[Freeipa-users] mkhomedir difference between ipa master and ipa replica
Brian Candler
b.candler at pobox.com
Fri Nov 4 13:42:40 UTC 2016
On 04/11/2016 12:20, Petr Vobornik wrote:
> You can check with what options authconfig was called by:
> # cat /var/log/ipaclient-install.log | grep authconfig
>
> if --enablemkhomedir is not there then it is possible that something
> else enabled it.
It's not there:
$ sudo cat /var/log/ipaclient-install.log | grep authconfig
[sudo] password for brian.candler:
2016-10-27T15:30:44Z DEBUG args='/usr/sbin/authconfig'
'--enablesssdauth' '--update' '--enablesssd'
2016-10-27T15:30:44Z DEBUG args='/usr/sbin/authconfig' '--update'
'--nisdomain' 'ipa.example.com'
And:
$ sudo cat /var/log/ipaclient-install.log | grep mkhome
2016-10-27T15:30:38Z DEBUG /usr/sbin/ipa-client-install was invoked with
options: {'domain': 'ipa.example.com', 'force': False,
'krb5_offline_passwords': True, 'ip_addresses': [], 'configure_firefox':
False, 'primary': False, 'realm_name': 'IPA.EXAMPLE.COM', 'force_ntpd':
False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True,
'on_master': True, 'no_nisdomain': False, 'nisdomain': None,
'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname':
'ipa-1.int.example.com', 'request_cert': False, 'trust_sshfp': False,
'no_ac': False, 'unattended': True, 'all_ip_addresses': False,
'location': None, 'sssd': True, 'ntp_servers': None, 'kinit_attempts':
5, 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True,
'force_join': False, 'firefox_dir': None, 'server':
['ipa-1.int.example.com'], 'prompt_password': False, 'permit': False,
'debug': False, 'preserve_sssd': False, 'mkhomedir': False, 'uninstall':
False}
This server has been through several iterations of ipa-server-install /
ipa-server-uninstall. It is possible that one of the earlier
incantations was done with --mkhomedir, since I didn't do the first one.
Next time I do a fresh, clean IPA install I will check the PAM
configuration. (Although in that case, perhaps ipa-server-uninstall is
not cleaning up fully after itself?)
Regards,
Brian.
More information about the Freeipa-users
mailing list