Description of problem:
On the IPA server I can not use an IPA login. The login fails becuase it can not create /home/dean/.ICEauthority. On the IPA server there is no home directory created for the user. On IPA clients there is the --mkhomedir option for ipa-client-install, but there does not seem to be a similar option for the client when using ipa-server-install.
Version-Release number of selected component (if applicable):
freeipa-admintools.x86_64 3.1.2-1.fc18 @updates
freeipa-client.x86_64 3.1.2-1.fc18 @updates
freeipa-python.x86_64 3.1.2-1.fc18 @updates
freeipa-server.x86_64 3.1.2-1.fc18 @updates
freeipa-server-selinux.x86_64 3.1.2-1.fc18 @updates
How reproducible: Consistent
Steps to Reproduce:
1. ipa-server-install ....
2. ipa user-add new-user ....
4. login as new-user
Dialog box with "Can not create /home/new-user/.ICEauthority"
Work-around is to execute:
authconfig --enablemkhomedir --update
This would be an RFE but it can be easily accomplished by adding entries into SSSD. Please see man sssd.conf
Please be a little more specific about what I should look for in the man pages for sssd.conf. There's a whole heap of options. Here is an alphabetized /etc/sssd/sssd.conf from an IPA client that will make a home directory for a new user:
[root@fedora18 ~]# cat /etc/sssd/sssd.conf
access_provider = ipa
auth_provider = ipa
cache_credentials = True
chpass_provider = ipa
id_provider = ipa
ipa_domain = hunter.org
ipa_dyndns_update = True
ipa_hostname = fedora18.hunter.org
ipa_server = _srv_, ipa.hunter.org
krb5_store_password_if_offline = True
ldap_tls_cacert = /etc/ipa/ca.crt
config_file_version = 2
domains = hunter.org
services = nss, pam, ssh
I personally think that your current workaround with running "authconfig --enablemkhomedir --update" before ipa-server-install is enough and you do not need to tackle sssd configuration.
You will be able to remove that workaround when we fix ticket 3515.
Thank you. I was just trying to be as helpful as I could while learning as much as I can. The work-around is scripted in my server install with a comment to tie it to this bug report. I shall wait patiently for a resolution.
Right, you are actually very helpful. Every filed&fixed bug will help us deliver better project for everyone.
I see this has been fixed upstream, but I have not seen the usual notice that this has been included in Fedora updates. Have I misunderstood?
Because it hasn't been included in a Fedora build yet, it is only fixed upstream.
Thank you. I shall continue to wait patiently then.
freeipa-3.1.4-1.fc18 has been submitted as an update for Fedora 18.
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing freeipa-3.1.4-1.fc18'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Verified correction and updated karma
freeipa-3.1.4-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.