So I would have to setup an ID View Override for every user in AD that needs to 
login to to a FreeIPA host? 

I guess I’m having trouble understanding why it wouldn’t just use the defaults 
set into FreeIPA? The Default home directory is set to /home and the default 
shell is set to /bin/bash. 

This is a lot of work to go to unless there’s a way to set it globally for the 
entire domain. Also noticing sudo doesn’t work for those users even though I 
have the ad_admins group added to the sudo group I created. 


Regards,
------------------------------------------
Aric Wilisch
awili...@gmail.com




> On Apr 15, 2015, at 2:00 PM, Alexander Bokovoy <aboko...@redhat.com> wrote:
> 
> On Wed, 15 Apr 2015, Aric Wilisch wrote:
>> Today I managed to finally get a trust established between my AD Domain and 
>> my FreeIPA 4 environment.
>> 
>> However I’m noticing a couple issues and hope someone might be able to give 
>> me some help.
>> 
>> First when the user logs in it creates their home directory in
>> /home/fioptics/<username> rather than /home/<username>. I read that you
>> had to put subdomain_homedir= /home in /etc/sssd/sssd.conf but that
>> didn’t seem to fix it.
>> 
>> Also the FreeIPA environment is set to use /bin/bash as the shell,
>> however everyone from AD is logging in and using /bin/sh.
>> 
>> I’m hoping if I can get these issues sorted out the other issues I”m
>> seeing with go as well, but if they don’t I can address those at that
>> time.
> These issues are addressed with IDViews functionality in FreeIPA 4.1.
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id-views.html
>  
> <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id-views.html>
> 
> I have a 'sneak peak' videos of how this feature works:
> http://talks.vda.li/video/freeipa-idviews-override-shell-and-homedir.webm 
> <http://talks.vda.li/video/freeipa-idviews-override-shell-and-homedir.webm>
> http://talks.vda.li/video/freeipa-idviews-override-public-ssh-key.webm 
> <http://talks.vda.li/video/freeipa-idviews-override-public-ssh-key.webm>
> These are draft sequences, no sound or subtitles so you need to read
> documentation too :)
> -- 
> / Alexander Bokovoy

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to