Randy Morgan
CSR
Department of Chemistry and Biochemistry
Brigham Young University
801-422-4100
On 03/28/2018 13:19, Rob Crittenden wrote:
Randy Morgan via FreeIPA-users wrote:

We have been working to get automounting working on RHEL 7.4 without any
success.  I am including how the server has been built, ipa-client
installed and configured, etc.  I will also include the relevant parts
of the logs.

 1.
    Install RHEL 7.4 or other required version
 2.
    subscription-manager register
 3.
    Type username and password
 4.
    subscription-manager repos –enable=rhel-7-server-rpms
 5.
    subscription-manager repos –enable=rhel-7-server-extras-rpms
 6.
    subscription-manager repos –enable=rhel-7-server-optional-rpms
 7.
    yum instll –y
    http://dl.fedoraproject.org/pub/epel/x86_64/Packages/e/epel-release-7-11.noarch.rpm
    (or whatever the latest is)
 8.
    yum update && install -y samba samba-client samba-common cifs-utils
 9.
    yum install –y ipa-client
10.
    yum update -y
11.
    install ipa-client: ipa-client-install –enable-dns-updates
    –force-join –ssh-trust-dns –hostname <host>.chem.byu.edu –mkhomedir
12.
    ipa-client-automount –location=defualt
13.
    authconfig –enablemkhomedir –updateall
14.
    ipa-getkeytab -s ipa1.chem.byu.edu -p nfs/<host>.chem.byu.edu -k
    /etc/krb5.keytab
15.
    ipa-getkeytab -s ipa1.chem.byu.edu -p cifs/<host>.chem.byu.edu -k
    /etc/krb5.keytab

After getting everything setup, when logging in with an IPA user account
it acts like it is logging in but then immediately returns to the login
page.  Looking in the logs shows the following:

Mar 27 12:33:41 jdmlab1 journal: g_task_return_error: assertion 'error
!= NULL' failed
Mar 27 12:33:41 jdmlab1 journal: failed to set screen _ICC_PROFILE:
Failed to open file
'/var/lib/gdm/.local/share/icc/edid-dcf60fecec69cef7bcda72bf1bbc37f5.icc':
Permission denied
Mar 27 12:33:41 jdmlab1 journal: failed to set screen _ICC_PROFILE:
Failed to open file
'/var/lib/gdm/.local/share/icc/edid-dcf60fecec69cef7bcda72bf1bbc37f5.icc':
Permission denied
Mar 27 12:34:00 jdmlab1 systemd-logind: New session 3 of user randym.
Mar 27 12:34:00 jdmlab1 systemd: Started Session 3 of user randym.
Mar 27 12:34:00 jdmlab1 systemd: Starting Session 3 of user randym.
Mar 27 12:34:00 jdmlab1 oddjob-mkhomedir[4291]: error creating
/home/csr/randym: No such file or directory
Mar 27 12:34:04 jdmlab1 gnome-session: gnome-session-binary[4053]:
WARNING: Lost name on bus: org.gnome.SessionManager
Mar 27 12:34:04 jdmlab1 gnome-session-binary[4053]: WARNING: Lost name
on bus: org.gnome.SessionManager
Mar 27 12:34:04 jdmlab1 journal: Error releasing name
org.gnome.SettingsDaemon: The connection is closed
Mar 27 12:34:04 jdmlab1 journal: Invalid id 5 passed to g_bus_unown_name()
Mar 27 12:34:04 jdmlab1 journal: failed to connect to device: Failed to
connect to missing device
/org/freedesktop/ColorManager/devices/xrandr_Dell_Inc__DELL_1800FP_7R47737N01PX_gdm_42
Mar 27 12:34:05 jdmlab1 gnome-session: gnome-session-binary[4338]:
WARNING: IceLockAuthFile failed: No such file or directory
Mar 27 12:34:05 jdmlab1 gnome-session-binary[4338]: WARNING:
IceLockAuthFile failed: No such file or directory

The home directories are found on the fileserver, and are both NFS and
SMB mountable.  We have successfully gotten this to work on RHEL 6.9,
and I believe on RHEL 7.2, but not on RHEL 7.4.  Searching through the
relevant config files shows no differences in their configurations
between any of the different versions including 7.4.

Does automount work for existing directories?
Let me see if I can muddy the waters a little more, or if I am lucky clear things up a little.  We are using autofs to mount nfs volumes located on the fileserver:
bash-4.2$ mount
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
devtmpfs on /dev type devtmpfs (rw,nosuid,size=36900652k,nr_inodes=9225163,mode=755)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
configfs on /sys/kernel/config type configfs (rw,relatime)
/dev/mapper/rhel-root on / type xfs (rw,relatime,attr2,inode64,noquota)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
mqueue on /dev/mqueue type mqueue (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
sunrpc on /proc/fs/nfsd type nfsd (rw,relatime)
/dev/sda2 on /boot type xfs (rw,relatime,attr2,inode64,noquota)
/dev/mapper/rhel-home on /home type xfs (rw,relatime,attr2,inode64,noquota)
tmpfs on /run/user/42 type tmpfs (rw,nosuid,nodev,relatime,size=7381988k,mode=700,uid=42,gid=42)
/etc/auto.misc on /misc type autofs (rw,relatime,fd=6,pgrp=2992,timeout=300,minproto=5,maxproto=5,indirect)
-hosts on /net type autofs (rw,relatime,fd=12,pgrp=2992,timeout=300,minproto=5,maxproto=5,indirect)
auto.faculty on /home/faculty type autofs (rw,relatime,fd=18,pgrp=2992,timeout=600,minproto=5,maxproto=5,indirect)
auto.postdoc on /home/postdoc type autofs (rw,relatime,fd=24,pgrp=2992,timeout=600,minproto=5,maxproto=5,indirect)
auto.researcher on /home/research type autofs (rw,relatime,fd=30,pgrp=2992,timeout=600,minproto=5,maxproto=5,indirect)
auto.other on /home/other type autofs (rw,relatime,fd=36,pgrp=2992,timeout=600,minproto=5,maxproto=5,indirect)
auto.students on /home/students type autofs (rw,relatime,fd=42,pgrp=2992,timeout=600,minproto=5,maxproto=5,indirect)
auto.csr on /home/csr type autofs (rw,relatime,fd=48,pgrp=2992,timeout=600,minproto=5,maxproto=5,indirect)
auto.research_shares on /groups/research type autofs (rw,relatime,fd=54,pgrp=2992,timeout=600,minproto=5,maxproto=5,indirect)
auto.staff on /home/staff type autofs (rw,relatime,fd=60,pgrp=2992,timeout=600,minproto=5,maxproto=5,indirect)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=7381988k,mode=700)

When the login, which should automatically connect the users homedir located in one of the autofs volumes, takes place the following is what happens:

Mar 28 15:29:05 jdmlab1 dracut: *** Creating image file ***

Mar 28 15:29:08 jdmlab1 systemd: Created slice User Slice of randym.

Mar 28 15:29:08 jdmlab1 systemd: Starting User Slice of randym.

Mar 28 15:29:08 jdmlab1 systemd-logind: New session 1 of user randym.

Mar 28 15:29:08 jdmlab1 systemd: Started Session 1 of user randym.

Mar 28 15:29:08 jdmlab1 systemd: Starting Session 1 of user randym.

Mar 28 15:29:08 jdmlab1 oddjobd: Error org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown: Could not determine security context for ':1.39'.

Mar 28 15:29:08 jdmlab1 oddjob-mkhomedir[11771]: error creating /home/csr/randym: Permission denied

Mar 28 15:29:10 jdmlab1 colord: device removed: xrandr-Dell Inc.-DELL 1800FP-7R47737N01PX

Mar 28 15:29:10 jdmlab1 colord: Profile removed: icc-523909406475d8b7f92f093531d0b19f

Mar 28 15:29:10 jdmlab1 /etc/gdm/Xsession: mkdir: cannot create directory â/home/csr/randymâ: Permission denied

Mar 28 15:29:10 jdmlab1 /etc/gdm/Xsession: touch: cannot touch â/home/csr/randym/.cache/imsettings/logâ: No such file or directorr

y

Mar 28 15:29:11 jdmlab1 kernel: fuse init (API version 7.22)

Mar 28 15:29:11 jdmlab1 systemd: Mounting FUSE Control File System...

Mar 28 15:29:11 jdmlab1 systemd: Mounted FUSE Control File System.

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: /usr/libexec/imsettings-functions: line 37: /home/csr/randym/.cache/imsettings/log: No such file or directory

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: Can't create dir /home/csr/randym/Desktop

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: Can't create dir /home/csr/randym/Downloads

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: Can't create dir /home/csr/randym/Templates

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: Can't create dir /home/csr/randym/Public

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: Can't create dir /home/csr/randym/Documents

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: Can't create dir /home/csr/randym/Music

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: Can't create dir /home/csr/randym/Pictures

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: Can't create dir /home/csr/randym/Videos

Mar 28 15:29:11 jdmlab1 /etc/gdm/Xsession: mkdir: cannot create directory â/home/csr/randymâ: Permission denied

Mar 28 15:29:11 jdmlab1 gnome-session[11776]: WARNING: IceLockAuthFile failed: No such file or directory

Mar 28 15:29:11 jdmlab1 gnome-session: gnome-session[11776]: WARNING: IceLockAuthFile failed: No such file or directory

Mar 28 15:29:12 jdmlab1 kernel: [drm] mga base 0

Mar 28 15:29:12 jdmlab1 gdm: GLib-GObject: g_object_ref: assertion 'object->ref_count > 0' failed

Mar 28 15:29:12 jdmlab1 gdm: GLib-GObject: g_object_unref: assertion 'object->ref_count > 0' failed

Mar 28 15:29:12 jdmlab1 dbus[2195]: [system] Rejected send message, 1 matched rules; type="method_call", sender=":1.9" (uid=0 pid=2283 comm="/usr/sbin/gdm ") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.45" (uid=0 pid=11981 comm="/usr/libexec/gdm-simple-slave --display-id /org/gn")

Mar 28 15:29:12 jdmlab1 dbus-daemon: dbus[2195]: [system] Rejected send message, 1 matched rules; type="method_call", sender=":1.9" (uid=0 pid=2283 comm="/usr/sbin/gdm ") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.45" (uid=0 pid=11981 comm="/usr/libexec/gdm-simple-slave --display-id /org/gn")


What we are trying to figure out is why it is attempting to create a local copy of the users homedir folder, and is this necessary in order for logins to take place.  As can be seen above any attempt to create this local folder in the correct autofs mounted volume leads to a permission denied response and the login fails.

Hope that is as clear as mud.

Randy

Are you saying that in RHEL 7.2 and 6.9 you use oddjobd to automatically
create new user directories on NFS mounts?

rob