[Freeipa-users] Freeipa4 - AD SSH logins
Aric Wilisch
awilisch at gmail.com
Wed Apr 15 18:19:09 UTC 2015
So I would have to setup an ID View Override for every user in AD that needs to login to to a FreeIPA host?
I guess I’m having trouble understanding why it wouldn’t just use the defaults set into FreeIPA? The Default home directory is set to /home and the default shell is set to /bin/bash.
This is a lot of work to go to unless there’s a way to set it globally for the entire domain. Also noticing sudo doesn’t work for those users even though I have the ad_admins group added to the sudo group I created.
Regards,
------------------------------------------
Aric Wilisch
awilisch at gmail.com
> On Apr 15, 2015, at 2:00 PM, Alexander Bokovoy <abokovoy at redhat.com> wrote:
>
> On Wed, 15 Apr 2015, Aric Wilisch wrote:
>> Today I managed to finally get a trust established between my AD Domain and my FreeIPA 4 environment.
>>
>> However I’m noticing a couple issues and hope someone might be able to give me some help.
>>
>> First when the user logs in it creates their home directory in
>> /home/fioptics/<username> rather than /home/<username>. I read that you
>> had to put subdomain_homedir= /home in /etc/sssd/sssd.conf but that
>> didn’t seem to fix it.
>>
>> Also the FreeIPA environment is set to use /bin/bash as the shell,
>> however everyone from AD is logging in and using /bin/sh.
>>
>> I’m hoping if I can get these issues sorted out the other issues I”m
>> seeing with go as well, but if they don’t I can address those at that
>> time.
> These issues are addressed with IDViews functionality in FreeIPA 4.1.
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id-views.html <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id-views.html>
>
> I have a 'sneak peak' videos of how this feature works:
> http://talks.vda.li/video/freeipa-idviews-override-shell-and-homedir.webm <http://talks.vda.li/video/freeipa-idviews-override-shell-and-homedir.webm>
> http://talks.vda.li/video/freeipa-idviews-override-public-ssh-key.webm <http://talks.vda.li/video/freeipa-idviews-override-public-ssh-key.webm>
> These are draft sequences, no sound or subtitles so you need to read
> documentation too :)
> --
> / Alexander Bokovoy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150415/d36f5aa8/attachment.htm>
More information about the Freeipa-users
mailing list