or pam_mkhomedir. Or if using kerberized NFS, our pam_kmkhomedir.
> On Feb 27, 2018, at 3:40 AM, Alexander Bokovoy via FreeIPA-users > <freeipa-users@lists.fedorahosted.org> wrote: > > On ti, 27 helmi 2018, TomK via FreeIPA-users wrote: >> On 2/26/2018 1:27 AM, Alexander Bokovoy via FreeIPA-users wrote: >> Thanks Alex. + SSSD mailing list. >> >> Two remaining questions. >> >> 1) Creating the NFS user folders on the server itself is not a problem >> however I would like to trap events that indicate USER logged into a client >> host. On this event, a home directory could then be created on the FreeIPA >> side. Without such an event I can't precreate it. So when a user logs into >> a client machine, is there any SSSD call initiated to the FreeIPA server >> that would show up in a log for example that I could in turn use to run a >> small shell script to precreate the user's home folder, if it doesn't exist? > This is not something FreeIPA can help with. We already have > pam_oddjob_mkhomedir module and its default configuration provides you a > way to create directories out of band using oddjob-mkhomedir helper. I > think at the very least you can have a wrapper that: > - would check some configuration and push a message to some server to > create a home directory somewhere else > - would wait for a response back that a directory is created (either by > polling a home directory appearance or communicating some other way > with the remote tool that creates a directory) > - would otherwise call a standard helper provided by oddjob-mkhomedir > > See /etc/oddjobd.conf.d/oddjobd-mkhomedir.conf for details. > >> 2) Is there a way to get SSSD to retrieve the unixHomeDirectory that's >> defined in the UNIX Attribute on the AD side? Would be handy if I want to >> control all home directory locations on the AD side. The override_homedir >> works to force a folder but when I try the %o option to override_homedir, it >> appears to take the FreeIPA default home directory, not the AD one. > unixHomeDirectory is the default for ldap_user_home_directory for AD > provider. Since all IPA trusted subdomains are using AD provider, > unixHomeDirectory would just be used automatically. > >> >> Cheers, >> Tom >> >>> On su, 25 helmi 2018, TomK via FreeIPA-users wrote: >>>> Hey Guy's, >>>> >>>> For newly added AD or IPA users, is there a way to automatically create >>>> the user folders on the FreeIPA server under say /nfs/home/bill, for >>>> example so that when the remote client logs in, it sees the NFS mounted >>>> folder? >>>> >>>> Instructions that I can find right now require precreating the folders. >>>> Need them precreated via the FreeIPA master servers anytime someone >>>> attempts to login on a client using their AD credentials. Is this >>>> possible? Assume the NFS server will be local to the FreeIPA masters. >>> One needs to create home directories on the NFS server itself. If home >>> directories are mounted via NFS, then you need to have enough permission >>> to create the folder at the NFS root which is not what you'd want to >>> allow a regular user. Thus, it needs to be solved outside of a log-in >>> flow. >>> >>> We don't provide any means to solve this in FreeIPA because file >>> sharing/hosting is not a FreeIPA problem. If your NFS server is running >>> on an IPA master, though, you might want to consider not using NFS >>> mounts on that server itself. In this case a normal oddjob-based >>> pam_mkhomedir would create the directories just fine. >>> >>>> >>>> Found steps like the one below but step 5) still requires pre creation of >>>> the folders. >>>> >>>> https://www.redhat.com/archives/freeipa-users/2016-May/msg00380.html >>>> >>>> https://serverfault.com/questions/705039/how-to-automate-directory-creation-on-nfs-server >>>> >>>> >>>> -- >>>> Cheers, >>>> Tom K. >>>> ------------------------------------------------------------------------------------- >>>> >>>> >>>> Living on earth is expensive, but it includes a free trip around the sun. >>>> _______________________________________________ >>>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >>> >> >> >> -- >> Cheers, >> Tom K. >> ------------------------------------------------------------------------------------- >> >> Living on earth is expensive, but it includes a free trip around the sun. >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > > -- > / Alexander Bokovoy > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
