Discussion:
[Freeipa-users] [freeipa-users] Problem managing Autofs with FreeIPA
Jon
2016-02-01 22:11:32 UTC
Permalink
Hello,

I am attempting to configure autofs to automount home directories from an
NFS server.

I'm following these instructions as this was the only contiguous "here's
what you need to do" instructions as the FreeIPA and Fedora documentation
seems to contradict itself, and there's no clear cut a. then b. then c.
(Admittedly, this is my first foray into managing home dirs this way, so
I'm learning all around :) but I need a bit of direction...)

First things first, can anyone confirm these directions are correct please?


http://blog.delouw.ch/2015/03/14/using-ipa-to-provide-automount-maps-for-nfsv4-home-directories/

I'm going to assume they are for the purposes of the rest of the post.

I'm currently working with three servers:
freeipa01 - The FreeIPA server
home-dir01 - The Home directory NFS server
ipa-test01 - My test server where I'm making changes/trying to mount the
home directory.

ipa-test01 is the only CentOS 6.5 machine (no choice, it's the "production
blessed" image), freeipa01 and home-dir01 are both CentOS7.

Following those above linked instructions, I have created the following
----------------------------
1 automount location matched
----------------------------
Location: default
----------------------------
Number of entries returned 1
----------------------------
Location: default
------------------------
3 automount maps matched
------------------------
Map: auto.direct
Map: auto.home
Map: auto.master
----------------------------
Number of entries returned 3
----------------------------
-----------------------
1 automount key matched
-----------------------
Key: *
Mount information: -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192
home-dir01.sub.domain.mydomain.com:/exports/home/&
----------------------------
Number of entries returned 1
----------------------------
/exports/home *(rw,no_root_squash,sec=sys:krb5:krb5i:krb5p)
At some point I generated this error. I have been unable to reproduce
it... Included for completeness of my reporting but I don't think it's
currently an issue.
Feb 1 15:43:19 ipa-test01 rpc.gssd[1371]: ERROR: No credentials found
for connection to server home-dir01.sub.domain.mydomain.com


Without an entry in /etc/hosts I receive the following error when
user pid=1777 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct="
***@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=?
terminal=/dev/pts/0 res=success'
Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: unable to resolve
2605:1c00:50f2:300a:aaaa:56ff:ffff:442a to hostname: Temporary failure in
name resolution
Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: failed to read service
info
Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: unable to resolve
192.168.10.250 to hostname: Name or service not known
Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: failed to read service
info


So I added the entry in /etc/hosts for my nfs server (will fix in DNS, but
we use 3rd party DNS service that is not integrated with AD...), I get the
following error (repeated attempts to sudo), note the "res=success"
ipa-test01:/var/log/messages
Feb 1 16:16:38 ipa-test01 kernel: __ratelimit: 90 callbacks suppressed
user pid=1632 uid=0 auid=0 ses=1 msg='cwd="/root" cmd="-sh" terminal=pts/0
res=success'
user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="***@mydomain.com"
exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct="
***@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=?
terminal=/dev/pts/0 res=success'
user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:session_close acct="
***@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=?
terminal=/dev/pts/0 res=success'
user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="***@mydomain.com"
exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
user pid=1635 uid=0 auid=0 ses=1 msg='cwd="/root" cmd="-sh" terminal=pts/0
res=success'
user pid=1635 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="***@mydomain.com"
exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
user pid=1635 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct="
***@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=?
terminal=/dev/pts/0 res=success'
user pid=1635 uid=0 auid=0 ses=1 msg='op=PAM:session_close acct="
***@mydomain.com" exe="/usr/bin/sudo" hostname=? addr=?
terminal=/dev/pts/0 res=success'
user pid=1635 uid=0 auid=0 ses=1 msg='op=PAM:setcred acct="***@mydomain.com"
exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
sudo: unable to change directory to /home/mydomain.com/jona: No such
file or directory
sudo: unable to execute /bin/sh: No such file or directory
sudo: unable to change directory to /home/mydomain.com/jona: No such
file or directory
sudo: unable to execute /bin/sh: No such file or directory
sudo: unable to change directory to /home/mydomain.com/jona: No such
file or directory
sudo: unable to execute /bin/sh: No such file or directory
So clearly, it's not mounting the homedir, but I'm not producing any kind
of error message... Note that I have no problem mounting this directory
/home/
home-dir01.sub.domain.mydomain.com:/exports/home/ on /home type nfs
(rw,vers=4,addr=2605:1c00:50f2:300a:aaaa:56ff:ffff:442a,clientaddr=2605:1c00:50f2:300a:aaaa:56ff:ffff:dbf6)



Interestingly enough, when I create an /etc/auto.home, I'm able to mount my
/exports/home/&
Stopping automount: [ OK ]
Starting automount: [ OK ]
-sh-4.1$ pwd
/home/mydomain.com/jona
-sh-4.1$ mount | grep home
/dev/mapper/rootvg-home on /home type ext4 (rw,nodev)
192.168.10.250:/exports/home/mydomain.com on /home/mydomain.com type nfs
(rw,nosuid,soft,intr,rsize=8192,wsize=8192,tcp,sloppy,vers=4,addr=192.168.10.250,clientaddr=192.168.10.84)
rm: remove regular file `/etc/auto.home'? y
Stopping automount: [ OK ]
Starting automount: [ OK ]
sudo: unable to change directory to /home/mydomain.com/jona: No such
file or directory
sudo: unable to execute /bin/sh: No such file or directory
But I think this counts as part of the "files" in the line in my
automount: sss files
If I'm understanding correctly, the server should pull all of this
information from LDAP on where to mount from/to and should not have a local
configuration file for dealing with "LDAP Managed" mount points.

At this point I'm stumped. None of the guides or previous mailing lists
seem to discuss this specific issue... Can anyone provide some further
ideas for troubleshooting my setup please?


Also, because I'm working with an AD domain, my login credentials are
***@mydomain.com which means my home directory is /home/mydomain.com/jona,
so when any user from the AD domain logs into this server, all home dirs
will be mounted since we're mounting home-dir01:/exports/home/mydomain.com
to ipa-test01:/home/mydomain.com, right? Is there anyway to force more
granular mounting of home directories?

Thanks for the assistance!

Best Regards,
Jon A
Jakub Hrozek
2016-02-02 08:41:59 UTC
Permalink
Post by Jon
Hello,
I am attempting to configure autofs to automount home directories from an
NFS server.
I'm following these instructions as this was the only contiguous "here's
what you need to do" instructions as the FreeIPA and Fedora documentation
seems to contradict itself, and there's no clear cut a. then b. then c.
(Admittedly, this is my first foray into managing home dirs this way, so
I'm learning all around :) but I need a bit of direction...)
First things first, can anyone confirm these directions are correct please?
http://blog.delouw.ch/2015/03/14/using-ipa-to-provide-automount-maps-for-nfsv4-home-directories/
I'm going to assume they are for the purposes of the rest of the post.
freeipa01 - The FreeIPA server
home-dir01 - The Home directory NFS server
ipa-test01 - My test server where I'm making changes/trying to mount the
home directory.
ipa-test01 is the only CentOS 6.5 machine (no choice, it's the "production
blessed" image), freeipa01 and home-dir01 are both CentOS7.
Following those above linked instructions, I have created the following
----------------------------
1 automount location matched
----------------------------
Location: default
----------------------------
Number of entries returned 1
----------------------------
Location: default
------------------------
3 automount maps matched
------------------------
Map: auto.direct
Map: auto.home
Map: auto.master
----------------------------
Number of entries returned 3
----------------------------
-----------------------
1 automount key matched
-----------------------
Key: *
Mount information: -fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192
home-dir01.sub.domain.mydomain.com:/exports/home/&
----------------------------
Number of entries returned 1
----------------------------
/exports/home *(rw,no_root_squash,sec=sys:krb5:krb5i:krb5p)
At some point I generated this error. I have been unable to reproduce
it... Included for completeness of my reporting but I don't think it's
currently an issue.
Feb 1 15:43:19 ipa-test01 rpc.gssd[1371]: ERROR: No credentials found
for connection to server home-dir01.sub.domain.mydomain.com
Without an entry in /etc/hosts I receive the following error when
user pid=1777 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct="
terminal=/dev/pts/0 res=success'
Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: unable to resolve
2605:1c00:50f2:300a:aaaa:56ff:ffff:442a to hostname: Temporary failure in
name resolution
Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: failed to read service
info
Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: unable to resolve
192.168.10.250 to hostname: Name or service not known
Feb 1 16:22:22 ipa-test01 rpc.gssd[1371]: ERROR: failed to read service
info
So I added the entry in /etc/hosts for my nfs server (will fix in DNS, but
we use 3rd party DNS service that is not integrated with AD...), I get the
following error (repeated attempts to sudo), note the "res=success"
ipa-test01:/var/log/messages
Feb 1 16:16:38 ipa-test01 kernel: __ratelimit: 90 callbacks suppressed
user pid=1632 uid=0 auid=0 ses=1 msg='cwd="/root" cmd="-sh" terminal=pts/0
res=success'
exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct="
terminal=/dev/pts/0 res=success'
user pid=1632 uid=0 auid=0 ses=1 msg='op=PAM:session_close acct="
terminal=/dev/pts/0 res=success'
exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
user pid=1635 uid=0 auid=0 ses=1 msg='cwd="/root" cmd="-sh" terminal=pts/0
res=success'
exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
user pid=1635 uid=0 auid=0 ses=1 msg='op=PAM:session_open acct="
terminal=/dev/pts/0 res=success'
user pid=1635 uid=0 auid=0 ses=1 msg='op=PAM:session_close acct="
terminal=/dev/pts/0 res=success'
exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/0 res=success'
sudo: unable to change directory to /home/mydomain.com/jona: No such
file or directory
sudo: unable to execute /bin/sh: No such file or directory
sudo: unable to change directory to /home/mydomain.com/jona: No such
file or directory
sudo: unable to execute /bin/sh: No such file or directory
sudo: unable to change directory to /home/mydomain.com/jona: No such
file or directory
sudo: unable to execute /bin/sh: No such file or directory
So clearly, it's not mounting the homedir, but I'm not producing any kind
of error message... Note that I have no problem mounting this directory
/home/
home-dir01.sub.domain.mydomain.com:/exports/home/ on /home type nfs
(rw,vers=4,addr=2605:1c00:50f2:300a:aaaa:56ff:ffff:442a,clientaddr=2605:1c00:50f2:300a:aaaa:56ff:ffff:dbf6)
Interestingly enough, when I create an /etc/auto.home, I'm able to mount my
/exports/home/&
Stopping automount: [ OK ]
Starting automount: [ OK ]
-sh-4.1$ pwd
/home/mydomain.com/jona
-sh-4.1$ mount | grep home
/dev/mapper/rootvg-home on /home type ext4 (rw,nodev)
192.168.10.250:/exports/home/mydomain.com on /home/mydomain.com type nfs
(rw,nosuid,soft,intr,rsize=8192,wsize=8192,tcp,sloppy,vers=4,addr=192.168.10.250,clientaddr=192.168.10.84)
rm: remove regular file `/etc/auto.home'? y
Stopping automount: [ OK ]
Starting automount: [ OK ]
sudo: unable to change directory to /home/mydomain.com/jona: No such
file or directory
sudo: unable to execute /bin/sh: No such file or directory
But I think this counts as part of the "files" in the line in my
automount: sss files
If I'm understanding correctly, the server should pull all of this
information from LDAP on where to mount from/to and should not have a local
configuration file for dealing with "LDAP Managed" mount points.
At this point I'm stumped. None of the guides or previous mailing lists
seem to discuss this specific issue... Can anyone provide some further
ideas for troubleshooting my setup please?
Also, because I'm working with an AD domain, my login credentials are
so when any user from the AD domain logs into this server, all home dirs
will be mounted since we're mounting home-dir01:/exports/home/mydomain.com
to ipa-test01:/home/mydomain.com, right? Is there anyway to force more
granular mounting of home directories?
Thanks for the assistance!
You'll want to make sure the mount entry and key is returned by
automounter from the sss module. Normally I test it like this:
- make sure the autofs service is enabled in sssd.conf
- enable debug_level=7 in the [autofs] and [domain] services
- restart sssd
- run "automounter -m" in the foreground
- look at the automounter output and the sssd logs for clues..

btw is auto.home linked to auto.master ?
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
Loading...