[Freeipa-users] question about automount config

Tue May 24 13:01:16 UTC 2016

You can stop the autofs daemon, and run it in foreground with automount
-fvv. Then try to access the mount point in parallel. The logs from the
foreground run should shed some light. Also, does your autofs setup work
without kerberos ? As a first step it to work with non-kerberised nfs.

On Mon, May 23, 2016 at 11:06 AM, Arthur Fayzullin <arthur at deus.pro> wrote:

> Good day, colleagues!
> I am confused about how automount work and howto configure it. I have
> tried to configure it according to
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html
> document (paragraph 9.1.1 and chapter 20).
> I have tried to make it work on 3 servers:
> 1. ipa server;
> 2. nfs server (node00);
> 3. nfs client (postgres).
>
>
> *** so here how it configured on ipa server:
> $ ipa automountlocation-tofiles amantai
> /etc/auto.master:
> /-      /etc/auto.direct
> /home   /etc/auto.home
> ---------------------------
> /etc/auto.direct:
> ---------------------------
> /etc/auto.home:
> *       -sec=kr5i,rw,fstype=nfs4 node00.glavsn.ab:/home/&
>
> maps not connected to /etc/auto.master:
>
> $ ipa service-find nfs
> ------------------
> 2 services matched
> ------------------
>   Основной: nfs/node00.glavsn.ab at GLAVSN.AB
>   Keytab: True
>   Managed by: node00.glavsn.ab
>
>   Основной: nfs/postgres.glavsn.ab at GLAVSN.AB
>   Keytab: True
>   Managed by: postgres.glavsn.ab
>
>
> *** here is nfs server config:
> $ sudo klist -k
> Пароль:
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
>    1 host/node00.glavsn.ab at GLAVSN.AB
>    1 host/node00.glavsn.ab at GLAVSN.AB
>    1 host/node00.glavsn.ab at GLAVSN.AB
>    1 host/node00.glavsn.ab at GLAVSN.AB
>    2 nfs/node00.glavsn.ab at GLAVSN.AB
>    2 nfs/node00.glavsn.ab at GLAVSN.AB
>    2 nfs/node00.glavsn.ab at GLAVSN.AB
>    2 nfs/node00.glavsn.ab at GLAVSN.AB
>
> $ cat /etc/exports
> /home *(rw,sec=sys:krb5:krb5i:krb5p)
>
> $ sudo firewall-cmd --list-all
> public (default, active)
>   interfaces: bridge0 enp1s0
>   sources:
>   services: dhcpv6-client nfs ssh
>   ports: 8001/tcp
>   masquerade: no
>   forward-ports:
>   icmp-blocks:
>   rich rules:
>
> $ getenforce
> Enforcing
>
>
> *** here nfs client config:
> # klist -k
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
>    1 host/postgres.glavsn.ab at GLAVSN.AB
>    1 host/postgres.glavsn.ab at GLAVSN.AB
>    1 host/postgres.glavsn.ab at GLAVSN.AB
>    1 host/postgres.glavsn.ab at GLAVSN.AB
>    1 nfs/postgres.glavsn.ab at GLAVSN.AB
>    1 nfs/postgres.glavsn.ab at GLAVSN.AB
>    1 nfs/postgres.glavsn.ab at GLAVSN.AB
>    1 nfs/postgres.glavsn.ab at GLAVSN.AB
>
> # firewall-cmd --list-all
> FedoraServer (default, active)
>   interfaces: ens3
>   sources:
>   services: cockpit dhcpv6-client ssh
>   ports:
>   protocols:
>   masquerade: no
>   forward-ports:
>   icmp-blocks:
>   rich rules:
>
> # mount -l  (contains next string)
> auto.home on /home type autofs
> (rw,relatime,fd=25,pgrp=960,timeout=300,minproto=5,maxproto=5,indirect)
>
> # ll /home/afayzullin
> ls says that it cannot access /home/afayzullin: no such file or directory
>
> I have run
> # ipa-client-automount --location=amantai
> on client and it has completed successfully.
>
> I have tried to disable selinux, drop iptables rules. And now I am
> little confused about what to do next. May if someone has faced with
> automount config can give me some advice, or if there is any howto
> config automount, or some can advise howto debug this situation?
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160524/da95a243/attachment.htm>