Today I managed to finally get a trust established between my AD Domain and my FreeIPA 4 environment.
However I’m noticing a couple issues and hope someone might be able to give me some help. First when the user logs in it creates their home directory in /home/fioptics/<username> rather than /home/<username>. I read that you had to put subdomain_homedir= /home in /etc/sssd/sssd.conf but that didn’t seem to fix it. Also the FreeIPA environment is set to use /bin/bash as the shell, however everyone from AD is logging in and using /bin/sh. I’m hoping if I can get these issues sorted out the other issues I”m seeing with go as well, but if they don’t I can address those at that time. Let me know what I would need to post in order to help. I’m including the sssd.conf and krb5.conf file below. I appreciate any help anyone can give. ————————— sssd.conf includedir /var/lib/sss/pubconf/krb5.include.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = STAGING.FIOPTICS.INT dns_lookup_realm = false dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] STAGING.FIOPTICS.INT = { kdc = stip01.staging.fioptics.int:88 master_kdc = stip01.staging.fioptics.int:88 admin_server = stip01.staging.fioptics.int:749 default_domain = staging.fioptics.int pkinit_anchors = FILE:/etc/ipa/ca.crt auth_to_local = RULE:[1:$1@$0](^.*@AD_DOMAIN$)s/@AD_DOMAIN/@ad_domain/ auth_to_local = DEFAULT } [domain_realm] .staging.fioptics.int = STAGING.FIOPTICS.INT staging.fioptics.int = STAGING.FIOPTICS.INT [dbmodules] STAGING.FIOPTICS.INT = { db_library = ipadb.so } ———————————————— krb5.conf includedir /var/lib/sss/pubconf/krb5.include.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = STAGING.FIOPTICS.INT dns_lookup_realm = false dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes udp_preference_limit = 0 default_ccache_name = KEYRING:persistent:%{uid} [realms] STAGING.FIOPTICS.INT = { kdc = stip01.staging.fioptics.int:88 master_kdc = stip01.staging.fioptics.int:88 admin_server = stip01.staging.fioptics.int:749 default_domain = staging.fioptics.int pkinit_anchors = FILE:/etc/ipa/ca.crt auth_to_local = RULE:[1:$1@$0](^.*@AD_DOMAIN$)s/@AD_DOMAIN/@ad_domain/ auth_to_local = DEFAULT } [domain_realm] .staging.fioptics.int = STAGING.FIOPTICS.INT staging.fioptics.int = STAGING.FIOPTICS.INT [dbmodules] STAGING.FIOPTICS.INT = { db_library = ipadb.so } Regards, ------------------------------------------ Aric Wilisch awili...@gmail.com -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project