[Freeipa-users] Kerberized NFS and home automount issues
Youenn PIOLET
piolet.y at gmail.com
Fri Aug 14 10:02:31 UTC 2015
Hi,
I didn't know it was only possible to create home on the home nfs server :)
I changed my implementation on home nfs server to make a flat /home
directory (not mounted with autofs from an other directory of the same
server)
2) is now solved: I disabled autofs on the home nfs server, moved files and
mkhomedir now works perfectly.
1) the issue seems to be solved after this, but not instantaneously. I
still see errors on NFS server logs:
WARNING: can't create tcp rpc_clnt to server <ipa-server> for user
with uid 0: RPC: Remote system error - No route to host
but it seems to be working. After creating a new user, I had to wait a few
seconds/minutes for home to be fetchable by autofs.
Thanks a lot.
--
Youenn Piolet
piolet.y at gmail.com
2015-08-14 7:14 GMT+02:00 Prasun Gera <prasun.gera at gmail.com>:
> Where are you trying to create the home directories ? Is your NFS server
> the same as the IPA server ? You can only create home directories on the
> NFS home server unless the nfs-client sees the export option
> "no_root_squash". That is not recommended though.
>
> On Thu, Aug 13, 2015 at 9:49 AM, Youenn PIOLET <piolet.y at gmail.com> wrote:
>
>> Hi,
>>
>> I'm currently trying to configure automount for home directories with
>> Kerberized NFSv4.
>> I'm struggling with two issues that may or may not be related:
>>
>> 1) Can't read my home directory. I have to type kinit manually first on
>> each integrated client for this to work. I think it is related to the
>> latest versions of sssd on Centos 7 / Fedora 21 (1.12.2-58), ipa of maybe
>> nss, a 1 or 2 months outdate centos was working first and got broken after
>> an update.
>>
>> 2) Can't create home directories for new users : Permission denied for
>> oddjob-mkhomedir script. I can also experience this as root : can't mkdir
>> /home/someuser, permission denied (see my mount chain in freeipa below).
>> Related to NFSv4?
>>
>> Here is my setup and various information:
>> - I'm not using selinux
>> - Exports :
>> /home.shared *(rw,sec=krb5:krb5i:krb5p)
>> - Mount chain :
>> * -fstype=nfs4,sec=krb5i,rw,proto=tcp,port=2049,rsize=8192,wsize=8192
>> home01.net:/home.shared/&
>> - Experienced on Centos 7 and Fedora 21
>> - FreeIPA server 4.1.4
>> - I used ipa-client-automount on clients and server.
>> - Same behavior with/without a dedicated service principal on client
>> - Some errors in NFS server logs :
>> rpc.gssd - WARNING: can't create tcp rpc_clnt to server <ipa-server>
>> for user with uid 0: RPC: Remote system error - No route to host <-- at
>> different times
>> oddjobd: Error
>> org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown: Could not
>> determine security context for '1:<###>' <-- before oddjob-mkhomedir on new
>> user
>>
>> Have you got the same problems and did you manage to fix them?
>>
>> Thanks by advance,
>> --
>> Youenn Piolet
>> piolet.y at gmail.com
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150814/bcea9d76/attachment.htm>
More information about the Freeipa-users
mailing list