HI

i tried both method and still it's not creating the home directories

regards,
Ben

On Wed, Mar 11, 2015 at 11:35 PM, sipazzo <sipa...@yahoo.com> wrote:

> This is how use the automounter to automatically create home directories
> for ipa users under /export/home/ and mount them under /home/ on Solaris
> 10, as well as copy over the profile files and assign appropriate owner and
> group:
>
> We first created a service account called "auth" in ipa to allow ldap
> lookups with no password expiration
>
> On the clients create a "mkhomedir" script in /usr/local/adm (or where
> ever you like):
> #!/bin/ksh -p
>
> HOMEDIRPATH=/home
>
> PHYSICALDIRPATH=/export/home
>
> hdir=~$1
>
> phdir="$PHYSICALDIRPATH/$1"
>
> if [ -d "$phdir" ]; then
>         echo "localhost:$phdir"
>         exit
> fi
>
> mkdir -p $phdir
>
> #Perform ldap lookup to get user and group of logged in user
> GID=`ldapsearch -h idmserver.example.com -D
> "uid=auth,cn=users,cn=accounts,dc=example,d
> c=com" -w 'authpassword' -b "cn=users,cn=accounts,dc=example,dc=com"
> "(uid=$1)"
>  | grep gid | cut -d " " -f2`
>
> #Copy profile files
> cp /etc/skel/.bash_profile $phdir/.bash_profile
> cp /etc/skel/.bashrc $phdir/.bashrc
> cp /etc/skel/.profile $phdir/.profile
> cp /etc/skel/.vimrc $phdir/.vimrc
>
> #Change the owner and group to logged in user
> chown -R "$1":"$GID" $phdir
>
> echo "localhost:$phdir"
>
> ######END########
>
> You need to change permissions on the "mkhomedir" script to 755
>
>
> Login to client directly as root so you can move home directories around
> (edit /etc/ssh/sshd_config if needed to allow this)
>
> Ensure no one else is logged in
> Ensure nothing else is mounted in /export/home
> Copy home directories to /export/home
> rsync -av /home/ /export/home/
>
> Add this line to the /etc/auto_master file so the "mkhomedir" script runs
> at login
> /home           /usr/local/adm/mkhomedir
>
> Remove original /home/ directories
> rm -rf /home/*
>
> Restart autofs so the change takes effect
> svcadm restart autofs
>
> Make sure you change your sshd_config back if you don't wish to allow root
> ssh access.
>  ------------------------------
> *From:* freeipa-users-boun...@redhat.com [mailto:
> freeipa-users-boun...@redhat.com] *On Behalf Of *Ben .T.George
> *Sent:* Wednesday, March 11, 2015 11:22 AM
> *To:* dpal
> *Cc:* freeipa-users
> *Subject:* Re: [Freeipa-users] how can i create home directories
> automatically on solaris while IPA user login
>
> from BZ
>
> "While we value your interest in IPA Solaris support, the implementation
> of the DUA profile is not on our nearest schedule at the moment. We lack
> both knowledge and resources to focus on integration with Solaris. This is
> where we need a help (ideally patches) and contribution from the community
> to help us push these features in.
>
> I checked your example DUAConfigProfile and I think it cannot be just added 
> to FreeIPA right away. E.g. for defaultServerList or preferredServerList, you 
> would need to expand installers and ipa-replica-manage to handle these lists 
> and update them when replica is added or updated to prevent it being 
> outdated. printers or aliases serviceSearchDescriptor refers to objects not 
> being available and so on. It is not as straightforward as it seems.
>
>
>
> What I think that we can work on is to work together on
>
> http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_Solaris.html#Configuring_an_IPA_Client_on_Solaris_10
>
> ... and add all the steps needed to make IPA work on Solaris 10. I could for 
> example prepare an updated page and you could review it. Would that work for 
> you?"
>
>
>
> this what i followed util now. but's not authenticate with AD, IPA user can 
> login on solaris box
>
>
>
>
>
>
> On Wed, Mar 11, 2015 at 9:11 PM, Dmitri Pal <d...@redhat.com> wrote:
> On 03/11/2015 01:56 PM, Ben .T.George wrote:
>
> HI
>
> yea , i saw that mail thread and he claims that he achieved somehow. but
> not clear.
>
> and the  steps mentioned is too technical for me. :) as i am very new to
> IPA it's bit confusing.
>
> later that thread also closed without proper explanation.
>
> i think you guys can contact him to change existing wiki :) as there are
> many solaris related documents which is pretty old.
>
> anyway still waiting for rply
>
>
> Have you found the BZ? They are very detailed.
> https://bugzilla.redhat.com/show_bug.cgi?id=815515
> The DUA profile is attached to the bug.
>
>
>
>
> Regards,
> Ben
>
> On Wed, Mar 11, 2015 at 8:49 PM, Dmitri Pal <d...@redhat.com> wrote:
> On 03/11/2015 01:18 PM, Ben .T.George wrote:
>
> HI
>
> thanks for the rply.
>
> even i tried native auto_master file with directory checking script. if i
> feed the user manually to the script, the directory is creating and while
> login request comes, it didn't.
>
> i don't think no one did full solaris integration util now as i asked many
> questions related to that.
>
> now i am little bit confident up to this level. and if everything is
> working fine, i will try to create automated script for IPA join
>
>
> I really do not know Solaris that well. There are some threads from this
> and last week about Solaris. You can find them in the mail archive for
> March.
> There are pointers to wikis and bugzillas in those threads. The bugzilla
> bugs have some extended info on how to configure Solaris clients. They were
> pretty detailed. May be they have the automount info you are looking for.
>
>
>
>
> Regards,
> Ben
>
>
>
> On Wed, Mar 11, 2015 at 7:32 PM, Dmitri Pal <d...@redhat.com> wrote:
> On 03/11/2015 09:50 AM, Ben .T.George wrote:
>
> HI
>
> i can able to reach upto level that IPA user can able to login on solaris
> box,
>
> but how can i create home directories automatically on solaris while IPA
> user login.
>
> even i change the shell in IPA web interface that is getting affected. i
> saw some option in IPA 3.3 web interface like automount and that is not in
> IPA 4.1.2
>
>
> All the options are still there. The menus got re-arranged a bit.
> Hopefully someone with a Solaris knowledge will help you with the rest.
>
>
>
> please anyone tell me where it is and how can i achieve this
>
> regards,
> Ben
>
>
>
>
> --
>
> Thank you,
>
> Dmitri Pal
>
>
>
> Sr. Engineering Manager IdM portfolio
>
> Red Hat, Inc.
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
>
>
> --
>
> Thank you,
>
> Dmitri Pal
>
>
>
> Sr. Engineering Manager IdM portfolio
>
> Red Hat, Inc.
>
>
>
>
>
> --
>
> Thank you,
>
> Dmitri Pal
>
>
>
> Sr. Engineering Manager IdM portfolio
>
> Red Hat, Inc.
>
>
>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to