<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 05/13/2011 12:57 PM, nasir nasir wrote:
<blockquote cite="mid:676629.40697.qm@web161306.mail.bf1.yahoo.com"
type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div style="font-family: arial; font-size: 10pt;">Adam/Nalin,</div>
<div style="font-family: arial; font-size: 10pt;"><br>
</div>
<div style="font-family: arial; font-size: 10pt;">Two
cases,</div>
<div style="font-family: arial; font-size: 10pt;"><br>
</div>
<div style="font-family: arial; font-size: 10pt;"> 1)
When I am testing this by manually mounting the nfs
share(which is <b>/xtra</b> )on the NFS server itself
using the following command,</div>
<div><font class="Apple-style-span" face="arial" size="2"><b><br>
</b></font></div>
<div><font class="Apple-style-span" face="arial" size="2"><b> #mount
-vvvv -t nfs4 -o sec=krb5 nfsserver.cohort.org:/
/home</b></font></div>
<div><br>
</div>
<div>I get whatever problem I described in previous
mail(permission issues). Now this could be because here
IPA is not managing the user/group permissions
completely(Correct me if I am wrong in this assumption)
and all the problem you described happen.</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
I think that, in order to have a complete set up, IPA needs to
manage the user IDs for your NFS server. Otherwise, you will have
to work at getting the userIDs in sync, and with out that, you do
not have a workable NFS solution, and thus no Automount. <br>
<br>
<br>
<blockquote cite="mid:676629.40697.qm@web161306.mail.bf1.yahoo.com"
type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div><br>
</div>
<div>2) When I DO NOT mount manually and instead I try to
login as a new user on the nfsserver machine, It
creates the home folder for this user on the /home
partition of nfsserver machine because automount is NOT
working and hence there is no mounted partition to
confuse things. </div>
<div>So to be able to test it properly, I need to fix the
issue in automount and get the case #2 tested and
working properly with /home automatically mounted from
the nfsserver. </div>
<div>This is my "<b>ipa automountlocation-tofiles default"
</b>output,</div>
<div><br>
</div>
<div>
<div><b>/etc/auto.master:</b></div>
<div><b>/- /etc/auto.direct</b></div>
<div><b>/share /etc/auto.share</b></div>
<div><b>/home /etc/auto.home</b></div>
<div><b>---------------------------</b></div>
<div><b>/etc/auto.direct:</b></div>
<div><b>---------------------------</b></div>
<div><b>/etc/auto.share:</b></div>
<div><b>---------------------------</b></div>
<div><b>/etc/auto.home:</b></div>
<div><b>* -rw,sec=krb5,soft,rsize=8192,wsize=8192
nfsserver.cohort.org:/xtra/home/&</b></div>
</div>
<div><br>
</div>
<div><b><br>
</b></div>
<div>Is this OK ? Please help.</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
If you don't do NFS, then you have no way to share the users
directories. If you do the ipa-client option to automatically
create directories on first login, or your users will a new unique
home directory on each machine they log in to, which probably isn't
what you want. I'm a litel confused by what you wrote above: why
would you be mounting at all on the nfs server machine? THe NFS
server should be exporting the FS, and logging in to that machine as
a new user should correctly create the home directory. Unless, of
course , you are doing something like mounting the NFS volume on
/mnt/nfsexport, and then nfs mounting that to /home on the same
machine, but that would be inefficient. But since it looks like
your nfs server is specified as nfsserver.cohort.org:/xtra/home/
I'm guessing that you just mistyped above, or I misparsed it.<br>
<br>
The nfs server should not do automount. And I think this might be
part of the problem: you need it to do the rest of identity
management, but not autmount. You can probably just chkconfig off
autofs on the nfs server. I'm not sure if there is a cleaner
solution.<br>
<br>
<br>
<blockquote cite="mid:676629.40697.qm@web161306.mail.bf1.yahoo.com"
type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div><br>
</div>
<div>Thanks and regards,</div>
<div>Nidal</div>
<div><br>
</div>
<div><b><br>
</b></div>
<font class="Apple-style-span" face="arial" size="2">---
On </font><b style="font-family: arial; font-size:
10pt;">Fri, 5/13/11, Adam Young <i><a class="moz-txt-link-rfc2396E" href="mailto:ayoung@redhat.com"><ayoung@redhat.com></a></i></b><font
class="Apple-style-span" face="arial" size="2"> wrote:</font><br>
<blockquote style="font-family: arial; font-size: 10pt;
border-left: 2px solid rgb(16, 16, 255); margin-left:
5px; padding-left: 5px;"><br>
From: Adam Young <a class="moz-txt-link-rfc2396E" href="mailto:ayoung@redhat.com"><ayoung@redhat.com></a><br>
Subject: Re: [Freeipa-users] FreeIPA for Linux desktop
deployment<br>
To: "nasir nasir" <a class="moz-txt-link-rfc2396E" href="mailto:kollathodi@yahoo.com"><kollathodi@yahoo.com></a><br>
Cc: <a class="moz-txt-link-abbreviated" href="mailto:freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
Date: Friday, May 13, 2011, 9:29 AM<br>
<br>
<div id="yiv13236186"> On 05/13/2011 12:13 PM, nasir
nasir wrote:
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div>Adam,</div>
<div><br>
</div>
<div>Thanks indeed!</div>
<div><br>
</div>
<div>I tried your suggestions. </div>
<div><br>
</div>
<div> -- I can mkdir</div>
<div> -- When I try to chown, I get the
following error</div>
<div><br>
</div>
<div>
<div><b>chown: changing ownership of
`nasir': Operation not permitted</b></div>
</div>
<div><br>
</div>
<div>Could you please explain me what do you
mean by 'You probably need rwx permissions
in /etc/export' ? This is my /etc/export
file,</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
see the '(rw' in those lines? That indicates read
and write privs, but not execute. <br>
<br>
I'm not an nfs guru, so I might be wrong. this post
suggests that I am wrong: <br>
<br>
<a moz-do-not-send="true" rel="nofollow"
class="yiv13236186moz-txt-link-freetext"
target="_blank" href="http://jackhammer.org/node/7">http://jackhammer.org/node/7</a><br>
<br>
SInce IPA is managing the IDs, they should be in sync
across the NFS and autmounted client machines, but
there might be something not right in the setup. if
the IPA server isn't managing the machine that serves
as your NFS server, then the IDs are certainly going
to be out of sync.<br>
<br>
<br>
<br>
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div><br>
</div>
<div>
<div><b>/xtra
*(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
<div><b>/xtra
gss/krb5(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
<div><b>/xtra
gss/krb5i(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
<div><b>/xtra
gss/krb5p(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
</div>
<div><br>
</div>
<div>Also, I have configured a separate
client machine (RHEL 6.1) and configured
it as NFS server (previously my NFS server
was IPA server itself) and the result is
same. All the above commands are from this
client machine only.</div>
<div><br>
</div>
<div>Thanks indeed again!</div>
<div><br>
</div>
<div>Regards,</div>
<div>Nidal</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<blockquote style="border-left: 2px solid
rgb(16, 16, 255); margin-left: 5px;
padding-left: 5px;">
<div id="yiv13236186">
<blockquote type="cite">
<table border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;"
valign="top">
<div><font
class="yiv13236186Apple-style-span"
size="2"><br>
</font> </div>
<div>
<div><b>oddjob-mkhomedir[16401]:
error setting
permissions on
/home/abc: Operation
not permitted</b></div>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
It might be a root squash issue. My
guess is that the order of operations
for creating a root directory, which
is done by root, is:<br>
<br>
1. mkdir /home/userid<br>
2. chown uid:gid /home/userid<br>
<br>
It sounds from the error message that
the first stage happened, but NFS is
not allowing the second stage. To
confirm, as a root (and kinit admin)
user on the client machine, just try
these two steps in order and see if
they still fail.<br>
<br>
chown is a different system call from
mkdir, and might have different nfs
enforced permissions. You probably
need rwx permissions in /etc/export.</div>
<div id="yiv13236186"> </div>
</blockquote>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</div>
</blockquote>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</body>
</html>