[Freeipa-users] Kerberized NFS and home automount issues

Prasun Gera prasun.gera at gmail.com
Fri Aug 14 05:14:11 UTC 2015 

Where are you trying to create the home directories ? Is your NFS server
the same as the IPA server ? You can only create home directories on the
NFS home server unless the nfs-client sees the export option
"no_root_squash". That is not recommended though.

On Thu, Aug 13, 2015 at 9:49 AM, Youenn PIOLET <piolet.y at gmail.com> wrote:

> Hi,
>
> I'm currently trying to configure automount for home directories with
> Kerberized NFSv4.
> I'm  struggling with two issues that may or may not be related:
>
> 1) Can't read my home directory. I have to type kinit manually first on
> each integrated client for this to work. I think it is related to the
> latest versions of sssd on Centos 7 / Fedora 21 (1.12.2-58), ipa of maybe
> nss, a 1 or 2 months outdate centos was working first and got broken after
> an update.
>
> 2) Can't create home directories for new users : Permission denied for
> oddjob-mkhomedir script. I can also experience this as root : can't mkdir
> /home/someuser, permission denied (see my mount chain in freeipa below).
> Related to NFSv4?
>
> Here is my setup and various information:
> - I'm not using selinux
> - Exports :
>     /home.shared *(rw,sec=krb5:krb5i:krb5p)
> - Mount chain :
>     * -fstype=nfs4,sec=krb5i,rw,proto=tcp,port=2049,rsize=8192,wsize=8192
> home01.net:/home.shared/&
> - Experienced on Centos 7 and Fedora 21
> - FreeIPA server 4.1.4
> - I used ipa-client-automount on clients and server.
> - Same behavior with/without a dedicated service principal on client
> - Some errors in NFS server logs :
>     rpc.gssd - WARNING: can't create tcp rpc_clnt to server <ipa-server>
> for user with uid 0: RPC: Remote system error - No route to host <-- at
> different times
>     oddjobd: Error
> org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown: Could not
> determine security context for '1:<###>' <-- before oddjob-mkhomedir on new
> user
>
> Have you got the same problems and did you manage to fix them?
>
> Thanks by advance,
> --
> Youenn Piolet
> piolet.y at gmail.com
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150813/92fbbd73/attachment.htm>

More information about the Freeipa-users mailing list