Hello, I am attempting to configure autofs to automount home directories from an NFS server.
I'm following these instructions as this was the only contiguous "here's what you need to do" instructions as the FreeIPA and Fedora documentation seems to contradict itself, and there's no clear cut a. then b. then c. (Admittedly, this is my first foray into managing home dirs this way, so I'm learning all around :) but I need a bit of direction...) First things first, can anyone confirm these directions are correct please? http://blog.delouw.ch/2015/03/14/using-ipa-to-provide-automount-maps-for-nfsv4-home-directories/ I'm going to assume they are for the purposes of the rest of the post. I'm currently working with three servers: freeipa01 - The FreeIPA server home-dir01 - The Home directory NFS server ipa-test01 - My test server where I'm making changes/trying to mount the home directory. ipa-test01 is the only CentOS 6.5 machine (no choice, it's the "production blessed" image), freeipa01 and home-dir01 are both CentOS7. Following those above linked instructions, I have created the following autmount configurations: Automount Configuration: >> [root@ipa-test01 ~]# ipa automountlocation-find >> ---------------------------- >> 1 automount location matched >> ---------------------------- >> Location: default >> ---------------------------- >> Number of entries returned 1 >> ---------------------------- >> >> [root@ipa-test01 ~]# ipa automountmap-find >> Location: default >> ------------------------ >> 3 automount maps matched >> ------------------------ >> Map: auto.direct >> >> Map: auto.home >> >> Map: auto.master >> ---------------------------- >> Number of entries returned 3 >> ---------------------------- >> >> [root@ipa-test01 ~]# ipa automountkey-find default auto.home >> ----------------------- >> 1 automount key matched >> ----------------------- >> Key: * >> Mount information: -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192 home-dir01.sub.domain.mydomain.com:/exports/home/& >> ---------------------------- >> Number of entries returned 1 >> ---------------------------- Exports configuration: >> [root@home-dir01 home]# cat /etc/exports >> /exports/home *(rw,no_root_squash,sec=sys:krb5:krb5i:krb5p) At some point I generated this error. I have been unable to reproduce it... Included for completeness of my reporting but I don't think it's currently an issue. >> Feb 1 15:43:19 ipa-test01 rpc.gssd[1371]: ERROR: No credentials found for connection to server home-dir01.sub.domain.mydomain.com Without an entry in /etc/hosts I receive the following error when attempting to login as my domain user: >> Feb 1 16:22:13 ipa-test01 kernel: type=1105 audit(1454361733.209:125): user pid=1777 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct=" j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: unable to resolve 2605:1c00:50f2:300a:aaaa:56ff:ffff:442a to hostname: Temporary failure in name resolution >> Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: failed to read service info >> Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: unable to resolve 192.168.10.250 to hostname: Name or service not known >> Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: failed to read service info So I added the entry in /etc/hosts for my nfs server (will fix in DNS, but we use 3rd party DNS service that is not integrated with AD...), I get the following error (repeated attempts to sudo), note the "res=success" >> ipa-test01:/var/log/messages >> Feb 1 16:16:38 ipa-test01 kernel: __ratelimit: 90 callbacks suppressed >> Feb 1 16:16:38 ipa-test01 kernel: type=1123 audit(1454361398.936:92): user pid=1632 uid=0 auid=0 ses=1 msg='cwd="/root" cmd="-sh" terminal=pts/0 res=success' >> Feb 1 16:16:38 ipa-test01 kernel: type=1103 audit(1454361398.936:93): user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:16:38 ipa-test01 kernel: type=1105 audit(1454361398.943:94): user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct=" j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:16:38 ipa-test01 kernel: type=1106 audit(1454361398.944:95): user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:session_close acct=" j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:16:38 ipa-test01 kernel: type=1104 audit(1454361398.944:96): user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:16:39 ipa-test01 kernel: type=1123 audit(1454361399.976:97): user pid=1635 uid=0 auid=0 ses=1 msg='cwd="/root" cmd="-sh" terminal=pts/0 res=success' >> Feb 1 16:16:39 ipa-test01 kernel: type=1103 audit(1454361399.976:98): user pid=1635 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:16:39 ipa-test01 kernel: type=1105 audit(1454361399.982:99): user pid=1635 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct=" j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:16:39 ipa-test01 kernel: type=1106 audit(1454361399.983:100): user pid=1635 uid=0 auid=0 ses=1 msg='op=PAM:session_close acct=" j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' >> Feb 1 16:16:39 ipa-test01 kernel: type=1104 audit(1454361399.983:101): user pid=1635 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="j...@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success' These are the corresponding attempts to change user: >> [root@ipa-test01 ~]# sudo -iu j...@mydomain.com >> sudo: unable to change directory to /home/mydomain.com/jona: No such file or directory >> sudo: unable to execute /bin/sh: No such file or directory >> [root@ipa-test01 ~]# sudo -iu j...@mydomain.com >> sudo: unable to change directory to /home/mydomain.com/jona: No such file or directory >> sudo: unable to execute /bin/sh: No such file or directory >> [root@ipa-test01 ~]# sudo -iu j...@mydomain.com >> sudo: unable to change directory to /home/mydomain.com/jona: No such file or directory >> sudo: unable to execute /bin/sh: No such file or directory So clearly, it's not mounting the homedir, but I'm not producing any kind of error message... Note that I have no problem mounting this directory manually (with or without an entry in my /etc/hosts): >> [root@ipa-test01 ~]# mount home-dir01.sub.domain.mydomain.com:/exports/home/ /home/ >> home-dir01.sub.domain.mydomain.com:/exports/home/ on /home type nfs (rw,vers=4,addr=2605:1c00:50f2:300a:aaaa:56ff:ffff:442a,clientaddr=2605:1c00:50f2:300a:aaaa:56ff:ffff:dbf6) Interestingly enough, when I create an /etc/auto.home, I'm able to mount my home dir without issues: >> [root@ipa-test01 ~]# cat /root/auto.home >> * -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp 192.168.10.250: /exports/home/& >> [root@ipa-test01 ~]# cp /root/auto.home /etc/ >> [root@ipa-test01 ~]# service autofs restart >> Stopping automount: [ OK ] >> Starting automount: [ OK ] >> [root@ipa-test01 ~]# sudo -iu j...@mydomain.com >> -sh-4.1$ pwd >> /home/mydomain.com/jona >> -sh-4.1$ mount | grep home >> /dev/mapper/rootvg-home on /home type ext4 (rw,nodev) >> 192.168.10.250:/exports/home/mydomain.com on /home/mydomain.com type nfs (rw,nosuid,soft,intr,rsize=8192,wsize=8192,tcp,sloppy,vers=4,addr=192.168.10.250,clientaddr=192.168.10.84) >> [root@ipa-test01 ~]# rm /etc/auto.home >> rm: remove regular file `/etc/auto.home'? y >> [root@ipa-test01 ~]# service autofs restart >> Stopping automount: [ OK ] >> Starting automount: [ OK ] >> [root@ipa-test01 ~]# sudo -iu j...@mydomain.com >> sudo: unable to change directory to /home/mydomain.com/jona: No such file or directory >> sudo: unable to execute /bin/sh: No such file or directory But I think this counts as part of the "files" in the line in my nsswitch.conf: >> [root@ipa-test01 ~]# cat /etc/nsswitch.conf | grep automount >> automount: sss files If I'm understanding correctly, the server should pull all of this information from LDAP on where to mount from/to and should not have a local configuration file for dealing with "LDAP Managed" mount points. At this point I'm stumped. None of the guides or previous mailing lists seem to discuss this specific issue... Can anyone provide some further ideas for troubleshooting my setup please? Also, because I'm working with an AD domain, my login credentials are j...@mydomain.com which means my home directory is /home/mydomain.com/jona, so when any user from the AD domain logs into this server, all home dirs will be mounted since we're mounting home-dir01:/exports/home/mydomain.com to ipa-test01:/home/mydomain.com, right? Is there anyway to force more granular mounting of home directories? Thanks for the assistance! Best Regards, Jon A
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project