Hi,

I am trying to automount user home shares from an NFS server. Up to now, without success.


Some details regarding my setup: I have a CentOS 7.3 machine acting as an NFS server. It is a host within my IPA domain and enrolled as an IPA client.

[root@ipanfs ~]# cat /etc/exports

/homeshare      *(rw,sec=krb5:krb5i:krb5p)


I followed this guide https://blog.delouw.ch/2015/03/14/using-ipa-to-provide-automount-maps-for-nfsv4-home-directories/

I defined a automount location called ipauserhome. In this location I have a map called auto.home with this content:

*     -fstype=nfs4,rw,sec=krb5 ipanfs.linux.oebb.at:/homeshare/&

On an ipa client I just did "ipa-client-automount --location=ipauserhome" and "authconfig --enablemkhomedir --update".

When I login on the ipa client I get the error message "Could not chdir to home directory [...] No such file or directory.".

I see that home is mounted on the client

auto.home on /home type autofs (rw,relatime,fd=12,pgrp=1079,timeout=300,minproto=5,maxproto=5,indirect)

[root@testclient ~]# ls -alh /home

total 4,0K

drwxr-xr-x.  2 root root    0 12. Apr 10:22 .

dr-xr-xr-x. 17 root root 4,0K 11. Apr 17:52 ..


but for some reason it works not as expected. SELinux is set to permissive on both NFS server and the ipa client. Nevertheless, I get a suspicious message in /var/log/messages:

Apr 12 10:22:48 testclient dbus[804]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'

Apr 12 10:22:48 testclient dbus-daemon: dbus[804]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'

Apr 12 10:22:49 testclient setroubleshoot: SELinux is preventing /usr/libexec/oddjob/mkhomedir from write access on the directory /. For complete SELinux messages. run sealert -l 76dd44bd-9ba6-4bf3-ba75-72834533cb0e

Apr 12 10:22:49 testclient python: SELinux is preventing /usr/libexec/oddjob/mkhomedir from write access on the directory /.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that mkhomedir should be allowed write access on the directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'mkhomedir' --raw | audit2allow -M my-mkhomedir#012# semodule -i my-mkhomedir.pp#012

Apr 12 10:22:49 testclient setroubleshoot: SELinux is preventing /usr/libexec/oddjob/mkhomedir from write access on the directory /. For complete SELinux messages. run sealert -l 76dd44bd-9ba6-4bf3-ba75-72834533cb0e

Apr 12 10:22:49 testclient python: SELinux is preventing /usr/libexec/oddjob/mkhomedir from write access on the directory /.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that mkhomedir should be allowed write access on the directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'mkhomedir' --raw | audit2allow -M my-mkhomedir#012# semodule -i my-mkhomedir.pp#012

Apr 12 10:22:49 testclient setroubleshoot: SELinux is preventing /usr/libexec/oddjob/mkhomedir from write access on the directory /. For complete SELinux messages. run sealert -l 76dd44bd-9ba6-4bf3-ba75-72834533cb0e

Apr 12 10:22:49 testclient python: SELinux is preventing /usr/libexec/oddjob/mkhomedir from write access on the directory /.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that mkhomedir should be allowed write access on the directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'mkhomedir' --raw | audit2allow -M my-mkhomedir#012# semodule -i my-mkhomedir.pp#012

Apr 12 10:23:51 testclient automount[1079]: st_expire: state 1 path /home

Apr 12 10:23:51 testclient automount[1079]: expire_proc: exp_proc = 139761696524032 path /home

Apr 12 10:23:51 testclient automount[1079]: expire_cleanup: got thid 139761696524032 path /home stat 0

Apr 12 10:23:51 testclient automount[1079]: expire_cleanup: sigchld: exp 139761696524032 finished, switching from 2 to 1

Apr 12 10:23:51 testclient automount[1079]: st_ready: st_ready(): state = 2 path /home

Apr 12 10:25:06 testclient automount[1079]: st_expire: state 1 path /home

Where to look next?

Regards,
Ronald

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to