[Freeipa-users] FreeIPA for Linux desktop deployment

Thu May 12 21:32:15 UTC 2011

nasir nasir wrote:
> Adam,
>
> I tried to follow your recommendations with RHEL 6.1 beta on server and
> client machine. Centralized login and such things work. I have NFS
> service too working. But automount is not working. For the time being I
> configured my server as NFS server and created a folder /export as a
> share for creating home folder. I have *pam_oddjob_mkhomedir.so *enabled
> in pam files for autocreation of home folders. Now I can manually mount
> the /export nfs share on the server and the client successfully. But
> when I do that on server for testing and try to login as a new user(e.g
> abc), it is not creating home folder. It gives the following error,
>
> *oddjob-mkhomedir[16401]: error setting permissions on /home/abc:
> Operation not permitted*
>
> I have given 777 for my /export and rw permission in /etc/export. Output
> of the command *ipa automountlocation-tofiles default*.
>
> *
> *
> */etc/auto.master:*
> */- /etc/auto.direct*
> */share /etc/auto.share*
> */home /etc/auto.home*
> *---------------------------*
> */etc/auto.direct:*
> *---------------------------*
> */etc/auto.share:*
> *---------------------------*
> */etc/auto.home:*
> ** -rw,nfs4,sec=krb5,soft,rsize=8192,wsize=8192
> openipa.cohort.org:/export/home/&*
> * *
> I tried reading many docs(RHEL deployment guide, google, FreeIPA doc
> etc). The problem is that they are confusing and conflicting in many cases.
>
> Please advice me how to proceed.

I'd start with system error logs: /var/log/messages, /var/log/secure, 
/var/log/audit/audit.log

rob

>
> Thanks and Regards,
> Nidal
>
>>>>
>>>>                 Nidal,
>>>>
>>>>                 OK, I'd probably do something like this: After
>>>>                 install IPA, add one host as an IPA client with the
>>>>                 following switch: --mkhomedir,, something like
>>>>                 ipa-client-install --mkhomedir -p admin. Then, mount
>>>>                 the directory that you are going to use a /home on
>>>>                 that machine. Once you create users in IPA, the
>>>>                 first time you log in as that user, do so from that
>>>>                 client, and it will attempt to create the home
>>>>                 directory for you. This should be the only machine
>>>>                 that has permissions to create directories under
>>>>                 /home. Now, create an automount location and map,
>>>>                 and create a key for /home
>>>>
>>>>                 The instructions from our test day should get you
>>>>                 started:
>>>>
>>>>                 https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount
>>>>
>>>>
>>>
>>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users