[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-users] AD users home directory automount



Ben,

First, you will need to create the automount map in FreeIPA.

Example of adding automount maps from the CLI on the IPA server:
1). Get TGT for admin user (or equivalent)
kinit admin

2). Create automount map
ipa automountmap-add default auto.home

3). Add auto.home to auto.master
ipa automountkey-add default --key "/home/domain.org" --info auto.home auto.master

4). Add key for user accounts
ipa automountkey-add default --key "*" --info "-fstype=nfs3,rw filer.domain.org:/exports/home/&" auto.home
 
Note: the above command assumes that you have a filer with a FQDN of "filer.domain.org" and NFS exported directory "/exports/home/".

5). Then on the filer, you will need to create directories for each user under /exports/home/ and set the ownership and perms.
mkdir /exports/home/username
cp /etc/skel/.* /exports/home/username
chown -R username:username /exports/home/username
chmod 770 /exports/home/username

Note: if you can't login to the filer and run commands, then you might have to manually mount the /exports/home onto a box with "root nosquash" option turned on so that you can create the directories and permissions manually.

6). On the client machines, turn off the mkhomedir option (this doesn't work with automounted home dirs).
authconfig --disablemkhomedir --update

7). Create mount point for home dir on client machines.
mkdir /home/domain.org

8). On the client machines, turn on the automount option.
ipa-client-automount --location=default

9). On the client machines, make sure the autofs service is enabled and running.
systemctl enable autofs
systemctl start autofs

10). Test automount by logging into the client.

That should do it!

-Mike
-----Original Message-----
From: "Ben .T.George"
Sent: May 18, 2016 10:03 AM
To: Michael ORourke
Cc: freeipa-users
Subject: Re: [Freeipa-users] AD users home directory automount

HI,

Thanks for the reply.

actually i don't want to share from my Trusted AD. My san has cifs and NFS capability.

in this case how can i proceed? usually while installing client, i used to give below options

ipa-client-install --server global.ipa.local  --domain ipa.local --mkhomedir --fixed-primary  

so whenever user loggedin, it creates home directory automatically under /home/DOMAIN/user.

regards,
Ben

On Wed, May 18, 2016 at 4:00 PM, Michael ORourke <mrorourke earthlink net> wrote:
Yes, because you can point the automount maps to whatever device you want.  NFSv4 might be more tricky to setup on a SAN device and may or may not work depending on the software/firmware of the device.  NFSv3 is a well supported protocol across SAN vendors and you should not have any problems setting that up.  I've used Openfiler on a white-box SAN with home dirs and automount maps which is working fine for us.
I wonder if you could do some sort of CIFS home dir automount with a SAN that is joined to an AD domain which is trusted by FreeIPA?  Seems like this would be feasible.

-Mike

-----Original Message-----
From: "Ben .T.George"
Sent: May 18, 2016 7:38 AM
To: freeipa-users
Subject: [Freeipa-users] AD users home directory automount

HI LIst,

Is it possible to mount home directories of AD authenticated users from external source(like san or fileshare)

Regards,
Ben

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]