Hi Ronald,

> Some details regarding my setup: I have a CentOS 7.3 machine acting as
> an NFS server. It is a host within my IPA domain and enrolled as an IPA
> client.
> 
> [root@ipanfs ~]# cat /etc/exports
> 
> /homeshare    *(rw,sec=krb5:krb5i:krb5p)

This isn't related to your issue but you have your exports setup as if you're 
using NFSv3.  They will still work, of course, but you aren't taking advantage 
of the pseudo filesystem.  For example, you could have something such as:

/etc/exports:

    /export *(rw,sync,crossmnt,no_subtree_check,sec=krb5:krb5i:krb5p,fsid=0)

Then:

    mkdir -p /export/homeshare
    mount -o bind /homeshare /export/homeshare

(or even /home if you have autofs disabled on your NFS server)

It may be worth some Googling to see if you care about the benefits, but again, 
it isn't why you are having issues.

> I defined a automount location called ipauserhome. In this location I
> have a map called auto.home with this content:
> 
> *     -fstype=nfs4,rw,sec=krb5 ipanfs.linux.oebb.at:/homeshare/&
> 
> On an ipa client I just did "ipa-client-automount
> --location=ipauserhome" and "authconfig --enablemkhomedir --update".

You cannot use indirect mounting and enablemkhomedir at the same time.  
Indirect mounts require that the directory you are attempting to mount already 
exists on the NFS server and that you let autofs fully manage the "parent" 
directory on the client machine.  In this case, no one other than autofs can 
create directories in the top-level of /home on your clients (/home/<user> is a 
different story).

So you either need to pre-create the home directories on your NFS server 
(including ownership, permissions, and any "skel" stuff you want in there like 
a default .bashrc) or you need to direct mount /home altogether and lose the 
benefits of indirect mounting (which may not matter to you).

> but for some reason it works not as expected. SELinux is set to
> permissive on both NFS server and the ipa client. Nevertheless, I get a
> suspicious message in /var/log/messages:

In permissive mode SELinux messages are still displayed in the logs but not 
enforced.  This allows you to troubleshoot SELinux-related issues.

To use NFS home directories with NFS you need to run the following on the 
client systems:

    setsebool -P use_nfs_home_dirs on

Regards,

j

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to