Re: [Freeipa-users] How to handle users with multiple homedirs on different machines?
On Thu, Jun 04, 2015 at 05:06:03PM -0600, swartz wrote: On Wed, Jun 3, 2015 at 12:29 AM, Lukas Slebodnik lsleb...@redhat.com wrote: However sssd is available just on linux (or FreeBSD) I'm not sure which clients do you use on Solaris or other Solaris would be configured via LDAP. RedHat appears to have a pretty good guide for doing this. Same goes for any other systems lacking sssd client or so I hope. As an example, I have user Bob. On a Linux box Bob has homedir at /home/b/bob ^ Unfortunatelly, there's no way how to say sssd to use just first letter from name. Hmmm. Is time for a feature request? Should this be directed to SSSD or FreeIPA group? SSSD, please. override_homedir appears to have plenty of substitution options. This wouldn't be a major change request. For more flexibility, I think it would be nice to refer to an output of a script for determining homedir overrides. On a Solaris this is likely /export/home/bob While on some other odd system it could be /mnt/nas/users/bob Different prefix for homedir /export/home, /home, /mnt/nas/users could be addresed with the option homedir_substring in sssd conf. https://fedorahosted.org/sssd/ticket/1853 So you could store %H in ldap attribute, but clients need to understand such value. (sssd = 1.11.6). I'm not sure about other clients. As there is no sssd client for Solaris, I think I may have found a workaround via automounter as suggested by Coy Hile. But that only solves the Solaris specific homdir paths. In any case, I'm further today than I was yesterday. Thank you. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] How to handle users with multiple homedirs on different machines?
On Wed, Jun 3, 2015 at 12:29 AM, Lukas Slebodnik lsleb...@redhat.com wrote: However sssd is available just on linux (or FreeBSD) I'm not sure which clients do you use on Solaris or other Solaris would be configured via LDAP. RedHat appears to have a pretty good guide for doing this. Same goes for any other systems lacking sssd client or so I hope. As an example, I have user Bob. On a Linux box Bob has homedir at /home/b/bob ^ Unfortunatelly, there's no way how to say sssd to use just first letter from name. Hmmm. Is time for a feature request? Should this be directed to SSSD or FreeIPA group? override_homedir appears to have plenty of substitution options. This wouldn't be a major change request. For more flexibility, I think it would be nice to refer to an output of a script for determining homedir overrides. On a Solaris this is likely /export/home/bob While on some other odd system it could be /mnt/nas/users/bob Different prefix for homedir /export/home, /home, /mnt/nas/users could be addresed with the option homedir_substring in sssd conf. https://fedorahosted.org/sssd/ticket/1853 So you could store %H in ldap attribute, but clients need to understand such value. (sssd = 1.11.6). I'm not sure about other clients. As there is no sssd client for Solaris, I think I may have found a workaround via automounter as suggested by Coy Hile. But that only solves the Solaris specific homdir paths. In any case, I'm further today than I was yesterday. Thank you. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] How to handle users with multiple homedirs on different machines?
On Tue, 02 Jun 2015, swartz wrote: I have a environment that spans across multiple physical locations where there is a mix of Linux and Solaris workstations/servers. So far we've been managing accounts (/etc/password) via Puppet. Problem: FreeIPA allows to store only one homedir path. Q: Is there a way to store/set a different home path based on the system that the user is logged into? Yes, this is a feature of FreeIPA 4.1, called ID Views. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id-views.html See also my talk at SambaXP this year: https://www.samba.org/~ab/sambaxp/2015/freeipa_idviews.pdf While ID Views were designed for supporting Active Directory users (where you may not have POSIX attributes in the directory), they can be used for augmenting IPA users too -- just create a separate view and apply it to the host you need. SSSD has to be recent enough to apply the view locally at that host. For Solars and other systems, use compat tree integration. As an example, I have user Bob. On a Linux box Bob has homedir at /home/b/bob On a Solaris this is likely /export/home/bob While on some other odd system it could be /mnt/nas/users/bob The contents in each of the above locations differs for Bob. There are NAS boxes that hold data for specific groups that are mounted on few machines only. We can't use NAS as central homedir storage for number of reasons. Mounting exported filesystems as subdirs under main homedir isn't an option either. Many odd-ball systems don't export their filesystems. Mounting all homedirs locations isn't necessary on all machines. Performance issues over network., etc, etc. Is there a way to handle such scenario as outline above? I would welcome any input/ideas. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] How to handle users with multiple homedirs on different machines?
On (02/06/15 17:07), swartz wrote: I have a environment that spans across multiple physical locations where there is a mix of Linux and Solaris workstations/servers. So far we've been managing accounts (/etc/password) via Puppet. Problem: FreeIPA allows to store only one homedir path. Q: Is there a way to store/set a different home path based on the system that the user is logged into? sssd configuration is quite flexible in this way. You can override homedir with configuration option man sssd.conf - override_homedir However sssd is available just on linux (or FreeBSD) I'm not sure which clients do you use on Solaris or other old system, maybe there is a way how to override homedir as well. Or you can configure home directory attribute to the non-existing attribute in FreeIPA and use some fallback (if possible) As an example, I have user Bob. On a Linux box Bob has homedir at /home/b/bob ^ Unfortunatelly, there's no way how to say sssd to use just first letter from name. On a Solaris this is likely /export/home/bob While on some other odd system it could be /mnt/nas/users/bob Different prefix for homedir /export/home, /home, /mnt/nas/users could be addresed with the option homedir_substring in sssd conf. https://fedorahosted.org/sssd/ticket/1853 So you could store %H in ldap attribute, but clients need to understand such value. (sssd = 1.11.6). I'm not sure about other clients. LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] How to handle users with multiple homedirs on different machines?
For solaris, just use the standard automounter config in auto_home: * /export/home/ Sent via the Samsung GALAXY S® 5, an ATT 4G LTE smartphone Original message From: Lukas Slebodnik lsleb...@redhat.com Date: 06/03/2015 02:29 (GMT-05:00) To: netv...@gmail.com Cc: freeipa-users@redhat.com Subject: Re: [Freeipa-users] How to handle users with multiple homedirs on different machines? On (02/06/15 17:07), swartz wrote: I have a environment that spans across multiple physical locations where there is a mix of Linux and Solaris workstations/servers. So far we've been managing accounts (/etc/password) via Puppet. Problem: FreeIPA allows to store only one homedir path. Q: Is there a way to store/set a different home path based on the system that the user is logged into? sssd configuration is quite flexible in this way. You can override homedir with configuration option man sssd.conf - override_homedir However sssd is available just on linux (or FreeBSD) I'm not sure which clients do you use on Solaris or other old system, maybe there is a way how to override homedir as well. Or you can configure home directory attribute to the non-existing attribute in FreeIPA and use some fallback (if possible) As an example, I have user Bob. On a Linux box Bob has homedir at /home/b/bob ^ Unfortunatelly, there's no way how to say sssd to use just first letter from name. On a Solaris this is likely /export/home/bob While on some other odd system it could be /mnt/nas/users/bob Different prefix for homedir /export/home, /home, /mnt/nas/users could be addresed with the option homedir_substring in sssd conf. https://fedorahosted.org/sssd/ticket/1853 So you could store %H in ldap attribute, but clients need to understand such value. (sssd = 1.11.6). I'm not sure about other clients. LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] How to handle users with multiple homedirs on different machines?
On (03/06/15 12:54), Coy Hile wrote: For solaris, just use the standard automounter config in auto_home: * /export/home/ I thought that automount and getent passwd user are two different thigs on Solaris (the same as on Linux) LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] How to handle users with multiple homedirs on different machines?
They are, but a correct automounter config will allow you to keep the attribute as /home/jdoe notwithstanding the OS. Sent via the Samsung GALAXY S® 5, an ATT 4G LTE smartphone Original message From: Lukas Slebodnik lsleb...@redhat.com Date: 06/03/2015 11:32 (GMT-05:00) To: coy.h...@coyhile.com Cc: freeipa-users@redhat.com, netv...@gmail.com Subject: Re: [Freeipa-users] How to handle users with multiple homedirs on different machines? On (03/06/15 12:54), Coy Hile wrote: For solaris, just use the standard automounter config in auto_home: * /export/home/ I thought that automount and getent passwd user are two different thigs on Solaris (the same as on Linux) LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
