[Freeipa-users] Synology DSM5 and freeIPA
Roberto Cornacchia
roberto.cornacchia at gmail.com
Thu Mar 19 20:18:57 UTC 2015
It's possible that I'm simply not getting the point, or that I don't
understand the documentation correctly, but this is what I don't find clear:
I had seen the instructions you pointed me at. These are not specifically
about home directories.
However, this section is:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#homedir-reqs
It first suggests that automatic creation of home directories over NFS
shares is possible: just automount /home and then use pam_oddjob_mkhomedir
or pam_mkhomedir to create homedirs at first login.
But then it also suggests that mounting the whole /home tree could be an
issue, and says: "*Use automount to mount only the user's home directory
and only when the user logs in, rather than loading the entire /home tree."*
That means that automatic homedir creation is out of the game, doesn't it?
That's what I find confusing. What's the recommended way?
On 19 March 2015 at 20:49, Dmitri Pal <dpal at redhat.com> wrote:
> On 03/19/2015 02:46 PM, Roberto Cornacchia wrote:
>
> Hi Dmitri,
>
> I do realise my question is borderline and I accept that it is
> considered off-topic.
>
> I did post it here because I believe it's not *only* about NFS, but also
> about its interaction with freeIPA. The issue of NFS home and in particular
> about their creation is touched in all the links I posted (all about
> freeIPA) and never really answered.
>
>
> This is what documented and recommended:
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#kerb-nfs
>
> RHEL6 has a similar chapter in its doc set though books have changed
> significantly between 6 and 7.
>
> I do not see any chicken and egg problem there.
> The instructions show how to create home dirs on the first login.
>
> It mounts the volume and then creates dirs on it as users log in if they
> are not already there.
>
> It is unclear what problem you see with doing it the way it is recommended.
>
>
>
> Best,
> Roberto
>
> On 19 March 2015 at 19:36, Dmitri Pal <dpal at redhat.com> wrote:
>
>> On 03/19/2015 05:29 AM, Roberto Cornacchia wrote:
>>
>> On 6 March 2015 at 11:15, Martin Kosek <mkosek at redhat.com> wrote:
>>
>>> On 03/06/2015 10:56 AM, Roberto Cornacchia wrote:
>>>
>>>> Hi there,
>>>>
>>>> I'm planning to deploy freeIPA on our lan.
>>>> It's small-ish and completely based on FC21, so I expect everything to
>>>> work
>>>> like a charm.
>>>>
>>>> Except one detail. We have Synology NAS station, which uses DSM 5.0.
>>>> The ideal plan is to use it as host for shared NFS home dirs once we
>>>> switch our
>>>> desktops to freeIPA.
>>>>
>>>
>>> Great!
>>>
>>>>
>>>>
>> Hello,
>>
>> The first thing I'm struggling with is to find the correct approach
>> about NFS home dirs.
>> The ideal setting would be:
>> - home dirs on the NAS
>> - IPA manages automount maps
>> - home dirs are created automatically at first login
>>
>> The documentation I could find on these topics includes only
>> not-so-recent pages (anything I missed?):
>>
>> http://wiki.linux-nfs.org/wiki/index.php/NFS_and_FreeIPA
>>
>> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/automount.html
>>
>> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/users.html#home-directories
>>
>> http://adam.younglogic.com/2011/06/automount-and-home-directory-creation/
>>
>> Now, I admit I don't have much experience with setting up NFS homes,
>> with or without freeIPA, so trying to get this done correctly in the
>> context of freeIPA and without clear howtos isn't very easy, but I'm
>> willing to get my hands dirty.
>>
>> The first problem I struggle with is on the correct approach.
>> From the documentation above, I understand that there is a bit of a
>> chicken-egg problem about the creation of home dirs.
>> On the one hand, it would be optimal to have automount maps to load only
>> single home dirs on demand, rather than the entire /home tree.
>> On the other hand, if the /home tree is not available, then creating
>> /home/user1 dir automatically isn't really possible.
>>
>> Just mounting the whole /home tree would make things easier, but I
>> don't have a feeling of when it starts to become a performance issue
>> (assuming recent hardware and up to date software). 10 users? 50? 100? 500?
>> No idea.
>> The realm I'm dealing with at the moment is in the range of 5-10 users
>> and probably won't be larger than 50 in the next few years (and if it will,
>> it means things are going well, so what the heck ;)
>> Also true that, with such few users, I could just create the homedirs
>> manually when needed (this is not an organisation where many users come and
>> go) and just mount the individually.
>> Any tips about this?
>>
>> Best, Roberto
>>
>>
>>
>>
>> Some of these questions are really outside the scope of this list.
>> You might consider asking them on the NFS list.
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager IdM portfolio
>> Red Hat, Inc.
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>>
>
>
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150319/9b06b8ec/attachment.htm>
More information about the Freeipa-users
mailing list