I have set up freeipa using CentOS 7 and the default 4.2.0 packages.
I found that on the master, the user's home directory is created
automatically, but on the replicas it is not. Looking into the contents
of /etc/pam.d, the following files are different:
fingerprint-auth-ac
password-auth-ac
smartcard-auth-ac
system-auth-ac
(two examples below). The replicas don't have the line which invokes
pam_oddjob_mkhomedir.so
I notice that both ipa-server-install and ipa-replica-install have the
following option:
--mkhomedir create home directories for users on their
first login
but I did not supply this option in either case. I believe the actual
options I gave were:
ipa-server-install --setup-dns
ipa-replica-install --setup-ca --setup-dns --forwarder x.x.x.x
/var/lib/ipa/replica-info-*.gpg
respectively. Is this expected behaviour, or should I raise a ticket?
Thanks,
Brian Candler.
--- fingerprint-auth-ac 2016-11-04 11:23:08.000000000 +0000
+++ fingerprint-auth-ac.replica 2016-11-04 11:23:19.000000000 +0000
@@ -16,7 +16,6 @@
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
-session optional pam_oddjob_mkhomedir.so umask=0022 skel=/etc/skel
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session optional pam_sss.so
--- system-auth-ac 2016-11-04 11:24:13.000000000 +0000
+++ system-auth-ac.replica 2016-11-04 11:24:26.000000000 +0000
@@ -22,7 +22,6 @@
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
-session optional pam_oddjob_mkhomedir.so umask=0022 skel=/etc/skel
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session optional pam_sss.so
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project