<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I have set up freeipa using CentOS 7 and the default 4.2.0
packages.</p>
<p>I found that on the master, the user's home directory is created
automatically, but on the replicas it is not. Looking into the
contents of /etc/pam.d, the following files are different:</p>
<p>fingerprint-auth-ac</p>
<p>password-auth-ac</p>
<p>smartcard-auth-ac</p>
<p>system-auth-ac</p>
<p>(two examples below). The replicas don't have the line which
invokes pam_oddjob_mkhomedir.so</p>
<p>I notice that both ipa-server-install and ipa-replica-install
have the following option:</p>
<p> --mkhomedir create home directories for users on
their first login</p>
<p>but I did not supply this option in either case. I believe the
actual options I gave were:</p>
<p>
<meta charset="utf-8">
<span style="color: rgb(0, 130, 0); font-family: Consolas,
"Bitstream Vera Sans Mono", "Courier New",
Courier, monospace; font-size: 14px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: left; text-indent: 0px; text-transform: none;
white-space: nowrap; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); display: inline !important; float: none;">ipa-server-install
--setup-dns</span><br>
<meta charset="utf-8">
<span style="color: rgb(0, 130, 0); font-family: Consolas,
"Bitstream Vera Sans Mono", "Courier New",
Courier, monospace; font-size: 14px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans: 2;
text-align: left; text-indent: 0px; text-transform: none;
white-space: nowrap; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255); display: inline !important; float: none;">ipa-replica-install
--setup-ca --setup-dns --forwarder x.x.x.x
/var/lib/ipa/replica-info-*.gpg</span></p>
<p>respectively. Is this expected behaviour, or should I raise a
ticket?<br>
</p>
<p>Thanks,</p>
<p>Brian Candler.<br>
</p>
<p><tt>--- fingerprint-auth-ac 2016-11-04 11:23:08.000000000
+0000</tt><tt><br>
</tt><tt>+++ fingerprint-auth-ac.replica 2016-11-04
11:23:19.000000000 +0000</tt><tt><br>
</tt><tt>@@ -16,7 +16,6 @@</tt><tt><br>
</tt><tt> session optional pam_keyinit.so revoke</tt><tt><br>
</tt><tt> session required pam_limits.so</tt><tt><br>
</tt><tt> -session optional pam_systemd.so</tt><tt><br>
</tt><tt>-session optional pam_oddjob_mkhomedir.so
umask=0022 skel=/etc/skel</tt><tt><br>
</tt><tt> session [success=1 default=ignore] pam_succeed_if.so
service in crond quiet use_uid</tt><tt><br>
</tt><tt> session required pam_unix.so</tt><tt><br>
</tt><tt> session optional pam_sss.so</tt></p>
<p><tt>--- system-auth-ac 2016-11-04 11:24:13.000000000 +0000</tt><tt><br>
</tt><tt>+++ system-auth-ac.replica 2016-11-04
11:24:26.000000000 +0000</tt><tt><br>
</tt><tt>@@ -22,7 +22,6 @@</tt><tt><br>
</tt><tt> session optional pam_keyinit.so revoke</tt><tt><br>
</tt><tt> session required pam_limits.so</tt><tt><br>
</tt><tt> -session optional pam_systemd.so</tt><tt><br>
</tt><tt>-session optional pam_oddjob_mkhomedir.so
umask=0022 skel=/etc/skel</tt><tt><br>
</tt><tt> session [success=1 default=ignore] pam_succeed_if.so
service in crond quiet use_uid</tt><tt><br>
</tt><tt> session required pam_unix.so</tt><tt><br>
</tt><tt> session optional pam_sss.so</tt><br>
</p>
</body>
</html>