I am currently running Fedora 32. I have 5 servers, 7 client machines, which will grow to 15 client machines before the end of the year. My current issue is that I have set up FreeIPA following the Fedora 18 Documentation on FreeIPA currently available of docs.fedoraproject.org and I am aware that some later documentation might become available when the move is completed.
My network is setup such that:
domain: hoststate.domain.tld
realm: HOSTSTATE.DOMAIN.TLD
controllers: svr1.hoststate.domain.tld, srv2.hoststate.domain.tld
nfs-server: srv3.hoststate.domain.tld
Regardless of how I try to set up the NFS Server, when I follow the instructions to setup the /home shares, the NFS server maps the directory over its own /home, and ends up with the directory being empty, and the users cannot log in on any machine. How do I get it so that the NFS Server does not do this, and instead allows the client machines to see what it has available.
NOTE: I tested working with other shares as well “/mediadata” for the company Documents/Presentations/Video Training, but the same thing is happening, so obviously I’m a moron and doing something incorrectly, but I cannot find any documentation that helps me to isolate this issue.
Please let me know what files/information beyond the above will help to isolate the issue and I will make it available as soon as possible.
I know this is an old post, but I figured I’d reply with something hopefully helpful for you, if you haven’t yet figured out your issue. I’m not sure how you’re getting everything setup (eg the commands), but here are the commands I use for myself and have no issues.
Steps on a FreeIPA server:
# FreeIPA steps
% kinit admin
% ipa service-add nfs/nfs.example.com
# This may not be required, but it doesn't hurt.
% ipa service-add nfs/client.example.com
# Setup the automounting locations for /home, similar can be done for
# other directories.
% ipa automountmap-add default auto.home
% ipa automountkey-add default --key "/home" --info auto.home auto.master
% ipa automountkey-add default --key "*" \
--info "-fstype=nfs4,rw,sec=krb5,soft nfs.example.com:/exports/home/&" \
auto.home
On the NFS server:
# NFS Server Steps
% yum install nfs-utils -y
# I put all exports in /exports, just for the sake of my own sanity
% mkdir /exports/home
% vi /etc/exports
/exports/home *(rw,sec=sys:krb5:krb5i:krb5p)
% vi /etc/sysconfig/nfs
SECURE_NFS="yes"
# Make the home directories for all users and move them to /export/home
% mkhomedir_helper jsmith
% mv /home/jsmith /export/home/
# Create the necessary keytabs
% kinit admin
% ipa-getkeytab -s idm1.example.com \
-p nfs/nfs.example.com \
-k /etc/krb5.keytab
# Verify keytab
% klist -ket /etc/krb5.keytab
# Enable and start nfs
% systemctl enable nfs-server --now
# Open the necessary firewall ports
% firewall-cmd --add-service=nfs --permanent
% firewall-cmd --complete-reload
You can go ahead and test and see what happens. Note that you’ll see errors in journalctl or /var/log/messages (if using RHEL or rsyslog on Fedora) if you run into any issues.