Okay, on my Fedora 18 laptop, I can login to my system as an Active Directory user (sssd-ad), both via ssh from a remote system and locally through one of the console (Ctrl-Alt-F2) screens. (I haven't succeeded in getting the GDM login process to work yet.) But in both login cases, I end up in / as my current directory; the home directory does not get created.
The oddjobd daemon is running, and I have an entry for pam_oddjob_mkhomedir in /etc/pam.d/system-auth, (and it shows as 'enabled' in the output of authconfig --test) but the directory isn't created on login. I apologize if this question has been asked and answered before, but I'm under some time pressure to complete a training seminar here at HP for making RHEL / AD Integration work and I don't have the time to sift through the list archives.
I can provide configuration files and debug log output on request, but I've gone through most of it and haven't found an obvious cause for this problem. Any suggestions would be greatly appreciated.
Regards,
/Harry Sutton, HP
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed 27 Mar 2013 10:14:21 AM EDT, Sutton, Harry (GSE) wrote:
Okay, on my Fedora 18 laptop, I can login to my system as an Active Directory user (sssd-ad), both via ssh from a remote system and locally through one of the console (Ctrl-Alt-F2) screens. (I haven't succeeded in getting the GDM login process to work yet.) But in both login cases, I end up in / as my current directory; the home directory does not get created.
The oddjobd daemon is running, and I have an entry for pam_oddjob_mkhomedir in /etc/pam.d/system-auth, (and it shows as 'enabled' in the output of authconfig --test) but the directory isn't created on login. I apologize if this question has been asked and answered before, but I'm under some time pressure to complete a training seminar here at HP for making RHEL / AD Integration work and I don't have the time to sift through the list archives.
I can provide configuration files and debug log output on request, but I've gone through most of it and haven't found an obvious cause for this problem. Any suggestions would be greatly appreciated.
Check whether a home directory is listed when you run 'getent passwd <username>' for a valid user. It should look something like below:
sgallagh:*:99999:99999:Stephen Gallagher:/home/sgallagh:/bin/bash
If you don't have a home directory between the GECOS and shell fields in that output, it probably means that you don't have a unixHomedirectory specified in ActiveDirectory. In that case, you probably want to set the option: fallback_homedir = /home/%u
(See sssd-ad(5) for more detail on the options that can take). This will tell SSSD to assign a home directory according to that template if it's not offered by AD. (AD's version will override this if it becomes set. If you don't want that, we also have the override_homedir option which forces the local version to win)
On 03/27/2013 10:46 AM, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed 27 Mar 2013 10:14:21 AM EDT, Sutton, Harry (GSE) wrote:
Okay, on my Fedora 18 laptop, I can login to my system as an Active Directory user (sssd-ad), both via ssh from a remote system and locally through one of the console (Ctrl-Alt-F2) screens. (I haven't succeeded in getting the GDM login process to work yet.) But in both login cases, I end up in / as my current directory; the home directory does not get created.
The oddjobd daemon is running, and I have an entry for pam_oddjob_mkhomedir in /etc/pam.d/system-auth, (and it shows as 'enabled' in the output of authconfig --test) but the directory isn't created on login. I apologize if this question has been asked and answered before, but I'm under some time pressure to complete a training seminar here at HP for making RHEL / AD Integration work and I don't have the time to sift through the list archives.
I can provide configuration files and debug log output on request, but I've gone through most of it and haven't found an obvious cause for this problem. Any suggestions would be greatly appreciated.
Check whether a home directory is listed when you run 'getent passwd <username>' for a valid user. It should look something like below:
sgallagh:*:99999:99999:Stephen Gallagher:/home/sgallagh:/bin/bash
If you don't have a home directory between the GECOS and shell fields in that output, it probably means that you don't have a unixHomedirectory specified in ActiveDirectory. In that case, you probably want to set the option: fallback_homedir = /home/%u
(See sssd-ad(5) for more detail on the options that can take). This will tell SSSD to assign a home directory according to that template if it's not offered by AD. (AD's version will override this if it becomes set. If you don't want that, we also have the override_homedir option which forces the local version to win) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFTBk8ACgkQeiVVYja6o6O/LwCeKrF463XIee8ru8SJi/9YyO7O sNQAniepvUimWXxu3e4RERUHoJwJo9An =lsMu -----END PGP SIGNATURE----- _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Thanks, Stephen - that solved the directory problem. I had tried manually enforcing creation with 'create_homedir = true', which is the default behavior, but it didn't occur to me to set fallback_homedir.
My AD entry does have an LDAP attribute of "homeDirectory" but not "unixHomedirectory".
I have a couple other questions to ask, but rather than pollute this topic thread I'll post another message to the list. Thanks a million for the quick turnaround.
/Harry
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed 27 Mar 2013 11:10:37 AM EDT, Sutton, Harry (GSE) wrote:
Thanks, Stephen - that solved the directory problem. I had tried manually enforcing creation with 'create_homedir = true', which is the default behavior, but it didn't occur to me to set fallback_homedir.
I'm not sure where you came up with 'create_homedir', but this option has no meaning except in 'id_provider = local'. It's there so that if you create a new user in the local provider, it will automatically create that user's home directory. It has no effect in any other ID provider (LDAP, AD, IPA, etc.)
On Wed, Mar 27, 2013 at 11:10:37AM -0400, Sutton, Harry (GSE) wrote:
On 03/27/2013 10:46 AM, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed 27 Mar 2013 10:14:21 AM EDT, Sutton, Harry (GSE) wrote:
Okay, on my Fedora 18 laptop, I can login to my system as an Active Directory user (sssd-ad), both via ssh from a remote system and locally through one of the console (Ctrl-Alt-F2) screens. (I haven't succeeded in getting the GDM login process to work yet.) But in both login cases, I end up in / as my current directory; the home directory does not get created.
The oddjobd daemon is running, and I have an entry for pam_oddjob_mkhomedir in /etc/pam.d/system-auth, (and it shows as 'enabled' in the output of authconfig --test) but the directory isn't created on login. I apologize if this question has been asked and answered before, but I'm under some time pressure to complete a training seminar here at HP for making RHEL / AD Integration work and I don't have the time to sift through the list archives.
I can provide configuration files and debug log output on request, but I've gone through most of it and haven't found an obvious cause for this problem. Any suggestions would be greatly appreciated.
Check whether a home directory is listed when you run 'getent passwd <username>' for a valid user. It should look something like below:
sgallagh:*:99999:99999:Stephen Gallagher:/home/sgallagh:/bin/bash
If you don't have a home directory between the GECOS and shell fields in that output, it probably means that you don't have a unixHomedirectory specified in ActiveDirectory. In that case, you probably want to set the option: fallback_homedir = /home/%u
(See sssd-ad(5) for more detail on the options that can take). This will tell SSSD to assign a home directory according to that template if it's not offered by AD. (AD's version will override this if it becomes set. If you don't want that, we also have the override_homedir option which forces the local version to win) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFTBk8ACgkQeiVVYja6o6O/LwCeKrF463XIee8ru8SJi/9YyO7O sNQAniepvUimWXxu3e4RERUHoJwJo9An =lsMu -----END PGP SIGNATURE----- _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Thanks, Stephen - that solved the directory problem. I had tried manually enforcing creation with 'create_homedir = true', which is the default behavior, but it didn't occur to me to set fallback_homedir.
create_homedir is an option that is only valid for a domain that has id_provider set to "local". We keep the option for the local domain in the main sssd.conf file and they keep confusing users. We should split them or explain them better: https://fedorahosted.org/sssd/ticket/1850
My AD entry does have an LDAP attribute of "homeDirectory" but not "unixHomedirectory".
Then you can override the default by setting: ldap_user_home_directory = homeDirectory
I have a couple other questions to ask, but rather than pollute this topic thread I'll post another message to the list. Thanks a million for the quick turnaround.
/Harry
On Wed, 2013-03-27 at 16:17 +0100, Jakub Hrozek wrote:
On Wed, Mar 27, 2013 at 11:10:37AM -0400, Sutton, Harry (GSE) wrote:
On 03/27/2013 10:46 AM, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed 27 Mar 2013 10:14:21 AM EDT, Sutton, Harry (GSE) wrote:
Okay, on my Fedora 18 laptop, I can login to my system as an Active Directory user (sssd-ad), both via ssh from a remote system and locally through one of the console (Ctrl-Alt-F2) screens. (I haven't succeeded in getting the GDM login process to work yet.) But in both login cases, I end up in / as my current directory; the home directory does not get created.
The oddjobd daemon is running, and I have an entry for pam_oddjob_mkhomedir in /etc/pam.d/system-auth, (and it shows as 'enabled' in the output of authconfig --test) but the directory isn't created on login. I apologize if this question has been asked and answered before, but I'm under some time pressure to complete a training seminar here at HP for making RHEL / AD Integration work and I don't have the time to sift through the list archives.
I can provide configuration files and debug log output on request, but I've gone through most of it and haven't found an obvious cause for this problem. Any suggestions would be greatly appreciated.
Check whether a home directory is listed when you run 'getent passwd <username>' for a valid user. It should look something like below:
sgallagh:*:99999:99999:Stephen Gallagher:/home/sgallagh:/bin/bash
If you don't have a home directory between the GECOS and shell fields in that output, it probably means that you don't have a unixHomedirectory specified in ActiveDirectory. In that case, you probably want to set the option: fallback_homedir = /home/%u
(See sssd-ad(5) for more detail on the options that can take). This will tell SSSD to assign a home directory according to that template if it's not offered by AD. (AD's version will override this if it becomes set. If you don't want that, we also have the override_homedir option which forces the local version to win) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFTBk8ACgkQeiVVYja6o6O/LwCeKrF463XIee8ru8SJi/9YyO7O sNQAniepvUimWXxu3e4RERUHoJwJo9An =lsMu -----END PGP SIGNATURE----- _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Thanks, Stephen - that solved the directory problem. I had tried manually enforcing creation with 'create_homedir = true', which is the default behavior, but it didn't occur to me to set fallback_homedir.
create_homedir is an option that is only valid for a domain that has id_provider set to "local". We keep the option for the local domain in the main sssd.conf file and they keep confusing users. We should split them or explain them better: https://fedorahosted.org/sssd/ticket/1850
My AD entry does have an LDAP attribute of "homeDirectory" but not "unixHomedirectory".
Then you can override the default by setting: ldap_user_home_directory = homeDirectory
Not sure this is advisable, what you find in homeDirectory is usually a string in a form you can't use as a unix home directory, hence why they also have the explicit unixHomeDirectory attribute.
Simo.
On Wed, Mar 27, 2013 at 12:11:02PM -0400, Simo Sorce wrote:
On Wed, 2013-03-27 at 16:17 +0100, Jakub Hrozek wrote:
On Wed, Mar 27, 2013 at 11:10:37AM -0400, Sutton, Harry (GSE) wrote:
On 03/27/2013 10:46 AM, Stephen Gallagher wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed 27 Mar 2013 10:14:21 AM EDT, Sutton, Harry (GSE) wrote:
Okay, on my Fedora 18 laptop, I can login to my system as an Active Directory user (sssd-ad), both via ssh from a remote system and locally through one of the console (Ctrl-Alt-F2) screens. (I haven't succeeded in getting the GDM login process to work yet.) But in both login cases, I end up in / as my current directory; the home directory does not get created.
The oddjobd daemon is running, and I have an entry for pam_oddjob_mkhomedir in /etc/pam.d/system-auth, (and it shows as 'enabled' in the output of authconfig --test) but the directory isn't created on login. I apologize if this question has been asked and answered before, but I'm under some time pressure to complete a training seminar here at HP for making RHEL / AD Integration work and I don't have the time to sift through the list archives.
I can provide configuration files and debug log output on request, but I've gone through most of it and haven't found an obvious cause for this problem. Any suggestions would be greatly appreciated.
Check whether a home directory is listed when you run 'getent passwd <username>' for a valid user. It should look something like below:
sgallagh:*:99999:99999:Stephen Gallagher:/home/sgallagh:/bin/bash
If you don't have a home directory between the GECOS and shell fields in that output, it probably means that you don't have a unixHomedirectory specified in ActiveDirectory. In that case, you probably want to set the option: fallback_homedir = /home/%u
(See sssd-ad(5) for more detail on the options that can take). This will tell SSSD to assign a home directory according to that template if it's not offered by AD. (AD's version will override this if it becomes set. If you don't want that, we also have the override_homedir option which forces the local version to win) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFTBk8ACgkQeiVVYja6o6O/LwCeKrF463XIee8ru8SJi/9YyO7O sNQAniepvUimWXxu3e4RERUHoJwJo9An =lsMu -----END PGP SIGNATURE----- _______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
Thanks, Stephen - that solved the directory problem. I had tried manually enforcing creation with 'create_homedir = true', which is the default behavior, but it didn't occur to me to set fallback_homedir.
create_homedir is an option that is only valid for a domain that has id_provider set to "local". We keep the option for the local domain in the main sssd.conf file and they keep confusing users. We should split them or explain them better: https://fedorahosted.org/sssd/ticket/1850
My AD entry does have an LDAP attribute of "homeDirectory" but not "unixHomedirectory".
Then you can override the default by setting: ldap_user_home_directory = homeDirectory
Not sure this is advisable, what you find in homeDirectory is usually a string in a form you can't use as a unix home directory, hence why they also have the explicit unixHomeDirectory attribute.
Ah, sorry, in that case you are right. I was under the impression that in Harry's case it contained the unix home dir.
sssd-users@lists.fedorahosted.org
-
Jakub Hrozek -
Simo Sorce -
Stephen Gallagher -
Sutton, Harry (GSSE)