Description of problem: On the IPA server I can not use an IPA login. The login fails becuase it can not create /home/dean/.ICEauthority. On the IPA server there is no home directory created for the user. On IPA clients there is the --mkhomedir option for ipa-client-install, but there does not seem to be a similar option for the client when using ipa-server-install. Version-Release number of selected component (if applicable): Installed Packages freeipa-admintools.x86_64 3.1.2-1.fc18 @updates freeipa-client.x86_64 3.1.2-1.fc18 @updates freeipa-python.x86_64 3.1.2-1.fc18 @updates freeipa-server.x86_64 3.1.2-1.fc18 @updates freeipa-server-selinux.x86_64 3.1.2-1.fc18 @updates How reproducible: Consistent Steps to Reproduce: 1. ipa-server-install .... 2. ipa user-add new-user .... 3. reboot 4. login as new-user Actual results: Dialog box with "Can not create /home/new-user/.ICEauthority" Expected results: Successful login Additional info: Work-around is to execute: authconfig --enablemkhomedir --update BEFORE ipa-server-install.
This would be an RFE but it can be easily accomplished by adding entries into SSSD. Please see man sssd.conf
Upstream ticket: https://fedorahosted.org/freeipa/ticket/3515
Please be a little more specific about what I should look for in the man pages for sssd.conf. There's a whole heap of options. Here is an alphabetized /etc/sssd/sssd.conf from an IPA client that will make a home directory for a new user: [root@fedora18 ~]# cat /etc/sssd/sssd.conf [autofs] [domain/hunter.org] access_provider = ipa auth_provider = ipa cache_credentials = True chpass_provider = ipa id_provider = ipa ipa_domain = hunter.org ipa_dyndns_update = True ipa_hostname = fedora18.hunter.org ipa_server = _srv_, ipa.hunter.org krb5_store_password_if_offline = True ldap_tls_cacert = /etc/ipa/ca.crt [nss] [pac] [pam] [ssh] [sssd] config_file_version = 2 domains = hunter.org services = nss, pam, ssh [sudo] [root@fedora18 ~]#
I personally think that your current workaround with running "authconfig --enablemkhomedir --update" before ipa-server-install is enough and you do not need to tackle sssd configuration. You will be able to remove that workaround when we fix ticket 3515.
Thank you. I was just trying to be as helpful as I could while learning as much as I can. The work-around is scripted in my server install with a comment to tie it to this bug report. I shall wait patiently for a resolution.
Right, you are actually very helpful. Every filed&fixed bug will help us deliver better project for everyone.
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/dae163aa37a7ea07399a964a143f378c5cb6bffa ipa-3-1: https://fedorahosted.org/freeipa/changeset/c002506e269359a785bd3514601457b6ba9e3aaa
I see this has been fixed upstream, but I have not seen the usual notice that this has been included in Fedora updates. Have I misunderstood?
Because it hasn't been included in a Fedora build yet, it is only fixed upstream.
Thank you. I shall continue to wait patiently then.
freeipa-3.1.4-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/freeipa-3.1.4-1.fc18
Package freeipa-3.1.4-1.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing freeipa-3.1.4-1.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-7707/freeipa-3.1.4-1.fc18 then log in and leave karma (feedback).
Verified correction and updated karma
freeipa-3.1.4-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.