[Freeipa-users] NFS Automount Domain Homedirs
Sadettin Albasan
tekturk at gmail.com
Wed Sep 30 13:47:56 UTC 2015
Hi Alexander,
Currently;
FreeIPA 7.1 (Centos)
Client 6.6 (Centos)
NFS 6.6 (Centos) + Samba 3.6
I have also samba file sharing running on NFS server which shares home
directories to windows users as well. So NFS server is joined to windows
domain as well as FreeIPA domain.
*FreeIPA Server Automount Conf:*
/etc/auto.master:
/- /etc/auto.direct
/home /etc/auto.home
---------------------------
/etc/auto.direct:
---------------------------
/etc/auto.home:
* -rw,no_subtree_check,crossmnt,sec=krb5i itifs01.itiad.my.ca:
/samba/homes/&
maps not connected to /etc/auto.master:
*NFS Server Krb5.conf:*
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = FREEIPA.MY.CA
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
FREEIPA.MY.CA = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.FREEIPA.MY.CA = FREEIPA.MY.CA
FREEIPA.MY.CA = FREEIPA.MY.CA
.itiad.my.ca = FREEIPA.MY.CA
itiad.my.ca = FREEIPA.MY.CA
*NFS Server sssd.conf:*
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = FREEIPA.my.CA
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ldap_tls_cacert = /etc/ipa/ca.crt
ipa_hostname = itifs01.itiad.my.ca
chpass_provider = ipa
ipa_dyndns_update = True
ipa_server = _srv_, server.freeipa.my.ca
dns_discovery_domain = FREEIPA.my.CA
[sssd]
services = nss, sudo, pam, ssh
config_file_version = 2
domains = FREEIPA.MY.CA
[nss]
homedir_substring = /home
[pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
*Client Krb5.conf:*
includedir /var/lib/sss/pubconf/krb5.include.d/
[libdefaults]
default_realm = FREEIPA.MY.CA
dns_lookup_realm = true
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
[realms]
FREEIPA.MY.CA = {
pkinit_anchors = FILE:/etc/ipa/ca.crt
}
[domain_realm]
.freeipa.my.ca = FREEIPA.MY.CA
freeipa.my.ca = FREEIPA.MY.CA
*Client SSSD.conf:*
cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = freeipa.my.ca
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname = client2.freeipa.my.ca
chpass_provider = ipa
ipa_server = _srv_, server.freeipa.my.ca
ldap_tls_cacert = /etc/ipa/ca.crt
autofs_provider = ipa
ipa_automount_location = default
[sssd]
default_domain_suffix = itiad.my.ca
services = nss, sudo, pam, autofs, ssh
config_file_version = 2
domains = freeipa.my.ca
[nss]
homedir_substring = /home
[pam]
[sudo]
[autofs]
[ssh]
[pac]
[ifp]
Thanks,
On 29 September 2015 at 10:47, Alexander Bokovoy <abokovoy at redhat.com>
wrote:
> On Tue, 29 Sep 2015, Sadettin Albasan wrote:
>
>> I have a freeipa server and a trust relation with AD domain with almost
>> everything working the way I planned except automounting NFS home
>> directories for domain users. I have been reading about this on the net
>> for
>> almost a week, ended up trying a lot of different configurations, but I
>> had
>> no success to it. The closest I came to was removing krb5 authentication
>> from the export and mount options. it is only then able to mount the
>> directories. Since I have not seen any official guidelines about it, is
>> this in works or any plan to implement? Thanks.
>>
> As usual, more details are required about server and client
> configuration/software in order to even guess your problems.
>
> What provides NFS storage? What is used on the client machines? How
> identity mapping is configured. Give examples of your configuration.
>
> There are some issues in NFS identity mapping code that were fixed
> relatively recently and which prevented use of POSIX users with '@' in
> the name, for example.
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150930/d4ce7133/attachment.htm>
More information about the Freeipa-users
mailing list