Re: [Freeipa-users] How to set the home directory for AD users?
>Since the trusted AD domain is a 'subdomain' in SSSD lingo, you need to >change the 'subdomain_homedir' parameter in sssd.conf Perfect! That's exactly what I was looking for. Thanks. David Guertin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] How to set the home directory for AD users?
On Thu, Apr 09, 2015 at 05:38:40PM +, Guertin, David S. wrote: > >If your clients are RHEL 7.1, remove all of the hacks and use ID Views > >instead. > >https://access.redhat.com/documentation/en- > >US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id- > >views.html > > > >ID view 'Default Trust View' will be applied automatically -- on RHEL7.1 > >clients by SSSD picking it up from IPA master, on legacy clients by their > >lookups to compat trees. On RHEL6.6 I think SSSD is not capable doing the > >lookup 'RHEL7.1 way' yet but a rebase is planned to get next update cycle to > >catch up. > > Thanks, all of our clients are RHEL 6 and RHEL 5, so I'll just be patient and > look forward to that (at least for RHEL 6). > > I was just poking around the ID Views section of the Web UI, and it looks > like I can set Home Directory for Users, but not User Groups. On the one hand > that makes sense, since groups don't have home directories, but on the other > hand, AD users are not shown (i.e. they only exist in IPA as a group), and > anyway I would like to be able to set the home directory format for all users > at once (including AD users) instead of individually. Is that possible? Since the trusted AD domain is a 'subdomain' in SSSD lingo, you need to change the 'subdomain_homedir' parameter in sssd.conf -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] How to set the home directory for AD users?
>If your clients are RHEL 7.1, remove all of the hacks and use ID Views instead. >https://access.redhat.com/documentation/en- >US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id- >views.html > >ID view 'Default Trust View' will be applied automatically -- on RHEL7.1 >clients by SSSD picking it up from IPA master, on legacy clients by their >lookups to compat trees. On RHEL6.6 I think SSSD is not capable doing the >lookup 'RHEL7.1 way' yet but a rebase is planned to get next update cycle to >catch up. Thanks, all of our clients are RHEL 6 and RHEL 5, so I'll just be patient and look forward to that (at least for RHEL 6). I was just poking around the ID Views section of the Web UI, and it looks like I can set Home Directory for Users, but not User Groups. On the one hand that makes sense, since groups don't have home directories, but on the other hand, AD users are not shown (i.e. they only exist in IPA as a group), and anyway I would like to be able to set the home directory format for all users at once (including AD users) instead of individually. Is that possible? David Guertin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] How to set the home directory for AD users?
On Thu, 09 Apr 2015, Guertin, David S. wrote: We have a trust relationship set up between our IPA domain and our AD domain. When ad AD user logs in to an IPA client, they are given a home directory of /home//. I would like to change this to /home/. (I'm not interested in automatically creating the home firectory on login, I just want to change the directory name.) The users are not assigned a home directory in AD, so it's up to IPA to set it. In the [nss] section of /etc/sssd/sssd.conf, I have homedir_substring = /home but that doesn't do it. Neither does: fallback_homedir = /home/%u Where can this variable be set? If your clients are RHEL 7.1, remove all of the hacks and use ID Views instead. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id-views.html ID view 'Default Trust View' will be applied automatically -- on RHEL7.1 clients by SSSD picking it up from IPA master, on legacy clients by their lookups to compat trees. On RHEL6.6 I think SSSD is not capable doing the lookup 'RHEL7.1 way' yet but a rebase is planned to get next update cycle to catch up. -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] How to set the home directory for AD users?
On 04/09/2015 12:34 PM, Guertin, David S. wrote: We have a trust relationship set up between our IPA domain and our AD domain. When ad AD user logs in to an IPA client, they are given a home directory of /home//. I would like to change this to /home/. (I'm not interested in automatically creating the home firectory on login, I just want to change the directory name.) The users are not assigned a home directory in AD, so it's up to IPA to set it. In the [nss] section of /etc/sssd/sssd.conf, I have homedir_substring = /home but that doesn't do it. Neither does: fallback_homedir = /home/%u Where can this variable be set? Thanks, David Guertin On which version of the SSSD? -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] How to set the home directory for AD users?
We have a trust relationship set up between our IPA domain and our AD domain. When ad AD user logs in to an IPA client, they are given a home directory of /home//. I would like to change this to /home/. (I'm not interested in automatically creating the home firectory on login, I just want to change the directory name.) The users are not assigned a home directory in AD, so it's up to IPA to set it. In the [nss] section of /etc/sssd/sssd.conf, I have homedir_substring = /home but that doesn't do it. Neither does: fallback_homedir = /home/%u Where can this variable be set? Thanks, David Guertin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
