Re: [Freeipa-users] mkhomedir difference between ipa master and ipa replica

Fri, 04 Nov 2016 06:47:17 -0700 

On 04/11/2016 12:20, Petr Vobornik wrote:

You can check with what options authconfig was called by:
  # cat /var/log/ipaclient-install.log | grep authconfig

if  --enablemkhomedir is not there then it is possible that something
else enabled it.


It's not there:

$ sudo cat /var/log/ipaclient-install.log | grep authconfig
[sudo] password for brian.candler:
2016-10-27T15:30:44Z DEBUG args='/usr/sbin/authconfig' '--enablesssdauth' '--update' '--enablesssd' 2016-10-27T15:30:44Z DEBUG args='/usr/sbin/authconfig' '--update' '--nisdomain' 'ipa.example.com' 

And:

$ sudo cat /var/log/ipaclient-install.log | grep mkhome
2016-10-27T15:30:38Z DEBUG /usr/sbin/ipa-client-install was invoked with options: {'domain': 'ipa.example.com', 'force': False, 'krb5_offline_passwords': True, 'ip_addresses': [], 'configure_firefox': False, 'primary': False, 'realm_name': 'IPA.EXAMPLE.COM', 'force_ntpd': False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, 'on_master': True, 'no_nisdomain': False, 'nisdomain': None, 'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname': 'ipa-1.int.example.com', 'request_cert': False, 'trust_sshfp': False, 'no_ac': False, 'unattended': True, 'all_ip_addresses': False, 'location': None, 'sssd': True, 'ntp_servers': None, 'kinit_attempts': 5, 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True, 'force_join': False, 'firefox_dir': None, 'server': ['ipa-1.int.example.com'], 'prompt_password': False, 'permit': False, 'debug': False, 'preserve_sssd': False, 'mkhomedir': False, 'uninstall': False}
This server has been through several iterations of ipa-server-install / ipa-server-uninstall. It is possible that one of the earlier incantations was done with --mkhomedir, since I didn't do the first one.
Next time I do a fresh, clean IPA install I will check the PAM configuration. (Although in that case, perhaps ipa-server-uninstall is not cleaning up fully after itself?) 

Regards,

Brian.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to