[Freeipa-users] FreeIPA for Linux desktop deployment

Fri May 13 15:31:10 UTC 2011

On 05/12/2011 03:30 PM, nasir nasir wrote:
> Adam,
>
> I tried to follow your recommendations with RHEL 6.1 beta on server 
> and client machine. Centralized login and such things work. I have NFS 
> service too working. But automount is not working.  For the time being 
> I configured my server as NFS server and created a folder /export as a 
> share for creating home folder. I have *pam_oddjob_mkhomedir.so 
> *enabled in pam files for autocreation of home folders. Now I can 
> manually mount the /export nfs share on the server and the client 
> successfully. But when I do that on server for testing and try to 
> login as a new user(e.g abc), it is not creating home folder. It gives 
> the following error,
>
> *oddjob-mkhomedir[16401]: error setting permissions on /home/abc: 
> Operation not permitted*
>

It might be a root squash issue.  My guess is that the order of 
operations for creating a root directory, which is done by root, is:

1.  mkdir /home/userid
2.  chown uid:gid  /home/userid

It sounds from the error message that the first stage happened, but NFS 
is not allowing the second stage.  To confirm,  as a root (and kinit 
admin) user on the client machine, just try these two steps in order and 
see if they still fail.

chown is a different system call from mkdir, and might have different 
nfs enforced permissions.  You probably need rwx permissions in /etc/export.

>
> I have given 777 for my /export and rw permission in /etc/export. 
> Output of the command *ipa automountlocation-tofiles default*.
>
> *
> *
> */etc/auto.master:*
> */-      /etc/auto.direct*
> */share  /etc/auto.share*
> */home   /etc/auto.home*
> *---------------------------*
> */etc/auto.direct:*
> *---------------------------*
> */etc/auto.share:*
> *---------------------------*
> */etc/auto.home:*
> **       -rw,nfs4,sec=krb5,soft,rsize=8192,wsize=8192 
> openipa.cohort.org:/export/home/&*
> **
> I tried reading many docs(RHEL deployment guide, google, FreeIPA doc 
> etc). The problem is that they are confusing and conflicting in many 
> cases.
>

There is a lot of old information on the site that needs to be updated 
to 2.0, and we are working on that.  the more input (tickets logged into 
Trac) we can get for that the better.

>
> Please advice me how to proceed.
>
> Thanks and Regards,
> Nidal
>
>>>>
>>>>                 Nidal,
>>>>
>>>>                 OK, I'd probably do something like this:  After
>>>>                 install IPA, add one host as an IPA client with the
>>>>                 following switch:  --mkhomedir,, something like 
>>>>                 ipa-client-install --mkhomedir -p admin.   Then,
>>>>                 mount the directory that you are going to use a
>>>>                 /home on that machine.  Once you create users in
>>>>                 IPA, the first time you log in as that user, do so
>>>>                 from that client, and it will attempt to create the
>>>>                 home directory for you.    This should be the only
>>>>                 machine that has permissions to create directories
>>>>                 under /home.  Now, create an automount location and
>>>>                 map, and create a key for /home
>>>>
>>>>                 The instructions from our test day should get you
>>>>                 started:
>>>>
>>>>                 https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount
>>>>
>>>>
>>>
>>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110513/c217c390/attachment.htm>