Bug 921707 - ipa-server-install does not configure it's client to make a home directory on first login
Summary: ipa-server-install does not configure it's client to make a home directory on...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: freeipa
Version: 18
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-03-14 18:01 UTC by Dean Hunter
Modified: 2013-05-17 03:32 UTC (History)
5 users (show)

Fixed In Version: freeipa-3.1.4-1.fc18
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-05-17 03:32:22 UTC


Attachments (Terms of Use)

Description Dean Hunter 2013-03-14 18:01:34 UTC
Description of problem:
On the IPA server I can not use an IPA login. The login fails becuase it can not create /home/dean/.ICEauthority. On the IPA server there is no home directory created for the user. On IPA clients there is the --mkhomedir option for ipa-client-install, but there does not seem to be a similar option for the client when using ipa-server-install.


Version-Release number of selected component (if applicable):
Installed Packages
freeipa-admintools.x86_64                   3.1.2-1.fc18                @updates
freeipa-client.x86_64                       3.1.2-1.fc18                @updates
freeipa-python.x86_64                       3.1.2-1.fc18                @updates
freeipa-server.x86_64                       3.1.2-1.fc18                @updates
freeipa-server-selinux.x86_64               3.1.2-1.fc18                @updates


How reproducible: Consistent


Steps to Reproduce:
1. ipa-server-install ....
2. ipa user-add new-user ....
3. reboot
4. login as new-user
  

Actual results:
Dialog box with "Can not create /home/new-user/.ICEauthority"


Expected results:
Successful login


Additional info:
Work-around is to execute:

  authconfig --enablemkhomedir --update

BEFORE ipa-server-install.

Comment 1 Dmitri Pal 2013-03-14 21:05:27 UTC
This would be an RFE but it can be easily accomplished by adding entries into SSSD. Please see man sssd.conf

Comment 2 Dmitri Pal 2013-03-14 21:14:42 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/3515

Comment 3 Dean Hunter 2013-03-15 11:12:31 UTC
Please be a little more specific about what I should look for in the man pages for sssd.conf. There's a whole heap of options. Here is an alphabetized /etc/sssd/sssd.conf from an IPA client that will make a home directory for a new user:

[root@fedora18 ~]# cat /etc/sssd/sssd.conf
[autofs]

[domain/hunter.org]
access_provider = ipa
auth_provider = ipa
cache_credentials = True
chpass_provider = ipa
id_provider = ipa
ipa_domain = hunter.org
ipa_dyndns_update = True
ipa_hostname = fedora18.hunter.org
ipa_server = _srv_, ipa.hunter.org
krb5_store_password_if_offline = True
ldap_tls_cacert = /etc/ipa/ca.crt

[nss]

[pac]

[pam]

[ssh]

[sssd]
config_file_version = 2
domains = hunter.org
services = nss, pam, ssh

[sudo]


[root@fedora18 ~]#

Comment 4 Martin Kosek 2013-03-15 11:58:24 UTC
I personally think that your current workaround with running "authconfig --enablemkhomedir --update" before ipa-server-install is enough and you do not need to tackle sssd configuration.

You will be able to remove that workaround when we fix ticket 3515.

Comment 5 Dean Hunter 2013-03-15 12:05:22 UTC
Thank you. I was just trying to be as helpful as I could while learning as much as I can. The work-around is scripted in my server install with a comment to tie it to this bug report. I shall wait patiently for a resolution.

Comment 6 Martin Kosek 2013-03-15 12:19:49 UTC
Right, you are actually very helpful. Every filed&fixed bug will help us deliver better project for everyone.

Comment 8 Dean Hunter 2013-05-02 13:57:44 UTC
I see this has been fixed upstream, but I have not seen the usual notice that this has been included in Fedora updates. Have I misunderstood?

Comment 9 Rob Crittenden 2013-05-02 14:18:30 UTC
Because it hasn't been included in a Fedora build yet, it is only fixed upstream.

Comment 10 Dean Hunter 2013-05-02 15:55:51 UTC
Thank you. I shall continue to wait patiently then.

Comment 11 Fedora Update System 2013-05-07 11:51:27 UTC
freeipa-3.1.4-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/freeipa-3.1.4-1.fc18

Comment 12 Fedora Update System 2013-05-09 10:07:30 UTC
Package freeipa-3.1.4-1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing freeipa-3.1.4-1.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-7707/freeipa-3.1.4-1.fc18
then log in and leave karma (feedback).

Comment 13 Dean Hunter 2013-05-09 15:47:24 UTC
Verified correction and updated karma

Comment 14 Fedora Update System 2013-05-17 03:32:22 UTC
freeipa-3.1.4-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.