This is how use the automounter to automatically create home directories for 
ipa users under /export/home/ and mount them under /home/ on Solaris 10, as 
well as copy over the profile files and assign appropriate owner and group:
We first created a service account called "auth" in ipa to allow ldap lookups 
with no password expiration

On the clients create a "mkhomedir" script in /usr/local/adm (or where ever you 
like):#!/bin/ksh -p

HOMEDIRPATH=/home

PHYSICALDIRPATH=/export/home

hdir=~$1

phdir="$PHYSICALDIRPATH/$1"

if [ -d "$phdir" ]; then
        echo "localhost:$phdir"
        exit
fi

mkdir -p $phdir

#Perform ldap lookup to get user and group of logged in user 
GID=`ldapsearch -h idmserver.example.com -D 
"uid=auth,cn=users,cn=accounts,dc=example,d
c=com" -w 'authpassword' -b "cn=users,cn=accounts,dc=example,dc=com" "(uid=$1)"
 | grep gid | cut -d " " -f2`

#Copy profile filescp /etc/skel/.bash_profile $phdir/.bash_profile
cp /etc/skel/.bashrc $phdir/.bashrc
cp /etc/skel/.profile $phdir/.profile
cp /etc/skel/.vimrc $phdir/.vimrc

#Change the owner and group to logged in user
chown -R "$1":"$GID" $phdir

echo "localhost:$phdir"
######END########
You need to change permissions on the "mkhomedir" script to 755


Login to client directly as root so you can move home directories around (edit 
/etc/ssh/sshd_config if needed to allow this)

Ensure no one else is logged in
Ensure nothing else is mounted in /export/homeCopy home directories to 
/export/home 
rsync -av /home/ /export/home/
Add this line to the /etc/auto_master file so the "mkhomedir" script runs at 
login
/home           /usr/local/adm/mkhomedir
Remove original /home/ directories
rm -rf /home/*
Restart autofs so the change takes effect
svcadm restart autofs
Make sure you change your sshd_config back if you don't wish to allow root ssh 
access.
   From: freeipa-users-boun...@redhat.com 
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Ben .T.George
Sent: Wednesday, March 11, 2015 11:22 AM
To: dpal
Cc: freeipa-users
Subject: Re: [Freeipa-users] how can i create home directories automatically on 
solaris while IPA user login  from BZ  "While we value your interest in IPA 
Solaris support, the implementation of the DUA profile is not on our nearest 
schedule at the moment. We lack both knowledge and resources to focus on 
integration with Solaris. This is where we need a help (ideally patches) and 
contribution from the community to help us push these features in.I checked 
your example DUAConfigProfile and I think it cannot be just added to FreeIPA 
right away. E.g. for defaultServerList or preferredServerList, you would need 
to expand installers and ipa-replica-manage to handle these lists and update 
them when replica is added or updated to prevent it being outdated. printers or 
aliases serviceSearchDescriptor refers to objects not being available and so 
on. It is not as straightforward as it seems.  What I think that we can work on 
is to work together 
onhttp://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10...
 and add all the steps needed to make IPA work on Solaris 10. I could for 
example prepare an updated page and you could review it. Would that work for 
you?"  this what i followed util now. but's not authenticate with AD, IPA user 
can login on solaris box      On Wed, Mar 11, 2015 at 9:11 PM, Dmitri Pal 
<d...@redhat.com> wrote:On 03/11/2015 01:56 PM, Ben .T.George wrote:
HI   yea , i saw that mail thread and he claims that he achieved somehow. but 
not clear.  and the  steps mentioned is too technical for me. :) as i am very 
new to IPA it's bit confusing.   later that thread also closed without proper 
explanation.   i think you guys can contact him to change existing wiki :) as 
there are many solaris related documents which is pretty old.  anyway still 
waiting for rply

Have you found the BZ? They are very detailed.
https://bugzilla.redhat.com/show_bug.cgi?id=815515
The DUA profile is attached to the bug.


  Regards,Ben  On Wed, Mar 11, 2015 at 8:49 PM, Dmitri Pal <d...@redhat.com> 
wrote:On 03/11/2015 01:18 PM, Ben .T.George wrote:
HI    thanks for the rply.  even i tried native auto_master file with directory 
checking script. if i feed the user manually to the script, the directory is 
creating and while login request comes, it didn't.  i don't think no one did 
full solaris integration util now as i asked many questions related to that.  
now i am little bit confident up to this level. and if everything is working 
fine, i will try to create automated script for IPA join

I really do not know Solaris that well. There are some threads from this and 
last week about Solaris. You can find them in the mail archive for March.
There are pointers to wikis and bugzillas in those threads. The bugzilla bugs 
have some extended info on how to configure Solaris clients. They were pretty 
detailed. May be they have the automount info you are looking for. 


  Regards,Ben      On Wed, Mar 11, 2015 at 7:32 PM, Dmitri Pal 
<d...@redhat.com> wrote:On 03/11/2015 09:50 AM, Ben .T.George wrote:
HI   i can able to reach upto level that IPA user can able to login on solaris 
box,  but how can i create home directories automatically on solaris while IPA 
user login.  even i change the shell in IPA web interface that is getting 
affected. i saw some option in IPA 3.3 web interface like automount and that is 
not in IPA 4.1.2 

All the options are still there. The menus got re-arranged a bit.
Hopefully someone with a Solaris knowledge will help you with the rest.


  please anyone tell me where it is and how can i achieve this  regards,Ben  


-- Thank you,Dmitri Pal  Sr. Engineering Manager IdM portfolioRed Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project  


-- Thank you,Dmitri Pal  Sr. Engineering Manager IdM portfolioRed Hat, Inc.  


-- Thank you,Dmitri Pal  Sr. Engineering Manager IdM portfolioRed Hat, Inc.  

  
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to