On ti, 27 helmi 2018, TomK via FreeIPA-users wrote:
On 2/26/2018 1:27 AM, Alexander Bokovoy via FreeIPA-users wrote:
Thanks Alex. + SSSD mailing list.
Two remaining questions.
1) Creating the NFS user folders on the server itself is not a problem
however I would like to trap events that indicate USER logged into a
client host. On this event, a home directory could then be created on
the FreeIPA side. Without such an event I can't precreate it. So
when a user logs into a client machine, is there any SSSD call
initiated to the FreeIPA server that would show up in a log for
example that I could in turn use to run a small shell script to
precreate the user's home folder, if it doesn't exist?
This is not something
FreeIPA can help with. We already have
pam_oddjob_mkhomedir module and its default configuration provides you a
way to create directories out of band using oddjob-mkhomedir helper. I
think at the very least you can have a wrapper that:
- would check some configuration and push a message to some server to
create a home directory somewhere else
- would wait for a response back that a directory is created (either by
polling a home directory appearance or communicating some other way
with the remote tool that creates a directory)
- would otherwise call a standard helper provided by oddjob-mkhomedir
See /etc/oddjobd.conf.d/oddjobd-mkhomedir.conf for details.
2) Is there a way to get SSSD to retrieve the unixHomeDirectory
that's
defined in the UNIX Attribute on the AD side? Would be handy if I
want to control all home directory locations on the AD side. The
override_homedir works to force a folder but when I try the %o option
to override_homedir, it appears to take the FreeIPA default home
directory, not the AD one.
unixHomeDirectory is the default for
ldap_user_home_directory for AD
provider. Since all IPA trusted subdomains are using AD provider,
unixHomeDirectory would just be used automatically.
Cheers,
Tom
>On su, 25 helmi 2018, TomK via FreeIPA-users wrote:
>>Hey Guy's,
>>
>>For newly added AD or IPA users, is there a way to automatically
>>create the user folders on the FreeIPA server under say
>>/nfs/home/bill, for example so that when the remote client logs
>>in, it sees the NFS mounted folder?
>>
>>Instructions that I can find right now require precreating the
>>folders. Need them precreated via the FreeIPA master servers
>>anytime someone attempts to login on a client using their AD
>>credentials. Is this possible? Assume the NFS server will be
>>local to the FreeIPA masters.
>One needs to create home directories on the NFS server itself. If home
>directories are mounted via NFS, then you need to have enough permission
>to create the folder at the NFS root which is not what you'd want to
>allow a regular user. Thus, it needs to be solved outside of a log-in
>flow.
>
>We don't provide any means to solve this in FreeIPA because file
>sharing/hosting is not a FreeIPA problem. If your NFS server is running
>on an IPA master, though, you might want to consider not using NFS
>mounts on that server itself. In this case a normal oddjob-based
>pam_mkhomedir would create the directories just fine.
>
>>
>>Found steps like the one below but step 5) still requires pre
>>creation of the folders.
>>
>>https://www.redhat.com/archives/freeipa-users/2016-May/msg00380.html
>>
>>https://serverfault.com/questions/705039/how-to-automate-directory-creation-on-nfs-server
>>
>>
>>--
>>Cheers,
>>Tom K.
>>-------------------------------------------------------------------------------------
>>
>>
>>Living on earth is expensive, but it includes a free trip around the sun.
>>_______________________________________________
>>FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
>>To unsubscribe send an email to
>>freeipa-users-leave(a)lists.fedorahosted.org
>
--
Cheers,
Tom K.
-------------------------------------------------------------------------------------
Living on earth is expensive, but it includes a free trip around the sun.
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
--
/ Alexander Bokovoy