I am having trouble with setting up NFSv4 login for users on my IdM network.
Normally all users should be able to ssh into the servers using keys,
but this happens for only my user (an admin).
And when I login and sudo as root, and then su - username, listing the
contents of the user's directory, I see everything is owned by

I setup NFSv4 based on the instructions in this blog:

In a nutshell, I setup like this:

1. Added service principals for the nfs server and a few clients with
ipa-service-add, on my primary IPA server
"ipa service-add nfs/nfs.mydomain.com"
"ipa service-add nfs/atestclient.testing.mydomain.com"
"ipa service-add nfs/aserver.mydomain.com"

2. Added the auto.home map (In my case, my users use /share, not
/home, so I created an auto.share map instead)
"ipa automountmap-add default auto.share"

3. Added the auto.share to auto.master
"ipa automountkey-add default --key "/share" --info auto.share auto.master
4. Added the key to the auto.share map
ipa automountkey-add default --key "*" --info
nfs.qrios.com:/share/&" auto.share"

5. Created Keytab on the NFS Server as described.
"ipa-getkeytab -s ipa1.mydomain.com -p nfs/nfs.mydomain.com -k /etc/krb5.keytab"
6. Told the server to use secure NFS, created the share and started the service.

7. I also added each servers keytab onto it, and ran ipa-client-automount.

But now, on each server, I can only login password-less with one
account, other accounts demand passwords, and when the user logs in
permissions are set to nobody:nobody.

My /etc/exports:
/share  *(rw,sec=sys:krb5:krb5i:krb5p)

I see no errors in the nfs server logs, and on the client.

I am grateful for any guidance provided.

Thank you!

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to