I am using sssd-1.13.0-40.el7_2.12.x86_64? on CentOS 7.2 and am running into a problem trying to mount user's home directories from active directory. At this time I am able to authenticate to AD just fine. However, user's home directories in AD are not the traditional '/home/$USER', but are simply a number that was randomly generated. I can do an ldapsearch, grab 'homeDirectory', and parse out the path, but I have to do this externally and can't see a way to pass the information back to SSSD.
Is it possible to have SSSD grab the user's AD home directory, and then have it pass it to something that can automount it (autofs or pam_mount)?
Thanks!
-Matt
Matthew Hanley
IT Analyst
College of Engineering and Computer Science
Syracuse University
Note that AD is not 100% RFC2307 compatible, so by default it uses ‚UnixhomeDirectory‘ attribute because traditional ‚HomeDirectory‘ is being used by Windows. You have to tell SSSD to use ‚HomeDirectory‘ explicitely. O.
From: Matthew W Hanley [mailto:mwhanley@syr.edu] Sent: Sunday, August 28, 2016 6:47 PM To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] A problem automounting user's AD home directory
I am using sssd-1.13.0-40.el7_2.12.x86_64 on CentOS 7.2 and am running into a problem trying to mount user's home directories from active directory. At this time I am able to authenticate to AD just fine. However, user's home directories in AD are not the traditional '/home/$USER', but are simply a number that was randomly generated. I can do an ldapsearch, grab 'homeDirectory', and parse out the path, but I have to do this externally and can't see a way to pass the information back to SSSD.
Is it possible to have SSSD grab the user's AD home directory, and then have it pass it to something that can automount it (autofs or pam_mount)?
Thanks!
-Matt
Matthew Hanley
IT Analyst
College of Engineering and Computer Science
Syracuse University
-----
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.
In sssd.conf I had set the following:
ldap_user_home_directory = homeDirectory
and this works - but the returned value is in the format of "\$hostname$path" - is it possible to use just the path portion of the response?
Taking it a step further, how do I get SSSD to automatically mount the AD homeDirectory?
Thanks!
On Mon, Aug 29, 2016 at 04:38:07PM -0000, Matthew Hanley wrote:
In sssd.conf I had set the following:
ldap_user_home_directory = homeDirectory
and this works - but the returned value is in the format of "\$hostname$path" - is it possible to use just the path portion of the response?
I'm afraid not.
Taking it a step further, how do I get SSSD to automatically mount the AD homeDirectory?
SSSD does not mount the directory, automounter does.
SSSD provides data, either all or a subset that automounter then uses to mount the directory. In your case, I assume SSSD provides the automounter maps and keys which the automounter deamon reads but also info about the user, like their name and homedir.
If your users had the homedir set to a location that could already be used by automounter (so getent passwd $user returned $path only), you could have used the $HOME substitution autofs offers.
But since you need to do some post-processing on the values, maybe the autofs executable maps could be used? See man 5 autofs, maybe you could feed the executable map the full attribute value and chop off the hostname? That's just a suggestion, though, I've never actually used executable maps..
sssd-users@lists.fedorahosted.org
-
Jakub Hrozek -
Matthew Hanley -
Ondrej Valousek