[Freeipa-users] FreeIPA for Linux desktop deployment

Steven Jones Steven.Jones at vuw.ac.nz
Fri May 13 02:36:14 UTC 2011 

Hi,

Kind of a wild shot, but what mode is selinux in?

I find if its enforcing all sorts of things pop up not working on occasion....

regards


________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of nasir nasir [kollathodi at yahoo.com]
Sent: Friday, 13 May 2011 2:02 p.m.
To: Rob Crittenden
Cc: freeipa-users at redhat.com
Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment


Thanks for the reply Rob ! I had tried with all the log files you mentioned and had kept most of them in debug mode. Tried again now. The only error or clue I could see was the following I already mentioned in my previous mail,

oddjob-mkhomedir[17823]: error setting permissions on /home/nasir: Operation not permitted

I don't think it is a problem due to autofs as this is the error when I am getting while trying to login after MANUALLY MOUTING this partition also! There is some permission blocking oddjob from creating the home folder on the fly. I can't see any debug option for /etc/oddjobd.conf file to go further.

Please help.

Thanks and regards,
Nidal



--- On Thu, 5/12/11, Rob Crittenden <rcritten at redhat.com> wrote:

> From: Rob Crittenden <rcritten at redhat.com>
> Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment
> To: "nasir nasir" <kollathodi at yahoo.com>
> Cc: "Adam Young" <ayoung at redhat.com>, freeipa-users at redhat.com
> Date: Thursday, May 12, 2011, 2:32 PM
> nasir nasir wrote:
> > Adam,
> >
> > I tried to follow your recommendations with RHEL 6.1
> beta on server and
> > client machine. Centralized login and such things
> work. I have NFS
> > service too working. But automount is not working. For
> the time being I
> > configured my server as NFS server and created a
> folder /export as a
> > share for creating home folder. I have
> *pam_oddjob_mkhomedir.so *enabled
> > in pam files for autocreation of home folders. Now I
> can manually mount
> > the /export nfs share on the server and the client
> successfully. But
> > when I do that on server for testing and try to login
> as a new user(e.g
> > abc), it is not creating home folder. It gives the
> following error,
> >
> > *oddjob-mkhomedir[16401]: error setting permissions on
> /home/abc:
> > Operation not permitted*
> >
> > I have given 777 for my /export and rw permission in
> /etc/export. Output
> > of the command *ipa automountlocation-tofiles
> default*.
> >
> > *
> > *
> > */etc/auto.master:*
> > */- /etc/auto.direct*
> > */share /etc/auto.share*
> > */home /etc/auto.home*
> > *---------------------------*
> > */etc/auto.direct:*
> > *---------------------------*
> > */etc/auto.share:*
> > *---------------------------*
> > */etc/auto.home:*
> > ** -rw,nfs4,sec=krb5,soft,rsize=8192,wsize=8192
> > openipa.cohort.org:/export/home/&*
> > * *
> > I tried reading many docs(RHEL deployment guide,
> google, FreeIPA doc
> > etc). The problem is that they are confusing and
> conflicting in many cases.
> >
> > Please advice me how to proceed.
>
> I'd start with system error logs: /var/log/messages,
> /var/log/secure,
> /var/log/audit/audit.log
>
> rob
>
> >
> > Thanks and Regards,
> > Nidal
> >
> >>>>
> >>>>
>      Nidal,
> >>>>
> >>>>
>      OK, I'd probably do something like
> this: After
> >>>>
>      install IPA, add one host as an IPA
> client with the
> >>>>
>      following switch: --mkhomedir,,
> something like
> >>>>
>      ipa-client-install --mkhomedir -p
> admin. Then, mount
> >>>>
>      the directory that you are going to
> use a /home on
> >>>>
>      that machine. Once you create users
> in IPA, the
> >>>>
>      first time you log in as that user,
> do so from that
> >>>>
>      client, and it will attempt to
> create the home
> >>>>
>      directory for you. This should be
> the only machine
> >>>>
>      that has permissions to create
> directories under
> >>>>
>      /home. Now, create an automount
> location and map,
> >>>>
>      and create a key for /home
> >>>>
> >>>>
>      The instructions from our test day
> should get you
> >>>>
>      started:
> >>>>
> >>>>
>      https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount
> >>>>
> >>>>
> >>>
> >>
> >
> >
> >
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
>

More information about the Freeipa-users mailing list