[Freeipa-users] Re: Kerberos/IdM and NFS ACLs

I figured it out, everything actually works out of the box.

This script should get things going:

#!/bin/bash

# This script presumes a RL 8.4+ "Minimal Install" ready machine which has been prepped # for OTP install in IPA. Also, /export is the dir/volume being exported as NFS.

dnf upgrade -y

dnf install -y ipa-client ipa-client-install -U -w myonetimepassword

dnf install -y nfs-utils nfs4-acl-tools

cat <<EOF > /etc/exports /export *(rw,sec=sys,no_subtree_check,root_squash,async) EOF

systemctl enable --now nfs-idmapd.service systemctl enable --now nfs-server.service

exportfs -arv

firewall-cmd --permanent --add-service=nfs firewall-cmd --permanent --add-service=rpc-bind firewall-cmd --permanent --add-service=mountd firewall-cmd --reload

reboot