<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;"><div style="font-family: arial; font-size: 10pt; ">Adam/Nalin,</div><div style="font-family: arial; font-size: 10pt; "><br></div><div style="font-family: arial; font-size: 10pt; ">Two cases,</div><div style="font-family: arial; font-size: 10pt; "><br></div><div style="font-family: arial; font-size: 10pt; "> 1) When I am testing this by manually mounting the nfs share(which is <b>/xtra</b> )on the NFS server itself using the following command,</div><div><font class="Apple-style-span" face="arial" size="2"><b><br></b></font></div><div><font class="Apple-style-span" face="arial" size="2"><b> #mount -vvvv -t nfs4 -o sec=krb5 nfsserver.cohort.org:/ /home</b></font></div><div><br></div><div>I get whatever problem I described in previous mail(permission issues). Now this could be because here IPA is not managing the user/group permissions
completely(Correct me if I am wrong in this assumption) and all the problem you described happen.</div><div><br></div><div>2) When I DO NOT mount manually and instead I try to login as a new user on the nfsserver machine, It creates the home folder for this user on the /home partition of nfsserver machine because automount is NOT working and hence there is no mounted partition to confuse things. </div><div>So to be able to test it properly, I need to fix the issue in automount and get the case #2 tested and working properly with /home automatically mounted from the nfsserver. </div><div>This is my "<b>ipa automountlocation-tofiles default" </b>output,</div><div><br></div><div><div><b>/etc/auto.master:</b></div><div><b>/- /etc/auto.direct</b></div><div><b>/share /etc/auto.share</b></div><div><b>/home
/etc/auto.home</b></div><div><b>---------------------------</b></div><div><b>/etc/auto.direct:</b></div><div><b>---------------------------</b></div><div><b>/etc/auto.share:</b></div><div><b>---------------------------</b></div><div><b>/etc/auto.home:</b></div><div><b>* -rw,sec=krb5,soft,rsize=8192,wsize=8192 nfsserver.cohort.org:/xtra/home/&</b></div></div><div><br></div><div><b><br></b></div><div>Is this OK ? Please help.</div><div><br></div><div>Thanks and regards,</div><div>Nidal</div><div><br></div><div><b><br></b></div><font class="Apple-style-span" face="arial" size="2">--- On </font><b style="font-family: arial; font-size: 10pt; ">Fri, 5/13/11, Adam Young <i><ayoung@redhat.com></i></b><font class="Apple-style-span" face="arial" size="2"> wrote:</font><br><blockquote style="font-family: arial; font-size: 10pt; border-left-width: 2px; border-left-style: solid; border-left-color: rgb(16, 16, 255); margin-left: 5px;
padding-left: 5px; "><br>From: Adam Young <ayoung@redhat.com><br>Subject: Re: [Freeipa-users] FreeIPA for Linux desktop deployment<br>To: "nasir nasir" <kollathodi@yahoo.com><br>Cc: freeipa-users@redhat.com<br>Date: Friday, May 13, 2011, 9:29 AM<br><br><div id="yiv13236186">
On 05/13/2011 12:13 PM, nasir nasir wrote:
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div>Adam,</div>
<div><br>
</div>
<div>Thanks indeed!</div>
<div><br>
</div>
<div>I tried your suggestions. </div>
<div><br>
</div>
<div> -- I can mkdir</div>
<div> -- When I try to chown, I get the following error</div>
<div><br>
</div>
<div>
<div><b>chown: changing ownership of `nasir': Operation
not permitted</b></div>
</div>
<div><br>
</div>
<div>Could you please explain me what do you mean by 'You
probably need rwx permissions in /etc/export' ? This is
my /etc/export file,</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
see the '(rw' in those lines? That indicates read and write
privs, but not execute. <br>
<br>
I'm not an nfs guru, so I might be wrong. this post suggests that I
am wrong: <br>
<br>
<a rel="nofollow" class="yiv13236186moz-txt-link-freetext" target="_blank" href="http://jackhammer.org/node/7">http://jackhammer.org/node/7</a><br>
<br>
SInce IPA is managing the IDs, they should be in sync across the NFS
and autmounted client machines, but there might be something not
right in the setup. if the IPA server isn't managing the machine
that serves as your NFS server, then the IDs are certainly going to
be out of sync.<br>
<br>
<br>
<br>
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div><br>
</div>
<div>
<div><b>/xtra
*(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
<div><b>/xtra
gss/krb5(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
<div><b>/xtra
gss/krb5i(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
<div><b>/xtra
gss/krb5p(rw,fsid=0,insecure,no_root_squash,no_subtree_check)</b></div>
</div>
<div><br>
</div>
<div>Also, I have configured a separate client machine
(RHEL 6.1) and configured it as NFS server (previously
my NFS server was IPA server itself) and the result is
same. All the above commands are from this client
machine only.</div>
<div><br>
</div>
<div>Thanks indeed again!</div>
<div><br>
</div>
<div>Regards,</div>
<div>Nidal</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<blockquote style="border-left:2px solid rgb(16, 16,
255);margin-left:5px;padding-left:5px;">
<div id="yiv13236186">
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font:inherit;" valign="top">
<div><font class="yiv13236186Apple-style-span" size="2"><br>
</font> </div>
<div>
<div><b>oddjob-mkhomedir[16401]: error
setting permissions on /home/abc:
Operation not permitted</b></div>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
It might be a root squash issue. My guess is that
the order of operations for creating a root
directory, which is done by root, is:<br>
<br>
1. mkdir /home/userid<br>
2. chown uid:gid /home/userid<br>
<br>
It sounds from the error message that the first
stage happened, but NFS is not allowing the second
stage. To confirm, as a root (and kinit admin)
user on the client machine, just try these two steps
in order and see if they still fail.<br>
<br>
chown is a different system call from mkdir, and
might have different nfs enforced permissions. You
probably need rwx permissions in /etc/export.</div>
<div id="yiv13236186"> </div>
</blockquote>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</div></blockquote></td></tr></table>