SSSD 1.11 and AD homeDirectory

Pasi Kärkkäinen pasik at iki.fi
Fri Sep 20 11:19:02 UTC 2013


On Wed, Sep 11, 2013 at 05:32:29PM -0400, Simo Sorce wrote:
> On Wed, 2013-09-11 at 15:26 -0500, Jeffrey Ollie wrote:
> > On Wed, Sep 11, 2013 at 3:07 PM, Simo Sorce <simo at redhat.com> wrote:
> > >
> > > Almost certainly you do not want a home directory backed by a cifs
> > > filesystem, however if you really do I suggest you configure autofs and
> > > cifs with multi-user mounts on your machine.
> > 
> > It's not a question of "want", I'm trying to integrate a Fedora
> > desktop(s) as seamlessly as possible into an existing Active Directory
> > environment, and that means having a user's personal files accessible
> > as seamlessly as possible. 
> 
> Having a 'separate' path accessible, and using a Windows share as the
> home directory for a unix-like machine are quite different things.
> Not even windows machine have their profile on a network share.
> 
> >  The new AD support in SSSD 1.11 means that
> > the AD admins don't need to extend the AD schema and maintain the new
> > attributes.
> 
> I know I helped build that.
> 
> > > You will not be able to have the home directory be specified by the AD
> > > server though unless you want to cleverly use the unixHomeDirectory
> > > attribute (and your windows admin properly populates it for each user).
> > 
> > The actual attribute in AD is "homeDirectory" and is populated with
> > UNC paths to the user's home directory.
> 
> That's the windows attribute yes, and homeDrive has the drive letter to
> use (IIRC).
> 
> >   I'll have to dig into autofs to see if it can do what I want.
> 
> autofs won't have access to the arbitrary UNC stored in AD, but it may
> be a good feature request for SSSD.
> We do have autofs support in SSSD, maybe we could have some special
> module for AD to fake up an autofs configuration out of the Windows
> homeDirectory for use with a cifs mount point.
> 
> May be worth opening a RFE upstream.
> 

Automatically mounting per-user windows-shares sounds like something that definitely should be supported. 
Did you already open a RFE? 

-- Pasi



More information about the devel mailing list