[Freeipa-users] Problem automounting home shares

Ronald Wimmer ronaldw at ronzo.at
Wed Apr 12 08:56:26 UTC 2017 

Hi,

I am trying to automount user home shares from an NFS server. Up to now, 
without success.

Some details regarding my setup: I have a CentOS 7.3 machine acting as 
an NFS server. It is a host within my IPA domain and enrolled as an IPA 
client.

[root at ipanfs ~]# cat /etc/exports

/homeshare	*(rw,sec=krb5:krb5i:krb5p)


I followed this guide 
https://blog.delouw.ch/2015/03/14/using-ipa-to-provide-automount-maps-for-nfsv4-home-directories/

I defined a automount location called ipauserhome. In this location I 
have a map called auto.home with this content:

*     -fstype=nfs4,rw,sec=krb5 ipanfs.linux.oebb.at:/homeshare/&

On an ipa client I just did "ipa-client-automount 
--location=ipauserhome" and "authconfig --enablemkhomedir --update".

When I login on the ipa client I get the error message "Could not chdir 
to home directory [...] No such file or directory.".

I see that home is mounted on the client

auto.home on /home type autofs 
(rw,relatime,fd=12,pgrp=1079,timeout=300,minproto=5,maxproto=5,indirect)

[root at testclient ~]# ls -alh /home

total 4,0K

drwxr-xr-x.  2 root root    0 12. Apr 10:22 .

dr-xr-xr-x. 17 root root 4,0K 11. Apr 17:52 ..


but for some reason it works not as expected. SELinux is set to 
permissive on both NFS server and the ipa client. Nevertheless, I get a 
suspicious message in /var/log/messages:

Apr 12 10:22:48 testclient dbus[804]: [system] Successfully activated 
service 'org.fedoraproject.Setroubleshootd'

Apr 12 10:22:48 testclient dbus-daemon: dbus[804]: [system] Successfully 
activated service 'org.fedoraproject.Setroubleshootd'

Apr 12 10:22:49 testclient setroubleshoot: SELinux is preventing 
/usr/libexec/oddjob/mkhomedir from write access on the directory /. For 
complete SELinux messages. run sealert -l 
76dd44bd-9ba6-4bf3-ba75-72834533cb0e

Apr 12 10:22:49 testclient python: SELinux is preventing 
/usr/libexec/oddjob/mkhomedir from write access on the directory 
/.#012#012*****  Plugin catchall (100. confidence) suggests 
**************************#012#012If you believe that mkhomedir should 
be allowed write access on the  directory by default.#012Then you should 
report this as a bug.#012You can generate a local policy module to allow 
this access.#012Do#012allow this access for now by executing:#012# 
ausearch -c 'mkhomedir' --raw | audit2allow -M my-mkhomedir#012# 
semodule -i my-mkhomedir.pp#012

Apr 12 10:22:49 testclient setroubleshoot: SELinux is preventing 
/usr/libexec/oddjob/mkhomedir from write access on the directory /. For 
complete SELinux messages. run sealert -l 
76dd44bd-9ba6-4bf3-ba75-72834533cb0e

Apr 12 10:22:49 testclient python: SELinux is preventing 
/usr/libexec/oddjob/mkhomedir from write access on the directory 
/.#012#012*****  Plugin catchall (100. confidence) suggests 
**************************#012#012If you believe that mkhomedir should 
be allowed write access on the  directory by default.#012Then you should 
report this as a bug.#012You can generate a local policy module to allow 
this access.#012Do#012allow this access for now by executing:#012# 
ausearch -c 'mkhomedir' --raw | audit2allow -M my-mkhomedir#012# 
semodule -i my-mkhomedir.pp#012

Apr 12 10:22:49 testclient setroubleshoot: SELinux is preventing 
/usr/libexec/oddjob/mkhomedir from write access on the directory /. For 
complete SELinux messages. run sealert -l 
76dd44bd-9ba6-4bf3-ba75-72834533cb0e

Apr 12 10:22:49 testclient python: SELinux is preventing 
/usr/libexec/oddjob/mkhomedir from write access on the directory 
/.#012#012*****  Plugin catchall (100. confidence) suggests 
**************************#012#012If you believe that mkhomedir should 
be allowed write access on the  directory by default.#012Then you should 
report this as a bug.#012You can generate a local policy module to allow 
this access.#012Do#012allow this access for now by executing:#012# 
ausearch -c 'mkhomedir' --raw | audit2allow -M my-mkhomedir#012# 
semodule -i my-mkhomedir.pp#012

Apr 12 10:23:51 testclient automount[1079]: st_expire: state 1 path /home

Apr 12 10:23:51 testclient automount[1079]: expire_proc: exp_proc = 
139761696524032 path /home

Apr 12 10:23:51 testclient automount[1079]: expire_cleanup: got thid 
139761696524032 path /home stat 0

Apr 12 10:23:51 testclient automount[1079]: expire_cleanup: sigchld: exp 
139761696524032 finished, switching from 2 to 1

Apr 12 10:23:51 testclient automount[1079]: st_ready: st_ready(): state 
= 2 path /home

Apr 12 10:25:06 testclient automount[1079]: st_expire: state 1 path /home

Where to look next?

Regards,
Ronald

More information about the Freeipa-users mailing list