[Freeipa-users] question about automount config

Arthur Fayzullin arthur at deus.pro
Mon May 23 15:06:55 UTC 2016 

Good day, colleagues!
I am confused about how automount work and howto configure it. I have
tried to configure it according to
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html
document (paragraph 9.1.1 and chapter 20).
I have tried to make it work on 3 servers:
1. ipa server;
2. nfs server (node00);
3. nfs client (postgres).


*** so here how it configured on ipa server:
$ ipa automountlocation-tofiles amantai
/etc/auto.master:
/-      /etc/auto.direct
/home   /etc/auto.home
---------------------------
/etc/auto.direct:
---------------------------
/etc/auto.home:
*       -sec=kr5i,rw,fstype=nfs4 node00.glavsn.ab:/home/&

maps not connected to /etc/auto.master:

$ ipa service-find nfs
------------------
2 services matched
------------------
  Основной: nfs/node00.glavsn.ab at GLAVSN.AB
  Keytab: True
  Managed by: node00.glavsn.ab

  Основной: nfs/postgres.glavsn.ab at GLAVSN.AB
  Keytab: True
  Managed by: postgres.glavsn.ab


*** here is nfs server config:
$ sudo klist -k
Пароль:
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   1 host/node00.glavsn.ab at GLAVSN.AB
   1 host/node00.glavsn.ab at GLAVSN.AB
   1 host/node00.glavsn.ab at GLAVSN.AB
   1 host/node00.glavsn.ab at GLAVSN.AB
   2 nfs/node00.glavsn.ab at GLAVSN.AB
   2 nfs/node00.glavsn.ab at GLAVSN.AB
   2 nfs/node00.glavsn.ab at GLAVSN.AB
   2 nfs/node00.glavsn.ab at GLAVSN.AB

$ cat /etc/exports
/home *(rw,sec=sys:krb5:krb5i:krb5p)

$ sudo firewall-cmd --list-all
public (default, active)
  interfaces: bridge0 enp1s0
  sources:
  services: dhcpv6-client nfs ssh
  ports: 8001/tcp
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

$ getenforce
Enforcing


*** here nfs client config:
# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   1 host/postgres.glavsn.ab at GLAVSN.AB
   1 host/postgres.glavsn.ab at GLAVSN.AB
   1 host/postgres.glavsn.ab at GLAVSN.AB
   1 host/postgres.glavsn.ab at GLAVSN.AB
   1 nfs/postgres.glavsn.ab at GLAVSN.AB
   1 nfs/postgres.glavsn.ab at GLAVSN.AB
   1 nfs/postgres.glavsn.ab at GLAVSN.AB
   1 nfs/postgres.glavsn.ab at GLAVSN.AB

# firewall-cmd --list-all
FedoraServer (default, active)
  interfaces: ens3
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

# mount -l  (contains next string)
auto.home on /home type autofs
(rw,relatime,fd=25,pgrp=960,timeout=300,minproto=5,maxproto=5,indirect)

# ll /home/afayzullin
ls says that it cannot access /home/afayzullin: no such file or directory

I have run
# ipa-client-automount --location=amantai
on client and it has completed successfully.

I have tried to disable selinux, drop iptables rules. And now I am
little confused about what to do next. May if someone has faced with
automount config can give me some advice, or if there is any howto
config automount, or some can advise howto debug this situation?

More information about the Freeipa-users mailing list