<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><font class="Apple-style-span" face="arial" size="2">Thanks again!</font><div style="font-family: arial; font-size: 10pt; "><br></div><div style="font-family: arial; font-size: 10pt; ">NO, it was not set. I added it manually now (<b>automount: ldap </b>) and now a different error pops up in /var/log/messages while restarting autofs service,</div><div style="font-family: arial; font-size: 10pt; "><br></div><div style="font-family: arial; font-size: 10pt; "><div><b>May 15 06:32:04 hugayat automount[16256]: open_lookup:90: cannot open lookup module ldap (/usr/lib/autofs/lookup_ldap.so: undefined symbol: ERR_remove_state)</b></div><div><b>May 15 06:32:04 hugayat automount[16256]: lookup_nss_read_master: auto.master not found, replacing '.' with '_'</b></div><div><b>May 15 06:32:04 hugayat automount[16256]: open_lookup:90: cannot open lookup module ldap
(/usr/lib/autofs/lookup_ldap.so: undefined symbol: ERR_remove_state)</b></div><div><b>May 15 06:32:04 hugayat automount[16256]: no mounts in table</b></div></div><div style="font-family: arial; font-size: 10pt; "><br></div><div style="font-family: arial; font-size: 10pt; ">Quick googling shows that it was part of a bug in earlier version of autofs(5.0.3) but later fixed. Mine is autofs <span class="Apple-style-span" style="font-size: small; "><b>autofs-5.0.5-29.el6.i686</b></span></div><div style="font-family: arial; font-size: 10pt; "><div><b><br></b></div><div>Also, the symbol <b>ERR_remove_state </b>is part of openssl right ? following is my output of ldd command of lookup_ldap.so,</div><meta http-equiv="content-type" content="text/html; charset=utf-8"><div><b><br></b></div><div><b> ldd /usr/lib/autofs/lookup_ldap.so </b></div><div><b> linux-gate.so.1 => (0x00840000)</b></div><div><b>
libldap-2.4.so.2 => /lib/libldap-2.4.so.2 (0x00926000)</b></div><div><b> liblber-2.4.so.2 => /lib/liblber-2.4.so.2 (0x00d00000)</b></div><div><b> libresolv.so.2 => /lib/libresolv.so.2 (0x00258000)</b></div><div><b> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x002be000)</b></div><div><b> libxml2.so.2 => /usr/lib/libxml2.so.2 (0x002d7000)</b></div><div><b> libz.so.1 => /lib/libz.so.1 (0x00f7f000)</b></div><div><b> libm.so.6 => /lib/libm.so.6 (0x00e43000)</b></div><div><b> libkrb5.so.3 => /lib/libkrb5.so.3 (0x00110000)</b></div><div><b> libk5crypto.so.3 => /lib/libk5crypto.so.3 (0x00e74000)</b></div><div><b> libcom_err.so.2 => /lib/libcom_err.so.2
(0x001e5000)</b></div><div><b> libc.so.6 => /lib/libc.so.6 (0x00aa7000)</b></div><div><b> libssl3.so => /usr/lib/libssl3.so (0x004ab000)</b></div><div><b> libsmime3.so => /usr/lib/libsmime3.so (0x001e9000)</b></div><div><b> libnss3.so => /usr/lib/libnss3.so (0x004e1000)</b></div><div><b> libnssutil3.so => /usr/lib/libnssutil3.so (0x00212000)</b></div><div><b> libplds4.so => /lib/libplds4.so (0x0022c000)</b></div><div><b> libplc4.so => /lib/libplc4.so (0x00773000)</b></div><div><b> libnspr4.so => /lib/libnspr4.so (0x00271000)</b></div><div><b> libdl.so.2 => /lib/libdl.so.2 (0x00230000)</b></div><div><b> libcrypt.so.1 => /lib/libcrypt.so.1
(0x00421000)</b></div><div><b> /lib/ld-linux.so.2 (0x008b1000)</b></div><div><b> libkrb5support.so.0 => /lib/libkrb5support.so.0 (0x009a4000)</b></div><div><b> libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00235000)</b></div><div><b> libpthread.so.0 => /lib/libpthread.so.0 (0x00706000)</b></div><div><b> libfreebl3.so => /lib/libfreebl3.so (0x00451000)</b></div><div><b> libselinux.so.1 => /lib/libselinux.so.1 (0x00238000)</b></div><div><br></div><div><br></div><div>Any idea ?</div><div><br></div><div>Thanks and regards,</div><div>Nidal</div><div><br></div><div><br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"><div id="yiv1102794679">
Is LDAP set for automount in /etc/nsswitch.com?<br>
<br>
<br>
On 05/14/2011 08:59 AM, nasir nasir wrote:
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top"><font class="yiv1102794679Apple-style-span" face="arial" size="2">I
configured one fresh IPA client machine(RHEL 6.1 beta)
and tested automount again. It is still the same.
Automount is not working. Also, in the debug mode of
autofs, I can see some messages in the /var/log/messages
while restarting autofs services. Please see this,</font>
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
Starting automounter version 5.0.5-29.el6, master
map auto.master</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
using kernel protocol version 5.01</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
lookup_nss_read_master: reading master files
auto.master</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
parse_init: parse(sun): init gathered global
options: (null)</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
lookup_read_master: lookup(file): read entry /misc</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
lookup_read_master: lookup(file): read entry /net</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
lookup_read_master: lookup(file): read entry
+auto.master</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
lookup_nss_read_master: reading master files
auto.master</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
parse_init: parse(sun): init gathered global
options: (null)</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2"><b>May 14 15:20:45 rhel automount[23932]:
lookup(file): failed to read included master map
auto.master</b></font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
master_do_mount: mounting /misc</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
automount_path_to_fifo: fifo name
/var/run/autofs.fifo-misc</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
lookup_nss_read_map: reading map file /etc/auto.misc</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
parse_init: parse(sun): init gathered global
options: (null)</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
mounted indirect on /misc with timeout 300, freq 75
seconds</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
st_ready: st_ready(): state = 0 path /misc</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
master_do_mount: mounting /net</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
automount_path_to_fifo: fifo name
/var/run/autofs.fifo-net</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
lookup_nss_read_map: reading map hosts (null)</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
parse_init: parse(sun): init gathered global
options: (null)</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
mounted indirect on /net with timeout 300, freq 75
seconds</font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">May 14 15:20:45 rhel automount[23932]:
st_ready: st_ready(): state = 0 path /net</font></div>
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<div style="font-family:arial;font-size:10pt;">Is the
line in bold is a a problem ?</div>
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<div style="font-family:arial;font-size:10pt;">Thanks
and regards,</div>
<div style="font-family:arial;font-size:10pt;">Nidal</div>
<div style="font-family:arial;font-size:10pt;"><br>
</div>
<br>
<font class="yiv1102794679Apple-style-span" face="arial" size="2">---
On </font><b style="font-family:arial;
font-size:10pt;">Fri, 5/13/11, Adam Young <i><a rel="nofollow" class="yiv1102794679moz-txt-link-rfc2396E" ymailto="mailto:ayoung@redhat.com" target="_blank" href="/mc/compose?to=ayoung@redhat.com"><ayoung@redhat.com></a></i></b><font class="yiv1102794679Apple-style-span" face="arial" size="2"> wrote:</font><br>
<blockquote style="font-family:arial;font-size:10pt;border-left:2px solid rgb(16, 16, 255);
margin-left:5px;padding-left:5px;"><br>
From: Adam Young <a rel="nofollow" class="yiv1102794679moz-txt-link-rfc2396E" ymailto="mailto:ayoung@redhat.com" target="_blank" href="/mc/compose?to=ayoung@redhat.com"><ayoung@redhat.com></a><br>
Subject: Re: [Freeipa-users] FreeIPA for Linux desktop
deployment<br>
To: "nasir nasir" <a rel="nofollow" class="yiv1102794679moz-txt-link-rfc2396E" ymailto="mailto:kollathodi@yahoo.com" target="_blank" href="/mc/compose?to=kollathodi@yahoo.com"><kollathodi@yahoo.com></a><br>
Date: Friday, May 13, 2011, 1:28 PM<br>
<br>
<div id="yiv1102794679"> On 05/13/2011 01:54 PM, nasir
nasir wrote:
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top"><font class="yiv1102794679Apple-style-span" face="arial" size="2">Adam,</font>
<div style="font-family:arial;
font-size:10pt;"><br>
</div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2">I am taking this
off the list as it is going too
offline, but I promise I will write up
the correct solution and howto once I
get everything up and running and post
it in the mail
for everyone's reference.</font></div>
<div style="font-family:arial;
font-size:10pt;"><br>
</div>
<div style="font-family:arial;
font-size:10pt;">Here is what I have and what I
want to achieve (with your help :-) ,</div>
<div style="font-family:arial;
font-size:10pt;"><br>
</div>
<div style="font-family:arial;
font-size:10pt;">-- I have one IPA server(up and
running) called openipa.cohort.org </div>
<div style="font-family:arial;
font-size:10pt;">-- I have one IPA client machine
which I created with ipa-client-install
--mkhomedir switch called
nfsserver.cohort.org</div>
<div style="font-family:arial;
font-size:10pt;">-- The nfsserver.cohort.org
machine is an NFS server(actually I had
created IPA server also with an NFS
export, but then I stopped the NFS
server on that to avoid confusion and
instead configured the
nfsserver.cohort.org as the NFS server).
In this server I have a partition called
<b>/xtra </b>and a sub directory under
that called <b>home. </b>So it looks
like <b>/xtra/home. </b>Now I want
every users in the IPA to be able to
login from any machine in the network
and <b>their home directories created
under the /xtra/home directory of
nfsserver.cohort.org and automatically
mounted in their client machine.</b></div>
<div style="font-family:arial;
font-size:10pt;"><br>
</div>
<div style="font-family:arial;
font-size:10pt;">This is 3 parts</div>
<div style="font-family:arial;
font-size:10pt;"> </div>
<div style="font-family:arial;
font-size:10pt;"> 1) Centralized login using
IPA server openipa.cohort.org (This part
is working now)</div>
<div style="font-family:arial;
font-size:10pt;"> 2) NFS server configured on
nfsserver.cohort.org with kerberos
authentication(This is also working it
seems as I can mount using the sec=krb5
option from client MANUALLY)</div>
<div style="font-family:arial;
font-size:10pt;"> 3) Automatically create &
mount home folder for each user under <b>/xtra/home/XXX</b>
when they login from the machine(This is<b>
NOT </b>working as of now)</div>
<div style="font-family:arial;
font-size:10pt;"><br>
</div>
<div style="font-family:arial;
font-size:10pt;">I think #3 is not working because
the automountkey options given are
wrong. So could you please tell me the
exact commands with correct parameters
in my case for automount ? I know I am
asking too much. But I am stuck up on
this point and this is getting delayed
terribly already.</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
I have a suspicion that the problem stems from the
/home automount. Short of it is that you probably
want to force the creation of the users homedir once
you create the account, as opposed to letting them
create it upon login. <br>
<br>
Longer answer is that I suspect the issue is with
this line:<br>
<div><b>/etc/auto.home:</b></div>
<div><b>*
-rw,sec=krb5,soft,rsize=8192,wsize=8192
nfsserver.cohort.org:/xtra/home/&</b></div>
<br>
<br>
I am guessing that what is happening is that NFS
doesn't let you create a directory that you are
going to automount. I'm not certain. Here is what
I think is happening. 1st, upon user log in, the
cliuent machine's odd job handler does stat
/home/$USER and gets back ENOENT. It then does a
mkdir /home/$USER but since this is a mount point,
that operation is not allowed.<br>
<br>
If you instead automounted /home, it would probably
work, but then all users home directories would be
exposed, and I am guessing that you only want the
currently logged in users home directory
automounted.<br>
<br>
A simple test, change the automount map to just
mount /home completely, and then create a new user.
I'm guessing that will work. Basically <br>
<br>
<div><b>/etc/auto.home:</b></div>
<div><b>/home
-rw,sec=krb5,soft,rsize=8192,wsize=8192
nfsserver.cohort.org:/xtra/home/</b></div>
<br>
<br>
<br>
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div style="font-family:arial;
font-size:10pt;"><br>
</div>
<div style="font-family:arial;
font-size:10pt;">Thanks for all the help!</div>
<div style="font-family:arial;
font-size:10pt;"><br>
</div>
<div style="font-family:arial;
font-size:10pt;">Regards,</div>
<div style="font-family:arial;
font-size:10pt;">Nidal</div>
<div style="font-family:arial;
font-size:10pt;"><br>
</div>
<div style="font-family:arial;
font-size:10pt;"><br>
</div>
<div style="font-family:arial;
font-size:10pt;">--- On <b>Fri, 5/13/11, Adam
Young <i><a rel="nofollow" class="yiv1102794679moz-txt-link-rfc2396E"><ayoung@redhat.com></a></i></b>
wrote:<br>
<blockquote style="border-left:2px solid rgb(16, 16, 255);
margin-left:5px;padding-left:5px;"><br>
From: Adam Young <a rel="nofollow" class="yiv1102794679moz-txt-link-rfc2396E"><ayoung@redhat.com></a><br>
Subject: Re: [Freeipa-users] FreeIPA
for Linux desktop deployment<br>
To: "nasir nasir" <a rel="nofollow" class="yiv1102794679moz-txt-link-rfc2396E"><kollathodi@yahoo.com></a><br>
Cc: <a rel="nofollow" class="yiv1102794679moz-txt-link-abbreviated">freeipa-users@redhat.com</a><br>
Date: Friday, May 13, 2011, 10:11 AM<br>
<br>
<div id="yiv1102794679"> On 05/13/2011
12:57 PM, nasir nasir wrote:
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div style="
font-family:arial;font-size:10pt;">Adam/Nalin,</div>
<div style="
font-family:arial;font-size:10pt;"><br>
</div>
<div style="
font-family:arial;font-size:10pt;">Two
cases,</div>
<div style="
font-family:arial;font-size:10pt;"><br>
</div>
<div style="
font-family:arial;font-size:10pt;">
1) When I am testing
this by manually
mounting the nfs
share(which is <b>/xtra</b> )on
the NFS server itself
using the following
command,</div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2"><b><br>
</b></font></div>
<div><font class="yiv1102794679Apple-style-span" face="arial" size="2"><b> #mount
-vvvv -t nfs4 -o
sec=krb5
nfsserver.cohort.org:/
/home</b></font></div>
<div><br>
</div>
<div>I get whatever
problem I described in
previous mail(permission
issues). Now this could
be because here IPA is
not managing the
user/group permissions
completely(Correct me if
I am wrong in this
assumption) and all the
problem you described
happen.</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
I think that, in order to have a
complete set up, IPA needs to manage
the user IDs for your NFS server.
Otherwise, you will have to work at
getting the userIDs in sync, and
with out that, you do not have a
workable NFS solution, and thus no
Automount. <br>
<br>
<br>
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div><br>
</div>
<div>2) When I DO NOT
mount manually and
instead I try to login
as a new user on the
nfsserver machine, It
creates the home folder
for this user on the
/home partition of
nfsserver machine
because automount is NOT
working and hence there
is no mounted partition
to confuse things. </div>
<div>So to be able to test
it properly, I need to
fix the issue in
automount and get the
case #2 tested and
working properly with
/home automatically
mounted from the
nfsserver. </div>
<div>This is my "<b>ipa
automountlocation-tofiles
default" </b>output,</div>
<div><br>
</div>
<div>
<div><b>/etc/auto.master:</b></div>
<div><b>/-
/etc/auto.direct</b></div>
<div><b>/share
/etc/auto.share</b></div>
<div><b>/home
/etc/auto.home</b></div>
<div><b>---------------------------</b></div>
<div><b>/etc/auto.direct:</b></div>
<div><b>---------------------------</b></div>
<div><b>/etc/auto.share:</b></div>
<div><b>---------------------------</b></div>
<div><b>/etc/auto.home:</b></div>
<div><b>*
-rw,sec=krb5,soft,rsize=8192,wsize=8192
nfsserver.cohort.org:/xtra/home/&</b></div>
</div>
<div><br>
</div>
<div><b><br>
</b></div>
<div>Is this OK ? Please
help.</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
If you don't do NFS, then you have
no way to share the users
directories. If you do the
ipa-client option to automatically
create directories on first login,
or your users will a new unique home
directory on each machine they log
in to, which probably isn't what you
want. I'm a litel confused by what
you wrote above: why would you be
mounting at all on the nfs server
machine? THe NFS server should be
exporting the FS, and logging in to
that machine as a new user should
correctly create the home
directory. Unless, of course , you
are doing something like mounting
the NFS volume on /mnt/nfsexport,
and then nfs mounting that to /home
on the same machine, but that would
be inefficient. But since it looks
like your nfs server is specified as
nfsserver.cohort.org:/xtra/home/
I'm guessing that you just mistyped
above, or I misparsed it.<br>
<br>
The nfs server should not do
automount. And I think this might
be part of the problem: you need it
to do the rest of identity
management, but not autmount. You
can probably just chkconfig off
autofs on the nfs server. I'm not
sure if there is a cleaner solution.<br>
<br>
<br>
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div><br>
</div>
<div>Thanks and regards,</div>
<div>Nidal</div>
<div><br>
</div>
<div><b><br>
</b></div>
<font class="yiv1102794679Apple-style-span" face="arial" size="2">---
On </font><b style="
font-family:arial;font-size:10pt;">Fri,
5/13/11, Adam Young <i><a rel="nofollow" class="yiv1102794679moz-txt-link-rfc2396E"><ayoung@redhat.com></a></i></b><font class="yiv1102794679Apple-style-span" face="arial" size="2"> wrote:</font><br>
<blockquote style="
font-family:arial;font-size:10pt;border-left:2px solid rgb(16, 16, 255);margin-left:5px;padding-left:5px;"><br>
From: Adam Young <a rel="nofollow" class="yiv1102794679moz-txt-link-rfc2396E"><ayoung@redhat.com></a><br>
Subject: Re:
[Freeipa-users] FreeIPA
for Linux desktop
deployment<br>
To: "nasir nasir" <a rel="nofollow" class="yiv1102794679moz-txt-link-rfc2396E"><kollathodi@yahoo.com></a><br>
Cc: <a rel="nofollow" class="yiv1102794679moz-txt-link-abbreviated">freeipa-users@redhat.com</a><br>
Date: Friday, May 13,
2011, 9:29 AM<br>
<br>
<div id="yiv1102794679">
On 05/13/2011 12:13
PM, nasir nasir wrote:
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="
font:inherit;" valign="top">
<div>Adam,</div>
<div><br>
</div>
<div>Thanks
indeed!</div>
<div><br>
</div>
<div>I tried
your
suggestions. </div>
<div><br>
</div>
<div> -- I
can mkdir</div>
<div> -- When
I try to
chown, I get
the following
error</div>
<div><br>
</div>
<div>
<div><b>chown:
changing
ownership of
`nasir':
Operation not
permitted</b></div>
</div>
<div><br>
</div>
<div>Could you
please explain
me what do you
mean by 'You
probably need
rwx
permissions in
/etc/export' ?
This is my
/etc/export
file,</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
see the '(rw' in
those lines? That
indicates read and
write privs, but not
execute. <br>
<br>
I'm not an nfs guru,
so I might be wrong.
this post suggests
that I am wrong: <br>
<br>
<a rel="nofollow" class="yiv1102794679moz-txt-link-freetext" target="_blank" href="http://jackhammer.org/node/7">http://jackhammer.org/node/7</a><br>
<br>
SInce IPA is managing
the IDs, they should
be in sync across the
NFS and autmounted
client machines, but
there might be
something not right in
the setup. if the IPA
server isn't managing
the machine that
serves as your NFS
server, then the IDs
are certainly going to
be out of sync.<br>
<br>
<br>
<br>
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="
font:inherit;" valign="top">
<div><br>
</div>
<div>
<div><b>/xtra
*(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
<div><b>/xtra
gss/krb5(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
<div><b>/xtra
gss/krb5i(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
<div><b>/xtra
gss/krb5p(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
</div>
<div><br>
</div>
<div>Also, I
have
configured a
separate
client machine
(RHEL 6.1) and
configured it
as NFS server
(previously my
NFS server was
IPA server
itself) and
the result is
same. All the
above commands
are from this
client machine
only.</div>
<div><br>
</div>
<div>Thanks
indeed again!</div>
<div><br>
</div>
<div>Regards,</div>
<div>Nidal</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<blockquote style="
border-left:2px solid rgb(16, 16,
255);
margin-left:5px;
padding-left:5px;">
<div id="yiv1102794679">
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="
font:inherit;" valign="top">
<div><font class="yiv1102794679Apple-style-span" size="2"><br>
</font> </div>
<div>
<div><b>oddjob-mkhomedir[16401]:
error setting
permissions on
/home/abc:
Operation not
permitted</b></div>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
It might be a
root squash
issue. My
guess is that
the order of
operations for
creating a
root
directory,
which is done
by root, is:<br>
<br>
1. mkdir
/home/userid<br>
2. chown
uid:gid
/home/userid<br>
<br>
It sounds from
the error
message that
the first
stage
happened, but
NFS is not
allowing the
second stage.
To confirm,
as a root (and
kinit admin)
user on the
client
machine, just
try these two
steps in order
and see if
they still
fail.<br>
<br>
chown is a
different
system call
from mkdir,
and might have
different nfs
enforced
permissions.
You probably
need rwx
permissions in
/etc/export.</div>
<div id="yiv1102794679">
</div>
</blockquote>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</div>
</blockquote>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</div>
</blockquote>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</div>
</blockquote>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</div></blockquote></div></div></td></tr></table>