Bug 921707 - ipa-server-install does not configure it's client to make a home directory on first login
Summary: ipa-server-install does not configure it's client to make a home directory on...
Alias: None
Product: Fedora
Classification: Fedora
Component: freeipa
Version: 18
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2013-03-14 18:01 UTC by Dean Hunter
Modified: 2013-05-17 03:32 UTC (History)
5 users (show)

Fixed In Version: freeipa-3.1.4-1.fc18
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-05-17 03:32:22 UTC

Attachments (Terms of Use)

Description Dean Hunter 2013-03-14 18:01:34 UTC
Description of problem:
On the IPA server I can not use an IPA login. The login fails becuase it can not create /home/dean/.ICEauthority. On the IPA server there is no home directory created for the user. On IPA clients there is the --mkhomedir option for ipa-client-install, but there does not seem to be a similar option for the client when using ipa-server-install.

Version-Release number of selected component (if applicable):
Installed Packages
freeipa-admintools.x86_64                   3.1.2-1.fc18                @updates
freeipa-client.x86_64                       3.1.2-1.fc18                @updates
freeipa-python.x86_64                       3.1.2-1.fc18                @updates
freeipa-server.x86_64                       3.1.2-1.fc18                @updates
freeipa-server-selinux.x86_64               3.1.2-1.fc18                @updates

How reproducible: Consistent

Steps to Reproduce:
1. ipa-server-install ....
2. ipa user-add new-user ....
3. reboot
4. login as new-user

Actual results:
Dialog box with "Can not create /home/new-user/.ICEauthority"

Expected results:
Successful login

Additional info:
Work-around is to execute:

  authconfig --enablemkhomedir --update

BEFORE ipa-server-install.

Comment 1 Dmitri Pal 2013-03-14 21:05:27 UTC
This would be an RFE but it can be easily accomplished by adding entries into SSSD. Please see man sssd.conf

Comment 2 Dmitri Pal 2013-03-14 21:14:42 UTC
Upstream ticket:

Comment 3 Dean Hunter 2013-03-15 11:12:31 UTC
Please be a little more specific about what I should look for in the man pages for sssd.conf. There's a whole heap of options. Here is an alphabetized /etc/sssd/sssd.conf from an IPA client that will make a home directory for a new user:

[root@fedora18 ~]# cat /etc/sssd/sssd.conf

access_provider = ipa
auth_provider = ipa
cache_credentials = True
chpass_provider = ipa
id_provider = ipa
ipa_domain = hunter.org
ipa_dyndns_update = True
ipa_hostname = fedora18.hunter.org
ipa_server = _srv_, ipa.hunter.org
krb5_store_password_if_offline = True
ldap_tls_cacert = /etc/ipa/ca.crt





config_file_version = 2
domains = hunter.org
services = nss, pam, ssh


[root@fedora18 ~]#

Comment 4 Martin Kosek 2013-03-15 11:58:24 UTC
I personally think that your current workaround with running "authconfig --enablemkhomedir --update" before ipa-server-install is enough and you do not need to tackle sssd configuration.

You will be able to remove that workaround when we fix ticket 3515.

Comment 5 Dean Hunter 2013-03-15 12:05:22 UTC
Thank you. I was just trying to be as helpful as I could while learning as much as I can. The work-around is scripted in my server install with a comment to tie it to this bug report. I shall wait patiently for a resolution.

Comment 6 Martin Kosek 2013-03-15 12:19:49 UTC
Right, you are actually very helpful. Every filed&fixed bug will help us deliver better project for everyone.

Comment 8 Dean Hunter 2013-05-02 13:57:44 UTC
I see this has been fixed upstream, but I have not seen the usual notice that this has been included in Fedora updates. Have I misunderstood?

Comment 9 Rob Crittenden 2013-05-02 14:18:30 UTC
Because it hasn't been included in a Fedora build yet, it is only fixed upstream.

Comment 10 Dean Hunter 2013-05-02 15:55:51 UTC
Thank you. I shall continue to wait patiently then.

Comment 11 Fedora Update System 2013-05-07 11:51:27 UTC
freeipa-3.1.4-1.fc18 has been submitted as an update for Fedora 18.

Comment 12 Fedora Update System 2013-05-09 10:07:30 UTC
Package freeipa-3.1.4-1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing freeipa-3.1.4-1.fc18'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 13 Dean Hunter 2013-05-09 15:47:24 UTC
Verified correction and updated karma

Comment 14 Fedora Update System 2013-05-17 03:32:22 UTC
freeipa-3.1.4-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.