I have an openldap server I set up on cent os 7. I blended it to work with all my other VMs that mount a nfs mount from a nfs server for their /home.
I just figured out that if I create a new ldap user, and try to log into some VM it lets me login but states how it cannot create /home/user and is unable to chngdir to it.
But I also learned if I first ssh user@mynfsserver It logs in, creates the appropriate /home/user and then after that I can ssh to any other VM with my ldapuser and it works just fine no longer complains about being able to not create the folder in home for said user.
I use autofs on each VM with a home.map file, it looks to have the right permissions:
* -fstype=nfs,rw,nosuid,soft 10.10.1.139:/home/&
so this feels like some sort of permission issue with users getting errors logging into a VM with their newly created ldap credentials. But if that same user logs into the 10.10.1.139 (nfs server where home is mapped from), then it seems to let them log into the VMs with no unable to create /home/user errors anymore.
Does my openldap server have to be made aware of the nfs server somehow?
Aside from the hiccup of having to log into the nfs server first, I can goto another VM touch a file in that home folder and bingo it is on any other VM I log into. So it is like 95% working, just annoying to have to first log into nfserver with ldap user to make the /home/user creation work on other VMs first.
The automatic creation of new home directories is done by root, but by default root is mapped to the anonymous user on nfs mounts and therefore the home directory can't be created on all nfs clients. Add
no_root_squash
to your line in/etc/exports
on your nfs server to disable this and runsudo exportfs -ra
for the changes to take effect. So based on your comment it should look like this:This will allow root access to the mounted nfs filesystem on all clients.
However this has some implications. From the exportfs manpage: