Dear SSSD community,
We are trying to setup sssd to allow users to authenticate against AD. Our intention is to mount user home directory from out centralized storage using autofs but for some reason the mount point goes to /home/<domain>/<userlogin> instead of /home/<userlogin>
This is out sssd configuration
# cat /etc/sssd/sssd.conf [domain/<domain>] debug_level = 2 auth_provider = ad chpass_provider = ad id_provider = ad
cache_credentials = true krb5_canonicalize = false krb5_kpasswd = dc1.<domain> krb5_realm = AD.<DOMAIN> krb5_server = dc1.<domain>
ldap_disable_referrals = true ldap_force_upper_case_realm = true ldap_id_mapping = False
ldap_sasl_mech = GSSAPI
ldap_schema = ad ldap_search_base = DC=ad,... ad_server = dc1.<domain> ad_backup_server = dc2.<domain>
access_provider = simple simple_allow_groups = g_dice_wolfpack
[sssd] services = nss, pam, pac config_file_version = 2 debug_level = 2 domains = <domain>
[nss] debug_level = 2 fallback_homedir = /home/%u default_shell = /bin/bash filter_users = root filter_groups = root
[pam]
[pac]
This is how we mount home through autofs # cat /etc/auto autofs.conf autofs_ldap_auth.conf auto.home auto.master auto.master.BK auto.master.d/ auto.misc auto.net auto.paella auto.share auto.smb # cat /etc/auto.master ... /- /etc/auto.home --timeout=1200 ...
# cat /etc/auto.home /home -fstype=nfs,hard,bg,intr,nolock,acl,vers=3 10.0.2.2:/ClusterHome
Any idea why is this happening and how can I change sssd to put user home directory in /home/<userlogin>?
Please do not hesitate if need more details
Thank you very much Manuel NOTICE Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed.
On Mon, Jan 6, 2020 at 6:02 PM Manuel Sopena Ballesteros manuel.sb@garvan.org.au wrote:
Our intention is to mount user home directory from out centralized storage using autofs but for some reason the mount point goes to /home/<domain>/<userlogin> instead of /home/<userlogin>
This is out sssd configuration
[domain/<domain>] …
[nss] fallback_homedir = /home/%u
You need to move the fallback_homedir setting from the [nss] section to the domain section.
While it is possible to set fallback_homedir in the [nss] section, it is more properly a configuration option of the domain’s data provider, and should therefore be set in the domain sections, not in the [nss] section.
Also, and more importantly, starting with sssd 2.0.0 (on RHEL8), the AD provider now implicitly sets "fallback_homedir = /home/%d/%u". Even though that is an implicit setting, it still (and perhaps non-intuitively?) overrides even an *explicit* fallback_homedir in the [nss] section.
The only way to override the implicit default fallback_homedir setting of the AD provider is to set fallback_homedir in each domain section that uses the AD provider.
sssd-users@lists.fedorahosted.org
-
James Ralston -
Manuel Sopena Ballesteros