<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>thanks! I'll try to debug at my test environment.<br>
</p>
<br>
<div class="moz-cite-prefix">24.05.2016 18:01, Prasun Gera пишет:<br>
</div>
<blockquote
cite="mid:CAFLz+B=v=8k61mCd7V60Om-tFMuz6VckjgZ9qJp9LeSZQ8cteQ@mail.gmail.com"
type="cite">
<div dir="ltr">You can stop the autofs daemon, and run it in
foreground with automount -fvv. Then try to access the mount
point in parallel. The logs from the foreground run should shed
some light. Also, does your autofs setup work without kerberos ?
As a first step it to work with non-kerberised nfs. </div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, May 23, 2016 at 11:06 AM,
Arthur Fayzullin <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:arthur@deus.pro"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:arthur@deus.pro">arthur@deus.pro</a></a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Good day,
colleagues!<br>
I am confused about how automount work and howto configure
it. I have<br>
tried to configure it according to<br>
<a moz-do-not-send="true"
href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html"
rel="noreferrer" target="_blank">https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html</a><br>
document (paragraph 9.1.1 and chapter 20).<br>
I have tried to make it work on 3 servers:<br>
1. ipa server;<br>
2. nfs server (node00);<br>
3. nfs client (postgres).<br>
<br>
<br>
*** so here how it configured on ipa server:<br>
$ ipa automountlocation-tofiles amantai<br>
/etc/auto.master:<br>
/- /etc/auto.direct<br>
/home /etc/auto.home<br>
---------------------------<br>
/etc/auto.direct:<br>
---------------------------<br>
/etc/auto.home:<br>
* -sec=kr5i,rw,fstype=nfs4
node00.glavsn.ab:/home/&<br>
<br>
maps not connected to /etc/auto.master:<br>
<br>
$ ipa service-find nfs<br>
------------------<br>
2 services matched<br>
------------------<br>
Основной: <a class="moz-txt-link-abbreviated" href="mailto:nfs/node00.glavsn.ab@GLAVSN.AB">nfs/node00.glavsn.ab@GLAVSN.AB</a><br>
Keytab: True<br>
Managed by: node00.glavsn.ab<br>
<br>
Основной: <a class="moz-txt-link-abbreviated" href="mailto:nfs/postgres.glavsn.ab@GLAVSN.AB">nfs/postgres.glavsn.ab@GLAVSN.AB</a><br>
Keytab: True<br>
Managed by: postgres.glavsn.ab<br>
<br>
<br>
*** here is nfs server config:<br>
$ sudo klist -k<br>
Пароль:<br>
Keytab name: <a class="moz-txt-link-freetext" href="FILE:/etc/krb5.keytab">FILE:/etc/krb5.keytab</a><br>
KVNO Principal<br>
----<br>
--------------------------------------------------------------------------<br>
1 <a class="moz-txt-link-abbreviated" href="mailto:host/node00.glavsn.ab@GLAVSN.AB">host/node00.glavsn.ab@GLAVSN.AB</a><br>
1 <a class="moz-txt-link-abbreviated" href="mailto:host/node00.glavsn.ab@GLAVSN.AB">host/node00.glavsn.ab@GLAVSN.AB</a><br>
1 <a class="moz-txt-link-abbreviated" href="mailto:host/node00.glavsn.ab@GLAVSN.AB">host/node00.glavsn.ab@GLAVSN.AB</a><br>
1 <a class="moz-txt-link-abbreviated" href="mailto:host/node00.glavsn.ab@GLAVSN.AB">host/node00.glavsn.ab@GLAVSN.AB</a><br>
2 <a class="moz-txt-link-abbreviated" href="mailto:nfs/node00.glavsn.ab@GLAVSN.AB">nfs/node00.glavsn.ab@GLAVSN.AB</a><br>
2 <a class="moz-txt-link-abbreviated" href="mailto:nfs/node00.glavsn.ab@GLAVSN.AB">nfs/node00.glavsn.ab@GLAVSN.AB</a><br>
2 <a class="moz-txt-link-abbreviated" href="mailto:nfs/node00.glavsn.ab@GLAVSN.AB">nfs/node00.glavsn.ab@GLAVSN.AB</a><br>
2 <a class="moz-txt-link-abbreviated" href="mailto:nfs/node00.glavsn.ab@GLAVSN.AB">nfs/node00.glavsn.ab@GLAVSN.AB</a><br>
<br>
$ cat /etc/exports<br>
/home *(rw,sec=sys:krb5:krb5i:krb5p)<br>
<br>
$ sudo firewall-cmd --list-all<br>
public (default, active)<br>
interfaces: bridge0 enp1s0<br>
sources:<br>
services: dhcpv6-client nfs ssh<br>
ports: 8001/tcp<br>
masquerade: no<br>
forward-ports:<br>
icmp-blocks:<br>
rich rules:<br>
<br>
$ getenforce<br>
Enforcing<br>
<br>
<br>
*** here nfs client config:<br>
# klist -k<br>
Keytab name: <a class="moz-txt-link-freetext" href="FILE:/etc/krb5.keytab">FILE:/etc/krb5.keytab</a><br>
KVNO Principal<br>
----<br>
--------------------------------------------------------------------------<br>
1 <a class="moz-txt-link-abbreviated" href="mailto:host/postgres.glavsn.ab@GLAVSN.AB">host/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a class="moz-txt-link-abbreviated" href="mailto:host/postgres.glavsn.ab@GLAVSN.AB">host/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a class="moz-txt-link-abbreviated" href="mailto:host/postgres.glavsn.ab@GLAVSN.AB">host/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a class="moz-txt-link-abbreviated" href="mailto:host/postgres.glavsn.ab@GLAVSN.AB">host/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a class="moz-txt-link-abbreviated" href="mailto:nfs/postgres.glavsn.ab@GLAVSN.AB">nfs/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a class="moz-txt-link-abbreviated" href="mailto:nfs/postgres.glavsn.ab@GLAVSN.AB">nfs/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a class="moz-txt-link-abbreviated" href="mailto:nfs/postgres.glavsn.ab@GLAVSN.AB">nfs/postgres.glavsn.ab@GLAVSN.AB</a><br>
1 <a class="moz-txt-link-abbreviated" href="mailto:nfs/postgres.glavsn.ab@GLAVSN.AB">nfs/postgres.glavsn.ab@GLAVSN.AB</a><br>
<br>
# firewall-cmd --list-all<br>
FedoraServer (default, active)<br>
interfaces: ens3<br>
sources:<br>
services: cockpit dhcpv6-client ssh<br>
ports:<br>
protocols:<br>
masquerade: no<br>
forward-ports:<br>
icmp-blocks:<br>
rich rules:<br>
<br>
# mount -l (contains next string)<br>
auto.home on /home type autofs<br>
(rw,relatime,fd=25,pgrp=960,timeout=300,minproto=5,maxproto=5,indirect)<br>
<br>
# ll /home/afayzullin<br>
ls says that it cannot access /home/afayzullin: no such file
or directory<br>
<br>
I have run<br>
# ipa-client-automount --location=amantai<br>
on client and it has completed successfully.<br>
<br>
I have tried to disable selinux, drop iptables rules. And
now I am<br>
little confused about what to do next. May if someone has
faced with<br>
automount config can give me some advice, or if there is any
howto<br>
config automount, or some can advise howto debug this
situation?<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Manage your subscription for the Freeipa-users mailing
list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
rel="noreferrer" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go to <a moz-do-not-send="true"
href="http://freeipa.org" rel="noreferrer"
target="_blank">http://freeipa.org</a> for more info
on the project</font></span></blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>