On ti, 27 helmi 2018, TomK via FreeIPA-users wrote:
On 2/26/2018 1:27 AM, Alexander Bokovoy via FreeIPA-users wrote:
Thanks Alex. + SSSD mailing list.
Two remaining questions.
1) Creating the NFS user folders on the server itself is not a problem
however I would like to trap events that indicate USER logged into a
client host. On this event, a home directory could then be created on
the FreeIPA side. Without such an event I can't precreate it. So
when a user logs into a client machine, is there any SSSD call
initiated to the FreeIPA server that would show up in a log for
example that I could in turn use to run a small shell script to
precreate the user's home folder, if it doesn't exist?
This is not something FreeIPA can help with. We already have
pam_oddjob_mkhomedir module and its default configuration provides you a
way to create directories out of band using oddjob-mkhomedir helper. I
think at the very least you can have a wrapper that:
- would check some configuration and push a message to some server to
create a home directory somewhere else
- would wait for a response back that a directory is created (either by
polling a home directory appearance or communicating some other way
with the remote tool that creates a directory)
- would otherwise call a standard helper provided by oddjob-mkhomedir
See /etc/oddjobd.conf.d/oddjobd-mkhomedir.conf for details.
2) Is there a way to get SSSD to retrieve the unixHomeDirectory that's
defined in the UNIX Attribute on the AD side? Would be handy if I
want to control all home directory locations on the AD side. The
override_homedir works to force a folder but when I try the %o option
to override_homedir, it appears to take the FreeIPA default home
directory, not the AD one.
unixHomeDirectory is the default for ldap_user_home_directory for AD
provider. Since all IPA trusted subdomains are using AD provider,
unixHomeDirectory would just be used automatically.
Cheers,
Tom
On su, 25 helmi 2018, TomK via FreeIPA-users wrote:
Hey Guy's,
For newly added AD or IPA users, is there a way to automatically
create the user folders on the FreeIPA server under say
/nfs/home/bill, for example so that when the remote client logs
in, it sees the NFS mounted folder?
Instructions that I can find right now require precreating the
folders. Need them precreated via the FreeIPA master servers
anytime someone attempts to login on a client using their AD
credentials. Is this possible? Assume the NFS server will be
local to the FreeIPA masters.
One needs to create home directories on the NFS server itself. If home
directories are mounted via NFS, then you need to have enough permission
to create the folder at the NFS root which is not what you'd want to
allow a regular user. Thus, it needs to be solved outside of a log-in
flow.
We don't provide any means to solve this in FreeIPA because file
sharing/hosting is not a FreeIPA problem. If your NFS server is running
on an IPA master, though, you might want to consider not using NFS
mounts on that server itself. In this case a normal oddjob-based
pam_mkhomedir would create the directories just fine.
Found steps like the one below but step 5) still requires pre
creation of the folders.
https://www.redhat.com/archives/freeipa-users/2016-May/msg00380.html
https://serverfault.com/questions/705039/how-to-automate-directory-creation-on-nfs-server
--
Cheers,
Tom K.
-------------------------------------------------------------------------------------
Living on earth is expensive, but it includes a free trip around the sun.
_______________________________________________
FreeIPA-users mailing list -- freeipa-us...@lists.fedorahosted.org
To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
--
Cheers,
Tom K.
-------------------------------------------------------------------------------------
Living on earth is expensive, but it includes a free trip around the sun.
_______________________________________________
FreeIPA-users mailing list -- freeipa-us...@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
--
/ Alexander Bokovoy
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
