<html><head><style type="text/css"></style></head><body><div style="font-size: 13px;color: rgb(0, 0, 0);font-family: arial,sans-serif;"><style type="text/css"></style><div style="font-size: 13px;color: rgb(0, 0, 0);font-family: arial,sans-serif;">Ben,<br><br>First, you will need to create the automount map in FreeIPA.<br><br>Example of adding automount maps from the CLI on the IPA server:<br>1). Get TGT for admin user (or equivalent) <br>kinit admin<br><br>2). Create automount map<br>ipa automountmap-add default auto.home<br><br>3). Add auto.home to auto.master<br>ipa automountkey-add default --key "/home/domain.org" --info auto.home auto.master<br><br>4). Add key for user accounts<br>ipa automountkey-add default --key "*" --info "-fstype=nfs3,rw filer.domain.org:/exports/home/&" auto.home<br> <br>Note: the above command assumes that you have a filer with a FQDN of "filer.domain.org" and NFS exported directory "/exports/home/".<br><br>5). Then on the filer, you will need to create directories for each user under /exports/home/ and set the ownership and perms.<br>mkdir /exports/home/username<br>cp /etc/skel/.* /exports/home/username<br>chown -R username:username /exports/home/username<br>chmod 770 /exports/home/username<br><br>Note: if you can't login to the filer and run commands, then you might have to manually mount the /exports/home onto a box with "root nosquash" option turned on so that you can create the directories and permissions manually.<br><br>6). On the client machines, turn off the mkhomedir option (this doesn't work with automounted home dirs).<br>authconfig --disablemkhomedir --update<br><br>7). Create mount point for home dir on client machines.<br>mkdir /home/domain.org<br><br>8). On the client machines, turn on the automount option.<br>ipa-client-automount --location=default<br><br>9). On the client machines, make sure the autofs service is enabled and running.<br>systemctl enable autofs<br>systemctl start autofs<br><br>10). Test automount by logging into the client.<br><br>That should do it!<br><br>-Mike<br><blockquote style="padding-left: 5px; margin-left: 0px; border-left: #0000ff 2px solid; font-weight: normal; font-style: normal; text-decoration: none; font-size: 10pt; font-family: arial,sans-serif; color: black;">-----Original Message----- <br>From: "Ben .T.George" <bentech4you@gmail.com> <br>Sent: May 18, 2016 10:03 AM <br>To: Michael ORourke <mrorourke@earthlink.net> <br>Cc: freeipa-users <freeipa-users@redhat.com> <br>Subject: Re: [Freeipa-users] AD users home directory automount <br><br><div dir="ltr">HI,<div><br></div><div>Thanks for the reply.</div><div><br></div><div>actually i don't want to share from my Trusted AD. My san has cifs and NFS capability.</div><div><br></div><div>in this case how can i proceed? usually while installing client, i used to give below options</div><div><br></div><div><font face="Tahoma" size="2"><span style="font-size:10pt">ipa-client-install --server <span style="font-size:15px"><span style="font-family:Calibri">global</span></span></span></font><font face="Calibri"><span style="font-size:11pt">.ipa.local </span></font> <font face="Tahoma" size="2"><span style="font-size:10pt">--domain ipa.local --mkhomedir --fixed-primary</span></font> <br></div><div><br></div><div>so whenever user loggedin, it creates home directory automatically under /home/DOMAIN/user.</div><div><br></div><div>regards,</div><div>Ben</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 18, 2016 at 4:00 PM, Michael ORourke <span dir="ltr"><<a target="_blank" href="mailto:mrorourke@earthlink.net">mrorourke@earthlink.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-size:13px;color:rgb(0,0,0);font-family:arial,sans-serif"><div style="font-size:13px;color:rgb(0,0,0);font-family:arial,sans-serif">Yes, because you can point the automount maps to whatever device you want. NFSv4 might be more tricky to setup on a SAN device and may or may not work depending on the software/firmware of the device. NFSv3 is a well supported protocol across SAN vendors and you should not have any problems setting that up. I've used Openfiler on a white-box SAN with home dirs and automount maps which is working fine for us.<br>I wonder if you could do some sort of CIFS home dir automount with a SAN that is joined to an AD domain which is trusted by FreeIPA? Seems like this would be feasible.<br><br>-Mike<br><br><blockquote style="padding-left:5px;margin-left:0px;border-left:#0000ff 2px solid;font-weight:normal;font-style:normal;text-decoration:none;font-size:10pt;font-family:arial,sans-serif;color:black"><span class="">-----Original Message----- <br>From: "Ben .T.George" <u></u> <br>Sent: May 18, 2016 7:38 AM <br>To: freeipa-users <u></u> <br>Subject: [Freeipa-users] AD users home directory automount <br><br></span><div dir="ltr"><span class="">HI LIst,<div><br></div><div>Is it possible to mount home directories of AD authenticated users from external source(like san or fileshare)</div><div><br></div></span><div>Regards,</div><div>Ben</div></div> <u></u><u></u></blockquote></div></div></div> <br>--<br> Manage your subscription for the Freeipa-users mailing list:<br> <a target="_blank" href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br> Go to <a target="_blank" href="http://freeipa.org" rel="noreferrer">http://freeipa.org</a> for more info on the project<br></blockquote></div><br></div> </freeipa-users@redhat.com></mrorourke@earthlink.net></bentech4you@gmail.com></blockquote></div></div></body></html>