[Freeipa-users] Problem automounting home shares

Jason B. Nance jason at tresgeek.net
Wed Apr 12 12:55:32 UTC 2017 

Hi Ronald,

> Some details regarding my setup: I have a CentOS 7.3 machine acting as
> an NFS server. It is a host within my IPA domain and enrolled as an IPA
> client.
> 
> [root at ipanfs ~]# cat /etc/exports
> 
> /homeshare	*(rw,sec=krb5:krb5i:krb5p)

This isn't related to your issue but you have your exports setup as if you're using NFSv3.  They will still work, of course, but you aren't taking advantage of the pseudo filesystem.  For example, you could have something such as:

/etc/exports:

    /export *(rw,sync,crossmnt,no_subtree_check,sec=krb5:krb5i:krb5p,fsid=0)

Then:

    mkdir -p /export/homeshare
    mount -o bind /homeshare /export/homeshare

(or even /home if you have autofs disabled on your NFS server)

It may be worth some Googling to see if you care about the benefits, but again, it isn't why you are having issues.

> I defined a automount location called ipauserhome. In this location I
> have a map called auto.home with this content:
> 
> *     -fstype=nfs4,rw,sec=krb5 ipanfs.linux.oebb.at:/homeshare/&
> 
> On an ipa client I just did "ipa-client-automount
> --location=ipauserhome" and "authconfig --enablemkhomedir --update".

You cannot use indirect mounting and enablemkhomedir at the same time.  Indirect mounts require that the directory you are attempting to mount already exists on the NFS server and that you let autofs fully manage the "parent" directory on the client machine.  In this case, no one other than autofs can create directories in the top-level of /home on your clients (/home/<user> is a different story).

So you either need to pre-create the home directories on your NFS server (including ownership, permissions, and any "skel" stuff you want in there like a default .bashrc) or you need to direct mount /home altogether and lose the benefits of indirect mounting (which may not matter to you).

> but for some reason it works not as expected. SELinux is set to
> permissive on both NFS server and the ipa client. Nevertheless, I get a
> suspicious message in /var/log/messages:

In permissive mode SELinux messages are still displayed in the logs but not enforced.  This allows you to troubleshoot SELinux-related issues.

To use NFS home directories with NFS you need to run the following on the client systems:

    setsebool -P use_nfs_home_dirs on

Regards,

j

More information about the Freeipa-users mailing list