[Freeipa-users] FreeIPA for Linux desktop deployment
Adam Young
ayoung at redhat.com
Tue May 17 14:16:23 UTC 2011
On 05/17/2011 02:03 AM, nasir nasir wrote:
> Further to my previous mail, let us try to isolate it even more by
> comparing the login attempts to the NFS server(hugayat.cohort.org) and
> another IPA client(rhel.cohort.org)
>
> This is the relevant /var/log/message in the two cases
>
> *1. ssh -l nasir hugayat.cohort.org*
>
> May 17 07:45:14 hugayat automount[15767]: get_query_dn: lookup(ldap):
> found search base under cn=automount,dc=cohort,dc=org
> 12 May 17 07:45:14 hugayat automount[15767]: get_query_dn:
> lookup(ldap): found query dn
> automountmapname=auto.home,cn=default,cn=automount,dc=cohort,dc=org
> 13 May 17 07:45:14 hugayat automount[15767]: connected to uri
> ldap://192.168.1.240
> 14 May 17 07:45:14 hugayat automount[15767]: lookup_one:
> lookup(ldap): searching for
> "(&(objectclass=automount)(|(automountKey=nasir)(automountKey=/)(automountKey=\2A)))"
> under "automountmapname=auto.ho
> me,cn=default,cn=automount,dc=cohort,dc=org"
> 15 May 17 07:45:14 hugayat automount[15767]: lookup_one:
> lookup(ldap): getting first entry for automountKey="nasir"
> 16 May 17 07:45:14 hugayat automount[15767]: lookup_one:
> lookup(ldap): examining first entry
> 17 May 17 07:45:14 hugayat automount[15767]: lookup_mount:
> lookup(ldap): nasir ->
> -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192
> hugayat.cohort.org:/xtra/home/&
> 18 May 17 07:45:14 hugayat automount[15767]: parse_mount: parse(sun):
> expanded entry: -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192
> hugayat.cohort.org:/xtra/home/nasir
> 19 May 17 07:45:14 hugayat automount[15767]: parse_mount: parse(sun):
> gathered options: fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192
> 20 May 17 07:45:14 hugayat automount[15767]: parse_mount: parse(sun):
> dequote("hugayat.cohort.org:/xtra/home/nasir") ->
> hugayat.cohort.org:/xtra/home/nasir
> 21 May 17 07:45:14 hugayat automount[15767]: parse_mount: parse(sun):
> core of entry:
> options=fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192,
> loc=hugayat.cohort.org:/xtra/home/nasir
> 22 May 17 07:45:14 hugayat automount[15767]: sun_mount: parse(sun):
> mounting root /home, mountpoint nasir, what
> hugayat.cohort.org:/xtra/home/nasir, fstype nfs4, options
> rw,sec=krb5,soft,rsize=8192,wsiz e=8192
> 23 May 17 07:45:14 hugayat automount[15767]: mount_mount: mount(nfs):
> root=/home name=nasir what=hugayat.cohort.org:/xtra/home/nasir,
> fstype=nfs4, options=rw,sec=krb5,soft,rsize=8192,wsize=8192
> 24 May 17 07:45:14 hugayat automount[15767]: mount_mount: mount(nfs):
> nfs options="rw,sec=krb5,soft,rsize=8192,wsize=8192", nosymlink=0, ro=0
> 25 May 17 07:45:14 hugayat automount[15767]: mount_mount: mount(nfs):
> calling mkdir_path /home/nasir
> 26 May 17 07:45:14 hugayat automount[15767]: mount_mount: mount(nfs):
> *nasir is local, attempt bind mount*
>
I'm guessing that there is some policy enforced by the NFS server here
that lets you do something like this.
...and here's the source code....
http://autofs5.sourcearchive.com/documentation/5.0.4-2/mount__nfs_8c-source.html
Here's the comment right above the line that generates that message.
* If the "port" option is specified, then we don't want
* a bind mount. Use the "port" option if you want to
* avoid attempting a local bind mount, such as when
* tunneling NFS via localhost.
So no surprise that the behavior is different on the NFS server than the
rest of the cluster.
> 27 May 17 07:45:14 hugayat automount[15767]: mount_mount:
> mount(bind): calling mkdir_path /home/nasir
> 28 May 17 07:45:14 hugayat automount[15767]: mount_mount:
> mount(bind): calling mount --bind -s -o defaults /xtra/home/nasir
> /home/nasir
> 29 May 17 07:45:14 hugayat automount[15767]: mount_mount:
> mount(bind): mounted /xtra/home/nasir type bind on /home/nasir
>
> *2. ssh -l rhel.cohort.org*
>
> 7 May 17 07:46:06 rhel automount[15387]: find_server: trying server
> uri ldap://192.168.1.240
> 8 May 17 07:46:06 rhel automount[15387]: do_bind: lookup(ldap):
> auth_required: 1, sasl_mech (null)
> 9 May 17 07:46:06 rhel automount[15387]: do_bind: lookup(ldap): ldap
> simple bind returned 0
> 10 May 17 07:46:06 rhel automount[15387]: get_query_dn: lookup(ldap):
> check search base list
> 11 May 17 07:46:06 rhel automount[15387]: get_query_dn: lookup(ldap):
> found search base under cn=automount,dc=cohort,dc=org
> 12 May 17 07:46:06 rhel automount[15387]: get_query_dn: lookup(ldap):
> found query dn
> automountmapname=auto.home,cn=default,cn=automount,dc=cohort,dc=org
> 13 May 17 07:46:06 rhel automount[15387]: connected to uri
> ldap://192.168.1.240
> 14 May 17 07:46:06 rhel automount[15387]: lookup_one: lookup(ldap):
> searching for
> "(&(objectclass=automount)(|(automountKey=nasir)(automountKey=/)(automountKey=\2A)))"
> under "automountmapname=auto.home,
> cn=default,cn=automount,dc=cohort,dc=org"
> 15 May 17 07:46:06 rhel automount[15387]: lookup_one: lookup(ldap):
> getting first entry for automountKey="nasir"
> 16 May 17 07:46:06 rhel automount[15387]: lookup_one: lookup(ldap):
> examining first entry
> 17 May 17 07:46:06 rhel automount[15387]: lookup_mount: lookup(ldap):
> nasir -> -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192
> hugayat.cohort.org:/xtra/home/&
> 18 May 17 07:46:06 rhel automount[15387]: parse_mount: parse(sun):
> expanded entry: -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192
> hugayat.cohort.org:/xtra/home/nasir
> 19 May 17 07:46:06 rhel automount[15387]: parse_mount: parse(sun):
> gathered options: fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192
> 20 May 17 07:46:06 rhel automount[15387]: parse_mount: parse(sun):
> dequote("hugayat.cohort.org:/xtra/home/nasir") ->
> hugayat.cohort.org:/xtra/home/nasir
> 21 May 17 07:46:06 rhel automount[15387]: parse_mount: parse(sun):
> core of entry:
> options=fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192,
> loc=hugayat.cohort.org:/xtra/home/nasir
> 22 May 17 07:46:06 rhel automount[15387]: sun_mount: parse(sun):
> mounting root /home, mountpoint nasir, what
> hugayat.cohort.org:/xtra/home/nasir, fstype nfs4, options
> rw,sec=krb5,soft,rsize=8192,wsize=8 192
> 23 May 17 07:46:06 rhel automount[15387]: mount_mount: mount(nfs):
> root=/home name=nasir what=hugayat.cohort.org:/xtra/home/nasir,
> fstype=nfs4, options=rw,sec=krb5,soft,rsize=8192,wsize=8192
> 24 May 17 07:46:06 rhel automount[15387]: mount_mount: mount(nfs):
> nfs options="rw,sec=krb5,soft,rsize=8192,wsize=8192", nosymlink=0, ro=0
> 25 May 17 07:46:06 rhel automount[15387]: mount_mount: mount(nfs):
> calling mkdir_path /home/nasir
> 26 May 17 07:46:06 rhel automount[15387]: mount_mount: mount(nfs):
> calling mount -t nfs4 -s -o rw,sec=krb5,soft,rsize=8192,wsize=8192
> hugayat.cohort.org:/xtra/home/nasir /home/nasir
> 27 May 17 07:46:06 rhel automount[15387]: >>*mount.nfs4: mounting
> hugayat.cohort.org:/xtra/home/nasir failed, reason given by server:*
> * 28 May 17 07:46:06 rhel automount[15387]: >> No such file or
> directory*
>
>
> Please compare the lines between 20-30 in both the cases. All the
> parameters are same but in the first case it says the user "nasir is
> local". What does it mean ?
> *
> *
> Thanks and regards,
> Nidal
>
>
> Thanks again! To answer your queries,
>
> -- I get the same error for *su - nasir*
> -- I don't think ssh is not creating oddjobd ; see the error
> in the trailing mail which I am getting in the konsole while
> trying to login. It does try to create home folder
> -- The client IPA machine was created with --mkhomedir switch.
> Also, I can see *pam_oddjob_mkhomedir.so *entry in the system-auth
> and password-auth files of pam(But not in ssh file, though I
> manually tried once to insert in ssh file and then it was trying
> to create the home folder twice while SSHing !!).
> -- As I said in previous mail, Pre-created directories get
> autmounted and setup correctly when I try to login to NFS
> server(cohort.org.hugyat) but NOT to other machines.
> -- When autofs is disabled, directories get created
> successfully in the local hard disk on all the machines configured
> with --mkhomedir switch
>
> Any clue ?
>
> Thanks and regards,
> Nidal
>
>
> Lets try to isolate it a little further. If you log in to
> that machine as root, and then do su - nasir, does it let you
> create the directory or give you the same error? I'm guessing
> it is ssh that is complaining here. If the mount point is set
> up correctly, you should be able to crete and chown the
> /home/nasir directory, either via odd job, or just test it as
> root.
>
> What I am guessing is happening here is that ssh is not
> triggereing the odd job creation of the home directory.
> Either that, or this particular IPA client was run without the
> switch to create the home-dir. If Automount is commented out,
> does the /home/nasir directory get created on the local disk?
>
>
> On 05/16/2011 09:19 PM, nasir nasir wrote:
>> Thanks again!
>>
>> No! it allows auto mount that pre created home folder *ONLY
>> to the NFS server*. For e.g if I have */xtra/home/nasir*
>> alread created, then it automatically mounts while login to
>> NFS server ( ssh -l nasir NFS_SERVER ). But when I try to
>> login as the same user to some other machine ( ssh -l nasir
>> ANY_IPA_MACHINE) it gives the following error,
>>
>> *[root at openipa ~]# ssh -l nasir 192.168.1.222 -X*
>> *nasir at 192.168.1.222's password: *
>> *Creating home directory for nasir.*
>> *Last login: Tue May 17 04:06:43 2011 from openipa.cohort.org*
>> *Could not chdir to home directory /home/nasir: No such file
>> or directory*
>> *-sh-4.1$ ls*
>>
>> So it is not working right ? Hope it is clear to you now.
>>
>> Thanks and regards,
>> Nidal
>>
>>
>>
>>> If I manually create one home folder( e.g
>>> */xtra/home/abc* ) under than, then I can mount it, but
>>> nothing can be written to it by the user as it gives
>>> permission denied error.
>>>
>>
>> Yes, but it should allow the root user to create and
>> chown the directory, so the autocreation of home dirs
>> should work.
>>
>>
>
>
> -----Inline Attachment Follows-----
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com </mc/compose?to=Freeipa-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110517/648c9543/attachment.htm>
More information about the Freeipa-users
mailing list