[Freeipa-users] mkhomedir difference between ipa master and ipa replica

Petr Vobornik pvoborni at redhat.com
Fri Nov 4 14:00:21 UTC 2016 

On 11/04/2016 02:42 PM, Brian Candler wrote:
> On 04/11/2016 12:20, Petr Vobornik wrote:
>> You can check with what options authconfig was called by:
>>   # cat /var/log/ipaclient-install.log | grep authconfig
>>
>> if  --enablemkhomedir is not there then it is possible that something
>> else enabled it.
> 
> It's not there:
> 
> $ sudo cat /var/log/ipaclient-install.log | grep authconfig
> [sudo] password for brian.candler:
> 2016-10-27T15:30:44Z DEBUG args='/usr/sbin/authconfig'
> '--enablesssdauth' '--update' '--enablesssd'
> 2016-10-27T15:30:44Z DEBUG args='/usr/sbin/authconfig' '--update'
> '--nisdomain' 'ipa.example.com'
> 
> And:
> 
> $ sudo cat /var/log/ipaclient-install.log | grep mkhome
> 2016-10-27T15:30:38Z DEBUG /usr/sbin/ipa-client-install was invoked with
> options: {'domain': 'ipa.example.com', 'force': False,
> 'krb5_offline_passwords': True, 'ip_addresses': [], 'configure_firefox':
> False, 'primary': False, 'realm_name': 'IPA.EXAMPLE.COM', 'force_ntpd':
> False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True,
> 'on_master': True, 'no_nisdomain': False, 'nisdomain': None,
> 'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname':
> 'ipa-1.int.example.com', 'request_cert': False, 'trust_sshfp': False,
> 'no_ac': False, 'unattended': True, 'all_ip_addresses': False,
> 'location': None, 'sssd': True, 'ntp_servers': None, 'kinit_attempts':
> 5, 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True,
> 'force_join': False, 'firefox_dir': None, 'server':
> ['ipa-1.int.example.com'], 'prompt_password': False, 'permit': False,
> 'debug': False, 'preserve_sssd': False, 'mkhomedir': False, 'uninstall':
> False}
> 
> This server has been through several iterations of ipa-server-install /
> ipa-server-uninstall. It is possible that one of the earlier
> incantations was done with --mkhomedir, since I didn't do the first one.
> 
> Next time I do a fresh, clean IPA install I will check the PAM
> configuration. 


> (Although in that case, perhaps ipa-server-uninstall is
> not cleaning up fully after itself?)

That may be possible.

> 
> Regards,
> 
> Brian.
> 


-- 
Petr Vobornik

More information about the Freeipa-users mailing list