[Freeipa-users] Problem automounting home shares

Wed, 12 Apr 2017 01:57:07 -0700 

Hi,
I am trying to automount user home shares from an NFS server. Up to now, without success. 


Some details regarding my setup: I have a CentOS 7.3 machine acting as 
an NFS server. It is a host within my IPA domain and enrolled as an IPA 
client.


[root@ipanfs ~]# cat /etc/exports

/homeshare      *(rw,sec=krb5:krb5i:krb5p)



I followed this guide 
https://blog.delouw.ch/2015/03/14/using-ipa-to-provide-automount-maps-for-nfsv4-home-directories/



I defined a automount location called ipauserhome. In this location I 
have a map called auto.home with this content:


*     -fstype=nfs4,rw,sec=krb5 ipanfs.linux.oebb.at:/homeshare/&


On an ipa client I just did "ipa-client-automount 
--location=ipauserhome" and "authconfig --enablemkhomedir --update".



When I login on the ipa client I get the error message "Could not chdir 
to home directory [...] No such file or directory.".


I see that home is mounted on the client


auto.home on /home type autofs 
(rw,relatime,fd=12,pgrp=1079,timeout=300,minproto=5,maxproto=5,indirect)


[root@testclient ~]# ls -alh /home

total 4,0K

drwxr-xr-x.  2 root root    0 12. Apr 10:22 .

dr-xr-xr-x. 17 root root 4,0K 11. Apr 17:52 ..



but for some reason it works not as expected. SELinux is set to 
permissive on both NFS server and the ipa client. Nevertheless, I get a 
suspicious message in /var/log/messages:



Apr 12 10:22:48 testclient dbus[804]: [system] Successfully activated 
service 'org.fedoraproject.Setroubleshootd'



Apr 12 10:22:48 testclient dbus-daemon: dbus[804]: [system] Successfully 
activated service 'org.fedoraproject.Setroubleshootd'



Apr 12 10:22:49 testclient setroubleshoot: SELinux is preventing 
/usr/libexec/oddjob/mkhomedir from write access on the directory /. For 
complete SELinux messages. run sealert -l 
76dd44bd-9ba6-4bf3-ba75-72834533cb0e



Apr 12 10:22:49 testclient python: SELinux is preventing 
/usr/libexec/oddjob/mkhomedir from write access on the directory 
/.#012#012*****  Plugin catchall (100. confidence) suggests 
**************************#012#012If you believe that mkhomedir should 
be allowed write access on the  directory by default.#012Then you should 
report this as a bug.#012You can generate a local policy module to allow 
this access.#012Do#012allow this access for now by executing:#012# 
ausearch -c 'mkhomedir' --raw | audit2allow -M my-mkhomedir#012# 
semodule -i my-mkhomedir.pp#012



Apr 12 10:22:49 testclient setroubleshoot: SELinux is preventing 
/usr/libexec/oddjob/mkhomedir from write access on the directory /. For 
complete SELinux messages. run sealert -l 
76dd44bd-9ba6-4bf3-ba75-72834533cb0e



Apr 12 10:22:49 testclient python: SELinux is preventing 
/usr/libexec/oddjob/mkhomedir from write access on the directory 
/.#012#012*****  Plugin catchall (100. confidence) suggests 
**************************#012#012If you believe that mkhomedir should 
be allowed write access on the  directory by default.#012Then you should 
report this as a bug.#012You can generate a local policy module to allow 
this access.#012Do#012allow this access for now by executing:#012# 
ausearch -c 'mkhomedir' --raw | audit2allow -M my-mkhomedir#012# 
semodule -i my-mkhomedir.pp#012



Apr 12 10:22:49 testclient setroubleshoot: SELinux is preventing 
/usr/libexec/oddjob/mkhomedir from write access on the directory /. For 
complete SELinux messages. run sealert -l 
76dd44bd-9ba6-4bf3-ba75-72834533cb0e



Apr 12 10:22:49 testclient python: SELinux is preventing 
/usr/libexec/oddjob/mkhomedir from write access on the directory 
/.#012#012*****  Plugin catchall (100. confidence) suggests 
**************************#012#012If you believe that mkhomedir should 
be allowed write access on the  directory by default.#012Then you should 
report this as a bug.#012You can generate a local policy module to allow 
this access.#012Do#012allow this access for now by executing:#012# 
ausearch -c 'mkhomedir' --raw | audit2allow -M my-mkhomedir#012# 
semodule -i my-mkhomedir.pp#012


Apr 12 10:23:51 testclient automount[1079]: st_expire: state 1 path /home


Apr 12 10:23:51 testclient automount[1079]: expire_proc: exp_proc = 
139761696524032 path /home



Apr 12 10:23:51 testclient automount[1079]: expire_cleanup: got thid 
139761696524032 path /home stat 0



Apr 12 10:23:51 testclient automount[1079]: expire_cleanup: sigchld: exp 
139761696524032 finished, switching from 2 to 1



Apr 12 10:23:51 testclient automount[1079]: st_ready: st_ready(): state 
= 2 path /home


Apr 12 10:25:06 testclient automount[1079]: st_expire: state 1 path /home

Where to look next?

Regards,
Ronald

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project






















					Reply via email to