[Freeipa-users] question about automount config

Arthur Fayzullin arthur at deus.pro
Mon May 30 12:05:39 UTC 2016 

thanks! I'll try to debug at my test environment.


24.05.2016 18:01, Prasun Gera пишет:
> You can stop the autofs daemon, and run it in foreground with
> automount -fvv. Then try to access the mount point in parallel. The
> logs from the foreground run should shed some light. Also, does your
> autofs setup work without kerberos ? As a first step it to work with
> non-kerberised nfs. 
>
> On Mon, May 23, 2016 at 11:06 AM, Arthur Fayzullin <arthur at deus.pro
> <mailto:arthur at deus.pro>> wrote:
>
>     Good day, colleagues!
>     I am confused about how automount work and howto configure it. I have
>     tried to configure it according to
>     https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html
>     document (paragraph 9.1.1 and chapter 20).
>     I have tried to make it work on 3 servers:
>     1. ipa server;
>     2. nfs server (node00);
>     3. nfs client (postgres).
>
>
>     *** so here how it configured on ipa server:
>     $ ipa automountlocation-tofiles amantai
>     /etc/auto.master:
>     /-      /etc/auto.direct
>     /home   /etc/auto.home
>     ---------------------------
>     /etc/auto.direct:
>     ---------------------------
>     /etc/auto.home:
>     *       -sec=kr5i,rw,fstype=nfs4 node00.glavsn.ab:/home/&
>
>     maps not connected to /etc/auto.master:
>
>     $ ipa service-find nfs
>     ------------------
>     2 services matched
>     ------------------
>       Основной: nfs/node00.glavsn.ab at GLAVSN.AB
>       Keytab: True
>       Managed by: node00.glavsn.ab
>
>       Основной: nfs/postgres.glavsn.ab at GLAVSN.AB
>       Keytab: True
>       Managed by: postgres.glavsn.ab
>
>
>     *** here is nfs server config:
>     $ sudo klist -k
>     Пароль:
>     Keytab name: FILE:/etc/krb5.keytab
>     KVNO Principal
>     ----
>     --------------------------------------------------------------------------
>        1 host/node00.glavsn.ab at GLAVSN.AB
>        1 host/node00.glavsn.ab at GLAVSN.AB
>        1 host/node00.glavsn.ab at GLAVSN.AB
>        1 host/node00.glavsn.ab at GLAVSN.AB
>        2 nfs/node00.glavsn.ab at GLAVSN.AB
>        2 nfs/node00.glavsn.ab at GLAVSN.AB
>        2 nfs/node00.glavsn.ab at GLAVSN.AB
>        2 nfs/node00.glavsn.ab at GLAVSN.AB
>
>     $ cat /etc/exports
>     /home *(rw,sec=sys:krb5:krb5i:krb5p)
>
>     $ sudo firewall-cmd --list-all
>     public (default, active)
>       interfaces: bridge0 enp1s0
>       sources:
>       services: dhcpv6-client nfs ssh
>       ports: 8001/tcp
>       masquerade: no
>       forward-ports:
>       icmp-blocks:
>       rich rules:
>
>     $ getenforce
>     Enforcing
>
>
>     *** here nfs client config:
>     # klist -k
>     Keytab name: FILE:/etc/krb5.keytab
>     KVNO Principal
>     ----
>     --------------------------------------------------------------------------
>        1 host/postgres.glavsn.ab at GLAVSN.AB
>        1 host/postgres.glavsn.ab at GLAVSN.AB
>        1 host/postgres.glavsn.ab at GLAVSN.AB
>        1 host/postgres.glavsn.ab at GLAVSN.AB
>        1 nfs/postgres.glavsn.ab at GLAVSN.AB
>        1 nfs/postgres.glavsn.ab at GLAVSN.AB
>        1 nfs/postgres.glavsn.ab at GLAVSN.AB
>        1 nfs/postgres.glavsn.ab at GLAVSN.AB
>
>     # firewall-cmd --list-all
>     FedoraServer (default, active)
>       interfaces: ens3
>       sources:
>       services: cockpit dhcpv6-client ssh
>       ports:
>       protocols:
>       masquerade: no
>       forward-ports:
>       icmp-blocks:
>       rich rules:
>
>     # mount -l  (contains next string)
>     auto.home on /home type autofs
>     (rw,relatime,fd=25,pgrp=960,timeout=300,minproto=5,maxproto=5,indirect)
>
>     # ll /home/afayzullin
>     ls says that it cannot access /home/afayzullin: no such file or
>     directory
>
>     I have run
>     # ipa-client-automount --location=amantai
>     on client and it has completed successfully.
>
>     I have tried to disable selinux, drop iptables rules. And now I am
>     little confused about what to do next. May if someone has faced with
>     automount config can give me some advice, or if there is any howto
>     config automount, or some can advise howto debug this situation?
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     Go to http://freeipa.org for more info on the project
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160530/5ee1112a/attachment.htm>

More information about the Freeipa-users mailing list