<div dir="ltr">It's possible that I'm simply not getting the point, or that I don't understand the documentation correctly, but this is what I don't find clear:<div><br></div><div>I had seen the instructions you pointed me at. These are not specifically about home directories.</div><div><br></div><div>However, this section is: <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#homedir-reqs">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#homedir-reqs</a> <br></div><div><br></div><div>It first suggests that automatic creation of home directories over NFS shares is possible: just automount /home and then use pam_oddjob_mkhomedir or pam_mkhomedir to create homedirs at first login.</div><div><br></div><div>But then it also suggests that mounting the whole /home tree could be an issue, and says: "<i>Use automount to mount only the user's home directory and only when the user logs in, rather than loading the entire /home tree."</i></div><div><i><br></i></div><div>That means that automatic homedir creation is out of the game, doesn't it?</div><div><br></div><div>That's what I find confusing. What's the recommended way?</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 19 March 2015 at 20:49, Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div text="#000000" bgcolor="#FFFFFF"><span class=""> <div>On 03/19/2015 02:46 PM, Roberto Cornacchia wrote:<br> </div> <blockquote type="cite"> <div dir="ltr">Hi Dmitri, <div><br> </div> <div>I do realise my question is borderline and I accept that it is considered off-topic.</div> <div><br> </div> <div>I did post it here because I believe it's not *only* about NFS, but also about its interaction with freeIPA. The issue of NFS home and in particular about their creation is touched in all the links I posted (all about freeIPA) and never really answered.</div> <div><br> </div> </div> </blockquote> <br></span> This is what documented and recommended:<br> <a href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#kerb-nfs" target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#kerb-nfs</a><br> <br> RHEL6 has a similar chapter in its doc set though books have changed significantly between 6 and 7.<br> <br> I do not see any chicken and egg problem there.<br> The instructions show how to create home dirs on the first login.<br> <br> It mounts the volume and then creates dirs on it as users log in if they are not already there.<br> <br> It is unclear what problem you see with doing it the way it is recommended.<div><div class="h5"><br> <br> <br> <blockquote type="cite"> <div dir="ltr"> <div>Best,</div> <div>Roberto</div> </div> <div class="gmail_extra"><br> <div class="gmail_quote">On 19 March 2015 at 19:36, Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote"> <div> <div> <div> <div>On 03/19/2015 05:29 AM, Roberto Cornacchia wrote:<br> </div> <blockquote type="cite"> <div dir="ltr"> <div class="gmail_extra"> <div class="gmail_quote">On 6 March 2015 at 11:15, Martin Kosek <span dir="ltr"><<a href="mailto:mkosek@redhat.com" target="_blank">mkosek@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote"><span>On 03/06/2015 10:56 AM, Roberto Cornacchia wrote:<br> <blockquote class="gmail_quote"> Hi there,<br> <br> I'm planning to deploy freeIPA on our lan.<br> It's small-ish and completely based on FC21, so I expect everything to work<br> like a charm.<br> <br> Except one detail. We have Synology NAS station, which uses DSM 5.0.<br> The ideal plan is to use it as host for shared NFS home dirs once we switch our<br> desktops to freeIPA.<br> </blockquote> <br> </span> Great!<span><br> <blockquote class="gmail_quote"><br> </blockquote> </span></blockquote> <div><br> </div> <div>Hello,</div> <div><br> </div> <div>The first thing I'm struggling with is to find the correct approach about NFS home dirs.</div> <div>The ideal setting would be:</div> <div>- home dirs on the NAS</div> <div>- IPA manages automount maps</div> <div>- home dirs are created automatically at first login</div> <div><br> </div> <div>The documentation I could find on these topics includes only not-so-recent pages (anything I missed?):</div> <div><br> </div> <div> <div> <div><a href="http://wiki.linux-nfs.org/wiki/index.php/NFS_and_FreeIPA" target="_blank">http://wiki.linux-nfs.org/wiki/index.php/NFS_and_FreeIPA</a><br> </div> <div><a href="http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/automount.html" target="_blank">http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/automount.html</a><br> </div> <div><a href="http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/users.html#home-directories" target="_blank">http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/users.html#home-directories</a><br> </div> <div><a href="http://adam.younglogic.com/2011/06/automount-and-home-directory-creation/" target="_blank">http://adam.younglogic.com/2011/06/automount-and-home-directory-creation/</a><br> </div> <div><br> </div> <div>Now, I admit I don't have much experience with setting up NFS homes, with or without freeIPA, so trying to get this done correctly in the context of freeIPA and without clear howtos isn't very easy, but I'm willing to get my hands dirty.</div> </div> </div> <div><br> </div> <div>The first problem I struggle with is on the correct approach. </div> <div>From the documentation above, I understand that there is a bit of a chicken-egg problem about the creation of home dirs.</div> <div>On the one hand, it would be optimal to have automount maps to load only single home dirs on demand, rather than the entire /home tree. </div> <div>On the other hand, if the /home tree is not available, then creating /home/user1 dir automatically isn't really possible.</div> <div><br> </div> <div>Just mounting the whole /home tree would make things easier, but I don't have a feeling of when it starts to become a performance issue (assuming recent hardware and up to date software). 10 users? 50? 100? 500? No idea.</div> <div>The realm I'm dealing with at the moment is in the range of 5-10 users and probably won't be larger than 50 in the next few years (and if it will, it means things are going well, so what the heck ;)</div> <div>Also true that, with such few users, I could just create the homedirs manually when needed (this is not an organisation where many users come and go) and just mount the individually.</div> <div>Any tips about this?</div> <div><br> </div> <div>Best, Roberto</div> <div><br> </div> <div> </div> </div> </div> </div> <br> <fieldset></fieldset> <br> </blockquote> </div> </div> Some of these questions are really outside the scope of this list.<br> You might consider asking them on the NFS list.<span><br> <br> <pre cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.</pre> </span></div> <br> --<br> Manage your subscription for the Freeipa-users mailing list:<br> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br> Go to <a href="http://freeipa.org" target="_blank">http://freeipa.org</a> for more info on the project<br> </blockquote> </div> <br> </div> <br> <fieldset></fieldset> <br> </blockquote> <br> <br> <pre cols="72">-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.</pre> </div></div></div> <br>--<br> Manage your subscription for the Freeipa-users mailing list:<br> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br> Go to <a href="http://freeipa.org" target="_blank">http://freeipa.org</a> for more info on the project<br></blockquote></div><br></div>