[Freeipa-users] Freeipa4 - AD SSH logins
Aric Wilisch
awilisch at gmail.com
Wed Apr 15 17:43:55 UTC 2015
Today I managed to finally get a trust established between my AD Domain and my FreeIPA 4 environment.
However I’m noticing a couple issues and hope someone might be able to give me some help.
First when the user logs in it creates their home directory in /home/fioptics/<username> rather than /home/<username>. I read that you had to put
subdomain_homedir= /home in /etc/sssd/sssd.conf but that didn’t seem to fix it.
Also the FreeIPA environment is set to use /bin/bash as the shell, however everyone from AD is logging in and using /bin/sh.
I’m hoping if I can get these issues sorted out the other issues I”m seeing with go as well, but if they don’t I can address those at that time.
Let me know what I would need to post in order to help. I’m including the sssd.conf and krb5.conf file below.
I appreciate any help anyone can give.
—————————
sssd.conf
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = STAGING.FIOPTICS.INT
dns_lookup_realm = false
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
STAGING.FIOPTICS.INT = {
kdc = stip01.staging.fioptics.int:88
master_kdc = stip01.staging.fioptics.int:88
admin_server = stip01.staging.fioptics.int:749
default_domain = staging.fioptics.int
pkinit_anchors = FILE:/etc/ipa/ca.crt
auth_to_local = RULE:[1:$1@$0](^.*@AD_DOMAIN$)s/@AD_DOMAIN/@ad_domain/
auth_to_local = DEFAULT
}
[domain_realm]
.staging.fioptics.int = STAGING.FIOPTICS.INT
staging.fioptics.int = STAGING.FIOPTICS.INT
[dbmodules]
STAGING.FIOPTICS.INT = {
db_library = ipadb.so
}
————————————————
krb5.conf
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = STAGING.FIOPTICS.INT
dns_lookup_realm = false
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = yes
udp_preference_limit = 0
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
STAGING.FIOPTICS.INT = {
kdc = stip01.staging.fioptics.int:88
master_kdc = stip01.staging.fioptics.int:88
admin_server = stip01.staging.fioptics.int:749
default_domain = staging.fioptics.int
pkinit_anchors = FILE:/etc/ipa/ca.crt
auth_to_local = RULE:[1:$1@$0](^.*@AD_DOMAIN$)s/@AD_DOMAIN/@ad_domain/
auth_to_local = DEFAULT
}
[domain_realm]
.staging.fioptics.int = STAGING.FIOPTICS.INT
staging.fioptics.int = STAGING.FIOPTICS.INT
[dbmodules]
STAGING.FIOPTICS.INT = {
db_library = ipadb.so
}
Regards,
------------------------------------------
Aric Wilisch
awilisch at gmail.com
More information about the Freeipa-users
mailing list