On Wed, 2013-09-11 at 07:10 +0300, Alexander Bokovoy wrote:
> Hi Dean,
>
> On Tue, 10 Sep 2013, Dean Hunter wrote:
> >How do I determine the cause of this problem?
> >
> > [dean@ipa2 ~]$ ssh dean@desktop2
> > Last login: Tue Sep 10 21:10:01 2013 from ipa2.hunter.org
> > Could not chdir to home directory /home/net/dean: Permission
> > denied
> > -bash: /home/net/dean/.bash_profile: Permission denied
> >
> > -bash-4.2$ rpm -q freeipa-client
> > freeipa-client-3.1.5-1.fc18.x86_64
> > -bash-4.2$
> >
> >I can log in as dean on desktop2 using gdm without a problem. But when
> >I try to log in using ssh then I am denied access to the user's home
> >directory.
> Is there any SELinux AVC in the logs? Is /home/net an NFS mount? Does
> use_nfs_home_dirs SELinux boolean set to on? (getsebool -a|grep home)
>
1) Is there any SELinux AVC in the logs?
[dean@desktop2 ~]$ sudo ausearch --message avc
<no matches>
2) Is /home/net an NFS mount? Yes
3) Is use_nfs_home_dirs SELinux boolean set to on?
[dean@desktop2 ~]$ getsebool use_nfs_home_dirs
use_nfs_home_dirs --> on
Here is the script I use to configure IPA NFS clients:
# Configure the Network File System client
setsebool -P use_nfs_home_dirs on
cat /usr/lib/systemd/system/nfs-secure.service \
| sed -e s/WantedBy=nfs.target/WantedBy=multi-user.target/ \
> /etc/systemd/system/nfs-secure.service #
RedHat bug 972363
ipa-client-automount \\
--location VM \\
--unattended
sed -i 's/sss files/ files sss/g' /etc/nsswitch.conf #
FreeIPA bug 3733
systemctl restart sssd.service #
FreeIPA bug 3733
systemctl restart autofs.service #
FreeIPA bug 3733
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
