[Freeipa-users] FreeIPA for Linux desktop deployment
Adam Young
ayoung at redhat.com
Fri May 13 17:11:18 UTC 2011
On 05/13/2011 12:57 PM, nasir nasir wrote:
> Adam/Nalin,
>
> Two cases,
>
> 1) When I am testing this by manually mounting the nfs share(which
> is */xtra* )on the NFS server itself using the following command,
> *
> *
> * #mount -vvvv -t nfs4 -o sec=krb5 nfsserver.cohort.org:/ /home*
>
> I get whatever problem I described in previous mail(permission
> issues). Now this could be because here IPA is not managing the
> user/group permissions completely(Correct me if I am wrong in this
> assumption) and all the problem you described happen.
>
I think that, in order to have a complete set up, IPA needs to manage
the user IDs for your NFS server. Otherwise, you will have to work at
getting the userIDs in sync, and with out that, you do not have a
workable NFS solution, and thus no Automount.
>
> 2) When I DO NOT mount manually and instead I try to login as a new
> user on the nfsserver machine, It creates the home folder for this
> user on the /home partition of nfsserver machine because automount is
> NOT working and hence there is no mounted partition to confuse things.
> So to be able to test it properly, I need to fix the issue in
> automount and get the case #2 tested and working properly with /home
> automatically mounted from the nfsserver.
> This is my "*ipa automountlocation-tofiles default" *output,
>
> */etc/auto.master:*
> */- /etc/auto.direct*
> */share /etc/auto.share*
> */home /etc/auto.home*
> *---------------------------*
> */etc/auto.direct:*
> *---------------------------*
> */etc/auto.share:*
> *---------------------------*
> */etc/auto.home:*
> ** -rw,sec=krb5,soft,rsize=8192,wsize=8192
> nfsserver.cohort.org:/xtra/home/&*
>
> *
> *
> Is this OK ? Please help.
>
If you don't do NFS, then you have no way to share the users
directories. If you do the ipa-client option to automatically create
directories on first login, or your users will a new unique home
directory on each machine they log in to, which probably isn't what you
want. I'm a litel confused by what you wrote above: why would you be
mounting at all on the nfs server machine? THe NFS server should be
exporting the FS, and logging in to that machine as a new user should
correctly create the home directory. Unless, of course , you are doing
something like mounting the NFS volume on /mnt/nfsexport, and then nfs
mounting that to /home on the same machine, but that would be
inefficient. But since it looks like your nfs server is specified as
nfsserver.cohort.org:/xtra/home/ I'm guessing that you just mistyped
above, or I misparsed it.
The nfs server should not do automount. And I think this might be part
of the problem: you need it to do the rest of identity management, but
not autmount. You can probably just chkconfig off autofs on the nfs
server. I'm not sure if there is a cleaner solution.
>
> Thanks and regards,
> Nidal
>
> *
> *
> --- On *Fri, 5/13/11, Adam Young /<ayoung at redhat.com>/*wrote:
>
>
> From: Adam Young <ayoung at redhat.com>
> Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment
> To: "nasir nasir" <kollathodi at yahoo.com>
> Cc: freeipa-users at redhat.com
> Date: Friday, May 13, 2011, 9:29 AM
>
> On 05/13/2011 12:13 PM, nasir nasir wrote:
>> Adam,
>>
>> Thanks indeed!
>>
>> I tried your suggestions.
>>
>> -- I can mkdir
>> -- When I try to chown, I get the following error
>>
>> *chown: changing ownership of `nasir': Operation not permitted*
>>
>> Could you please explain me what do you mean by 'You probably
>> need rwx permissions in /etc/export' ? This is my /etc/export file,
>>
>
> see the '(rw' in those lines? That indicates read and write
> privs, but not execute.
>
> I'm not an nfs guru, so I might be wrong. this post suggests that
> I am wrong:
>
> http://jackhammer.org/node/7
>
> SInce IPA is managing the IDs, they should be in sync across the
> NFS and autmounted client machines, but there might be something
> not right in the setup. if the IPA server isn't managing the
> machine that serves as your NFS server, then the IDs are certainly
> going to be out of sync.
>
>
>
>>
>> */xtra *(rw,fsid=0,insecure,no_root_squash,no_subtree_check)*
>> */xtra gss/krb5(rw,fsid=0,insecure,no_root_squash,no_subtree_check)*
>> */xtra
>> gss/krb5i(rw,fsid=0,insecure,no_root_squash,no_subtree_check)*
>> */xtra
>> gss/krb5p(rw,fsid=0,insecure,no_root_squash,no_subtree_check)*
>>
>> Also, I have configured a separate client machine (RHEL 6.1) and
>> configured it as NFS server (previously my NFS server was IPA
>> server itself) and the result is same. All the above commands are
>> from this client machine only.
>>
>> Thanks indeed again!
>>
>> Regards,
>> Nidal
>>
>>
>>
>>
>>>
>>> *oddjob-mkhomedir[16401]: error setting permissions on
>>> /home/abc: Operation not permitted*
>>>
>>
>> It might be a root squash issue. My guess is that the order
>> of operations for creating a root directory, which is done by
>> root, is:
>>
>> 1. mkdir /home/userid
>> 2. chown uid:gid /home/userid
>>
>> It sounds from the error message that the first stage
>> happened, but NFS is not allowing the second stage. To
>> confirm, as a root (and kinit admin) user on the client
>> machine, just try these two steps in order and see if they
>> still fail.
>>
>> chown is a different system call from mkdir, and might have
>> different nfs enforced permissions. You probably need rwx
>> permissions in /etc/export.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110513/35770269/attachment.htm>
More information about the Freeipa-users
mailing list