPA > >>> > http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/automount.html > >>> > http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/users.html#home-directories > >>> > http://adam.younglogic.com/2011/06/automount-and-home-directory-creation/ > >>> > >>> Now, I admit I don't have much experience with setting up NFS homes, > with or without freeIPA, so trying to get this done correctly in the > context of freeIPA and without clear howtos isn't very easy, but I'm > willing to get my hands dirty. > >>> > >>> The first problem I struggle with is on the correct approach. > >>> From the documentation above, I understand that there is a bit of a > chicken-egg problem about the creation of home dirs. > >>> On the one hand, it would be optimal to have automount maps to load > only single home dirs on demand, rather than the entire /home tree. > >>> On the other hand, if the /home tree is not available, then creating > /home/user1 dir automatically isn't really possible. > >>> > >>> Just mounting the whole /home tree would make things easier, but I > don't have a feeling of when it starts to become a performance issue > (assuming recent hardware and up to date software). 10 users? 50? 100? 500? > No idea. > >>> The realm I'm dealing with at the moment is in the range of 5-10 users > and probably won't be larger than 50 in the next few years (and if it will, > it means things are going well, so what the heck ;) > >>> Also true that, with such few users, I could just create the homedirs > manually when needed (this is not an organisation where many users come and > go) and just mount the individually. > >>> Any tips about this? > >>> > >>> Best, Roberto > >>> > >>> > >>> > >>> > >> Some of these questions are really outside the scope of this list. > >> You might consider asking them on the NFS list. > >> > >> -- > >> Thank you, > >> Dmitri Pal > >> > >> Sr. Engineering Manager IdM portfolio > >> Red Hat, Inc. > >> > >> > >> -- > >> Manage your subscription for the Freeipa-users mailing list: > >> https://www.redhat.com/mailman/listinfo/freeipa-users > >> Go to http://freeipa.org for more info on the project > >> > >> > >> > > > > > > -- > > Thank you, > > Dmitri Pal > > > > Sr. Engineering Manager IdM portfolio > > Red Hat, Inc. > > > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > > > > -- > > Manage your subscription for the Freeipa-users mailing list: > > https://www.redhat.com/mailman/listinfo/freeipa-users > > Go to http://freeipa.org for more info on the project > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
