<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><font class="Apple-style-span" face="arial" size="2">I configured one fresh IPA client machine(RHEL 6.1 beta) and tested automount again. It is still the same. Automount is not working. Also, in the debug mode of autofs, I can see some messages in the /var/log/messages while restarting autofs services. Please see this,</font><div style="font-family: arial; font-size: 10pt; "><br></div><div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: Starting automounter version 5.0.5-29.el6, master map auto.master</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: using kernel protocol version 5.01</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: lookup_nss_read_master: reading master files
auto.master</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: parse_init: parse(sun): init gathered global options: (null)</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: lookup_read_master: lookup(file): read entry /misc</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: lookup_read_master: lookup(file): read entry /net</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: lookup_read_master: lookup(file): read entry +auto.master</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: lookup_nss_read_master: reading master files auto.master</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: parse_init: parse(sun):
init gathered global options: (null)</font></div><div><font class="Apple-style-span" face="arial" size="2"><b>May 14 15:20:45 rhel automount[23932]: lookup(file): failed to read included master map auto.master</b></font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: master_do_mount: mounting /misc</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: automount_path_to_fifo: fifo name /var/run/autofs.fifo-misc</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: lookup_nss_read_map: reading map file /etc/auto.misc</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: parse_init: parse(sun): init gathered global options: (null)</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
mounted indirect on /misc with timeout 300, freq 75 seconds</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: st_ready: st_ready(): state = 0 path /misc</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: master_do_mount: mounting /net</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: automount_path_to_fifo: fifo name /var/run/autofs.fifo-net</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: lookup_nss_read_map: reading map hosts (null)</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: parse_init: parse(sun): init gathered global options: (null)</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: mounted
indirect on /net with timeout 300, freq 75 seconds</font></div><div><font class="Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]: st_ready: st_ready(): state = 0 path /net</font></div><div style="font-family: arial; font-size: 10pt; "><br></div><div style="font-family: arial; font-size: 10pt; ">Is the line in bold is a a problem ?</div><div style="font-family: arial; font-size: 10pt; "><br></div><div style="font-family: arial; font-size: 10pt; ">Thanks and regards,</div><div style="font-family: arial; font-size: 10pt; ">Nidal</div><div style="font-family: arial; font-size: 10pt; "><br></div><br><font class="Apple-style-span" face="arial" size="2">--- On </font><b style="font-family: arial; font-size: 10pt; ">Fri, 5/13/11, Adam Young <i><ayoung@redhat.com></i></b><font class="Apple-style-span" face="arial" size="2"> wrote:</font><br><blockquote style="font-family: arial; font-size: 10pt; border-left-width: 2px;
border-left-style: solid; border-left-color: rgb(16, 16, 255); margin-left: 5px; padding-left: 5px; "><br>From: Adam Young <ayoung@redhat.com><br>Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment<br>To: "nasir nasir" <kollathodi@yahoo.com><br>Date: Friday, May 13, 2011, 1:28 PM<br><br><div id="yiv709635495">
On 05/13/2011 01:54 PM, nasir nasir wrote:
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top"><font class="yiv709635495Apple-style-span" face="arial" size="2">Adam,</font>
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<div><font class="yiv709635495Apple-style-span" face="arial" size="2">I
am taking this off the list as it is going too
offline, but I promise I will write up the correct
solution and howto once I get everything up and
running and post it in the mail
for everyone's reference.</font></div>
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<div style="font-family:arial;font-size:10pt;">Here is
what I have and what I want to achieve (with your help
:-) ,</div>
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<div style="font-family:arial;font-size:10pt;">-- I
have one IPA server(up and running) called
openipa.cohort.org </div>
<div style="font-family:arial;font-size:10pt;">-- I
have one IPA client machine which I created with
ipa-client-install --mkhomedir switch called
nfsserver.cohort.org</div>
<div style="font-family:arial;font-size:10pt;">-- The
nfsserver.cohort.org machine is an NFS server(actually I
had created IPA server also with an NFS export, but then
I stopped the NFS server on that to avoid confusion and
instead configured the nfsserver.cohort.org as the NFS
server). In this server I have a partition called <b>/xtra
</b>and a sub directory under that called <b>home. </b>So
it looks like <b>/xtra/home. </b>Now I want every
users in the IPA to be able to login from any machine in
the network and <b>their home directories created under
the /xtra/home directory of nfsserver.cohort.org and
automatically mounted in their client machine.</b></div>
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<div style="font-family:arial;font-size:10pt;">This is
3 parts</div>
<div style="font-family:arial;font-size:10pt;"> </div>
<div style="font-family:arial;font-size:10pt;"> 1)
Centralized login using IPA server openipa.cohort.org
(This part is working now)</div>
<div style="font-family:arial;font-size:10pt;"> 2)
NFS server configured on nfsserver.cohort.org with
kerberos authentication(This is also working it seems as
I can mount using the sec=krb5 option from client
MANUALLY)</div>
<div style="font-family:arial;font-size:10pt;"> 3)
Automatically create & mount home folder for each
user under <b>/xtra/home/XXX</b> when they login from
the machine(This is<b> NOT </b>working as of now)</div>
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<div style="font-family:arial;font-size:10pt;">I think
#3 is not working because the automountkey options given
are wrong. So could you please tell me the exact
commands with correct parameters in my case for
automount ? I know I am asking too much. But I am stuck
up on this point and this is getting delayed terribly
already.</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
I have a suspicion that the problem stems from the /home automount.
Short of it is that you probably want to force the creation of the
users homedir once you create the account, as opposed to letting
them create it upon login. <br>
<br>
Longer answer is that I suspect the issue is with this line:<br>
<div><b>/etc/auto.home:</b></div>
<div><b>* -rw,sec=krb5,soft,rsize=8192,wsize=8192
nfsserver.cohort.org:/xtra/home/&</b></div>
<br>
<br>
I am guessing that what is happening is that NFS doesn't let you
create a directory that you are going to automount. I'm not
certain. Here is what I think is happening. 1st, upon user log in,
the cliuent machine's odd job handler does stat /home/$USER and gets
back ENOENT. It then does a mkdir /home/$USER but since this is a
mount point, that operation is not allowed.<br>
<br>
If you instead automounted /home, it would probably work, but then
all users home directories would be exposed, and I am guessing that
you only want the currently logged in users home directory
automounted.<br>
<br>
A simple test, change the automount map to just mount /home
completely, and then create a new user. I'm guessing that will
work. Basically <br>
<br>
<div><b>/etc/auto.home:</b></div>
<div><b>/home -rw,sec=krb5,soft,rsize=8192,wsize=8192
nfsserver.cohort.org:/xtra/home/</b></div>
<br>
<br>
<br>
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<div style="font-family:arial;font-size:10pt;">Thanks
for all the help!</div>
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<div style="font-family:arial;font-size:10pt;">Regards,</div>
<div style="font-family:arial;font-size:10pt;">Nidal</div>
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<div style="font-family:arial;font-size:10pt;">--- On <b>Fri,
5/13/11, Adam Young <i><a rel="nofollow" class="yiv709635495moz-txt-link-rfc2396E" ymailto="mailto:ayoung@redhat.com" target="_blank" href="/mc/compose?to=ayoung@redhat.com"><ayoung@redhat.com></a></i></b>
wrote:<br>
<blockquote style="border-left:2px solid rgb(16, 16,
255);margin-left:5px;padding-left:5px;"><br>
From: Adam Young <a rel="nofollow" class="yiv709635495moz-txt-link-rfc2396E" ymailto="mailto:ayoung@redhat.com" target="_blank" href="/mc/compose?to=ayoung@redhat.com"><ayoung@redhat.com></a><br>
Subject: Re: [Freeipa-users] FreeIPA for Linux desktop
deployment<br>
To: "nasir nasir" <a rel="nofollow" class="yiv709635495moz-txt-link-rfc2396E" ymailto="mailto:kollathodi@yahoo.com" target="_blank" href="/mc/compose?to=kollathodi@yahoo.com"><kollathodi@yahoo.com></a><br>
Cc: <a rel="nofollow" class="yiv709635495moz-txt-link-abbreviated" ymailto="mailto:freeipa-users@redhat.com" target="_blank" href="/mc/compose?to=freeipa-users@redhat.com">freeipa-users@redhat.com</a><br>
Date: Friday, May 13, 2011, 10:11 AM<br>
<br>
<div id="yiv709635495"> On 05/13/2011 12:57 PM, nasir
nasir wrote:
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div style="font-family:arial;
font-size:10pt;">Adam/Nalin,</div>
<div style="font-family:arial;
font-size:10pt;"><br>
</div>
<div style="font-family:arial;
font-size:10pt;">Two cases,</div>
<div style="font-family:arial;
font-size:10pt;"><br>
</div>
<div style="font-family:arial;
font-size:10pt;"> 1) When I am testing this by
manually mounting the nfs share(which is
<b>/xtra</b> )on the NFS server itself
using the following command,</div>
<div><font class="yiv709635495Apple-style-span" face="arial" size="2"><b><br>
</b></font></div>
<div><font class="yiv709635495Apple-style-span" face="arial" size="2"><b> #mount -vvvv
-t nfs4 -o sec=krb5
nfsserver.cohort.org:/ /home</b></font></div>
<div><br>
</div>
<div>I get whatever problem I described in
previous mail(permission issues). Now
this could be because here IPA is not
managing the user/group permissions
completely(Correct me if I am wrong in
this assumption) and all the problem you
described happen.</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
I think that, in order to have a complete set up,
IPA needs to manage the user IDs for your NFS
server. Otherwise, you will have to work at getting
the userIDs in sync, and with out that, you do not
have a workable NFS solution, and thus no
Automount. <br>
<br>
<br>
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div><br>
</div>
<div>2) When I DO NOT mount manually and
instead I try to login as a new user on
the nfsserver machine, It creates the
home folder for this user on the /home
partition of nfsserver machine because
automount is NOT working and hence there
is no mounted partition to confuse
things. </div>
<div>So to be able to test it properly, I
need to fix the issue in automount and
get the case #2 tested and working
properly with /home automatically
mounted from the nfsserver. </div>
<div>This is my "<b>ipa
automountlocation-tofiles default" </b>output,</div>
<div><br>
</div>
<div>
<div><b>/etc/auto.master:</b></div>
<div><b>/- /etc/auto.direct</b></div>
<div><b>/share /etc/auto.share</b></div>
<div><b>/home /etc/auto.home</b></div>
<div><b>---------------------------</b></div>
<div><b>/etc/auto.direct:</b></div>
<div><b>---------------------------</b></div>
<div><b>/etc/auto.share:</b></div>
<div><b>---------------------------</b></div>
<div><b>/etc/auto.home:</b></div>
<div><b>*
-rw,sec=krb5,soft,rsize=8192,wsize=8192
nfsserver.cohort.org:/xtra/home/&</b></div>
</div>
<div><br>
</div>
<div><b><br>
</b></div>
<div>Is this OK ? Please help.</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
If you don't do NFS, then you have no way to share
the users directories. If you do the ipa-client
option to automatically create directories on first
login, or your users will a new unique home
directory on each machine they log in to, which
probably isn't what you want. I'm a litel confused
by what you wrote above: why would you be mounting
at all on the nfs server machine? THe NFS server
should be exporting the FS, and logging in to that
machine as a new user should correctly create the
home directory. Unless, of course , you are doing
something like mounting the NFS volume on
/mnt/nfsexport, and then nfs mounting that to /home
on the same machine, but that would be inefficient.
But since it looks like your nfs server is specified
as nfsserver.cohort.org:/xtra/home/ I'm guessing
that you just mistyped above, or I misparsed it.<br>
<br>
The nfs server should not do automount. And I
think this might be part of the problem: you need
it to do the rest of identity management, but not
autmount. You can probably just chkconfig off
autofs on the nfs server. I'm not sure if there is
a cleaner solution.<br>
<br>
<br>
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div><br>
</div>
<div>Thanks and regards,</div>
<div>Nidal</div>
<div><br>
</div>
<div><b><br>
</b></div>
<font class="yiv709635495Apple-style-span" face="arial" size="2">--- On </font><b style="font-family:arial;
font-size:10pt;">Fri, 5/13/11, Adam Young <i><a rel="nofollow" class="yiv709635495moz-txt-link-rfc2396E"><ayoung@redhat.com></a></i></b><font class="yiv709635495Apple-style-span" face="arial" size="2"> wrote:</font><br>
<blockquote style="font-family:arial;font-size:10pt;border-left:2px solid rgb(16, 16, 255);margin-left:5px;padding-left:5px;"><br>
From: Adam Young <a rel="nofollow" class="yiv709635495moz-txt-link-rfc2396E"><ayoung@redhat.com></a><br>
Subject: Re: [Freeipa-users] FreeIPA for
Linux desktop deployment<br>
To: "nasir nasir" <a rel="nofollow" class="yiv709635495moz-txt-link-rfc2396E"><kollathodi@yahoo.com></a><br>
Cc: <a rel="nofollow" class="yiv709635495moz-txt-link-abbreviated">freeipa-users@redhat.com</a><br>
Date: Friday, May 13, 2011, 9:29 AM<br>
<br>
<div id="yiv709635495"> On 05/13/2011
12:13 PM, nasir nasir wrote:
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div>Adam,</div>
<div><br>
</div>
<div>Thanks indeed!</div>
<div><br>
</div>
<div>I tried your
suggestions. </div>
<div><br>
</div>
<div> -- I can mkdir</div>
<div> -- When I try to
chown, I get the following
error</div>
<div><br>
</div>
<div>
<div><b>chown: changing
ownership of `nasir':
Operation not
permitted</b></div>
</div>
<div><br>
</div>
<div>Could you please
explain me what do you
mean by 'You probably need
rwx permissions in
/etc/export' ? This is my
/etc/export file,</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
see the '(rw' in those lines? That
indicates read and write privs, but
not execute. <br>
<br>
I'm not an nfs guru, so I might be
wrong. this post suggests that I am
wrong: <br>
<br>
<a rel="nofollow" class="yiv709635495moz-txt-link-freetext" target="_blank" href="http://jackhammer.org/node/7">http://jackhammer.org/node/7</a><br>
<br>
SInce IPA is managing the IDs, they
should be in sync across the NFS and
autmounted client machines, but there
might be something not right in the
setup. if the IPA server isn't
managing the machine that serves as
your NFS server, then the IDs are
certainly going to be out of sync.<br>
<br>
<br>
<br>
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div><br>
</div>
<div>
<div><b>/xtra
*(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
<div><b>/xtra
gss/krb5(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
<div><b>/xtra
gss/krb5i(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
<div><b>/xtra
gss/krb5p(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
</div>
<div><br>
</div>
<div>Also, I have configured
a separate client machine
(RHEL 6.1) and configured
it as NFS server
(previously my NFS server
was IPA server itself) and
the result is same. All
the above commands are
from this client machine
only.</div>
<div><br>
</div>
<div>Thanks indeed again!</div>
<div><br>
</div>
<div>Regards,</div>
<div>Nidal</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<blockquote style="border-left:2px solid rgb(16, 16, 255);margin-left:5px;padding-left:5px;">
<div id="yiv709635495">
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="
font:inherit;" valign="top">
<div><font class="yiv709635495Apple-style-span" size="2"><br>
</font> </div>
<div>
<div><b>oddjob-mkhomedir[16401]:
error setting
permissions on
/home/abc:
Operation not
permitted</b></div>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
It might be a root
squash issue. My
guess is that the
order of operations
for creating a root
directory, which is
done by root, is:<br>
<br>
1. mkdir /home/userid<br>
2. chown uid:gid
/home/userid<br>
<br>
It sounds from the
error message that the
first stage happened,
but NFS is not
allowing the second
stage. To confirm,
as a root (and kinit
admin) user on the
client machine, just
try these two steps in
order and see if they
still fail.<br>
<br>
chown is a different
system call from
mkdir, and might have
different nfs enforced
permissions. You
probably need rwx
permissions in
/etc/export.</div>
<div id="yiv709635495">
</div>
</blockquote>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</div>
</blockquote>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</div>
</blockquote>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</div></blockquote></div></td></tr></table>