<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
On 05/12/2011 03:30 PM, nasir nasir wrote:
<blockquote cite="mid:176006.55176.qm@web161301.mail.bf1.yahoo.com"
type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div>Adam,</div>
<div><br>
</div>
<div>I tried to follow your recommendations with RHEL 6.1
beta on server and client machine. Centralized login and
such things work. I have NFS service too working. But
automount is not working. For the time being I
configured my server as NFS server and created a folder
/export as a share for creating home folder. I have <b>pam_oddjob_mkhomedir.so
</b>enabled in pam files for autocreation of home
folders. Now I can manually mount the /export nfs share
on the server and the client successfully. But when I do
that on server for testing and try to login as a new
user(e.g abc), it is not creating home folder. It gives
the following error,</div>
<div><br>
</div>
<div>
<div><b>oddjob-mkhomedir[16401]: error setting
permissions on /home/abc: Operation not permitted</b></div>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
It might be a root squash issue. My guess is that the order of
operations for creating a root directory, which is done by root, is:<br>
<br>
1. mkdir /home/userid<br>
2. chown uid:gid /home/userid<br>
<br>
It sounds from the error message that the first stage happened, but
NFS is not allowing the second stage. To confirm, as a root (and
kinit admin) user on the client machine, just try these two steps in
order and see if they still fail.<br>
<br>
chown is a different system call from mkdir, and might have
different nfs enforced permissions. You probably need rwx
permissions in /etc/export.<br>
<br>
<br>
<br>
<br>
<blockquote cite="mid:176006.55176.qm@web161301.mail.bf1.yahoo.com"
type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div><br>
</div>
<div>I have given 777 for my /export and rw permission in
/etc/export. Output of the command <b>ipa
automountlocation-tofiles default</b>.</div>
<div><br>
</div>
<div>
<div><b><br>
</b></div>
<div><b>/etc/auto.master:</b></div>
<div><b>/- /etc/auto.direct</b></div>
<div><b>/share /etc/auto.share</b></div>
<div><b>/home /etc/auto.home</b></div>
<div><b>---------------------------</b></div>
<div><b>/etc/auto.direct:</b></div>
<div><b>---------------------------</b></div>
<div><b>/etc/auto.share:</b></div>
<div><b>---------------------------</b></div>
<div><b>/etc/auto.home:</b></div>
<div><b>*
-rw,nfs4,sec=krb5,soft,rsize=8192,wsize=8192
openipa.cohort.org:/export/home/&</b></div>
<div><b> </b></div>
</div>
<div>I tried reading many docs(RHEL deployment guide,
google, FreeIPA doc etc). The problem is that they are
confusing and conflicting in many cases. <br>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
There is a lot of old information on the site that needs to be
updated to 2.0, and we are working on that. the more input (tickets
logged into Trac) we can get for that the better.<br>
<br>
<blockquote cite="mid:176006.55176.qm@web161301.mail.bf1.yahoo.com"
type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div><br>
</div>
Please advice me how to proceed.
<div><br>
</div>
<div>Thanks and Regards,</div>
<div>Nidal</div>
<div><br>
<blockquote style="border-left: 2px solid rgb(16, 16,
255); margin-left: 5px; padding-left: 5px;">
<div id="yiv240516515">
<blockquote type="cite">
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="font: inherit;" valign="top">
<div>
<div>
<div>
<blockquote style="border-left: 2px
solid rgb(16, 16, 255);
margin-left: 5px; padding-left:
5px;">
<div id="yiv240516515">
<blockquote type="cite">
<table border="0"
cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<td style="font:
inherit;" valign="top">
<div>
<blockquote
style="font-family:
arial; font-size:
10pt; border-left:
2px solid rgb(16,
16, 255);
margin-left: 5px;
padding-left:
5px;">
<div
id="yiv240516515">
<blockquote
type="cite">
<table
border="0"
cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<td
style="font:
inherit;"
valign="top">
<div>
<blockquote
style="border-left:
2px solid
rgb(16, 16,
255);
margin-left:
5px;
padding-left:
5px;">
<div
id="yiv240516515"><br>
Nidal,<br>
<br>
OK, I'd
probably do
something like
this: After
install IPA,
add one host
as an IPA
client with
the following
switch:
--mkhomedir,,
something
like
ipa-client-install
--mkhomedir -p
admin. Then,
mount the
directory that
you are going
to use a /home
on that
machine. Once
you create
users in IPA,
the first time
you log in as
that user, do
so from that
client, and it
will attempt
to create the
home directory
for you.
This should be
the only
machine that
has
permissions to
create
directories
under /home.
Now, create an
automount
location and
map, and
create a key
for /home<br>
<br>
The
instructions
from our test
day should get
you started:<br>
<br>
<a
moz-do-not-send="true"
rel="nofollow"
class="yiv240516515moz-txt-link-freetext" target="_blank"
href="https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount">https://fedoraproject.org/wiki/QA:Testcase_freeipav2_automount</a><br>
<br>
<br>
</div>
</blockquote>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</div>
</blockquote>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</div>
</blockquote>
</div>
</div>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</div>
</blockquote>
</div>
</td>
</tr>
</tbody>
</table>
</blockquote>
<br>
</body>
</html>