On Wed, Mar 27, 2013 at 11:10:37AM -0400, Sutton, Harry (GSE) wrote:
On 03/27/2013 10:46 AM, Stephen Gallagher wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wed 27 Mar 2013 10:14:21 AM EDT, Sutton, Harry (GSE) wrote:
>>Okay, on my Fedora 18 laptop, I can login to my system as an
>>Active Directory user (sssd-ad), both via ssh from a remote system
>>and locally through one of the console (Ctrl-Alt-F2) screens. (I
>>haven't succeeded in getting the GDM login process to work yet.)
>>But in both login cases, I end up in / as my current directory; the
>>home directory does not get created.
>>
>>The oddjobd daemon is running, and I have an entry for
>>pam_oddjob_mkhomedir in /etc/pam.d/system-auth, (and it shows as
>>'enabled' in the output of authconfig --test) but the directory
>>isn't created on login. I apologize if this question has been asked
>>and answered before, but I'm under some time pressure to complete
>>a training seminar here at HP for making RHEL / AD Integration work
>>and I don't have the time to sift through the list archives.
>>
>>I can provide configuration files and debug log output on request,
>>but I've gone through most of it and haven't found an obvious cause
>>for this problem. Any suggestions would be greatly appreciated.
>>
>Check whether a home directory is listed when you run 'getent passwd
><username>' for a valid user. It should look something like below:
>
>sgallagh:*:99999:99999:Stephen Gallagher:/home/sgallagh:/bin/bash
>
>
>If you don't have a home directory between the GECOS and shell fields
>in that output, it probably means that you don't have a
>unixHomedirectory specified in ActiveDirectory. In that case, you
>probably want to set the option:
>fallback_homedir = /home/%u
>
>(See sssd-ad(5) for more detail on the options that can take). This
>will tell SSSD to assign a home directory according to that template
>if it's not offered by AD. (AD's version will override this if it
>becomes set. If you don't want that, we also have the override_homedir
>option which forces the local version to win)
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.13 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
>
>iEYEARECAAYFAlFTBk8ACgkQeiVVYja6o6O/LwCeKrF463XIee8ru8SJi/9YyO7O
>sNQAniepvUimWXxu3e4RERUHoJwJo9An
>=lsMu
>-----END PGP SIGNATURE-----
>_______________________________________________
>sssd-users mailing list
>sssd-users(a)lists.fedorahosted.org
>https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Thanks, Stephen - that solved the directory problem. I had tried
manually enforcing creation with 'create_homedir = true', which is
the default behavior, but it didn't occur to me to set
fallback_homedir.
create_homedir is an option that is only valid for a domain that has
id_provider set to "local". We keep the option for the local domain in
the main sssd.conf file and they keep confusing users. We should split
them or explain them better:
https://fedorahosted.org/sssd/ticket/1850
My AD entry does have an LDAP attribute of "homeDirectory"
but not
"unixHomedirectory".
Then you can override the default by setting:
ldap_user_home_directory = homeDirectory
I have a couple other questions to ask, but rather than pollute this
topic thread I'll post another message to the list. Thanks a million
for the quick turnaround.
/Harry