On 11/04/2016 02:42 PM, Brian Candler wrote: > On 04/11/2016 12:20, Petr Vobornik wrote: >> You can check with what options authconfig was called by: >> # cat /var/log/ipaclient-install.log | grep authconfig >> >> if --enablemkhomedir is not there then it is possible that something >> else enabled it. > > It's not there: > > $ sudo cat /var/log/ipaclient-install.log | grep authconfig > [sudo] password for brian.candler: > 2016-10-27T15:30:44Z DEBUG args='/usr/sbin/authconfig' > '--enablesssdauth' '--update' '--enablesssd' > 2016-10-27T15:30:44Z DEBUG args='/usr/sbin/authconfig' '--update' > '--nisdomain' 'ipa.example.com' > > And: > > $ sudo cat /var/log/ipaclient-install.log | grep mkhome > 2016-10-27T15:30:38Z DEBUG /usr/sbin/ipa-client-install was invoked with > options: {'domain': 'ipa.example.com', 'force': False, > 'krb5_offline_passwords': True, 'ip_addresses': [], 'configure_firefox': > False, 'primary': False, 'realm_name': 'IPA.EXAMPLE.COM', 'force_ntpd': > False, 'create_sshfp': True, 'conf_sshd': True, 'conf_ntp': True, > 'on_master': True, 'no_nisdomain': False, 'nisdomain': None, > 'ca_cert_file': None, 'principal': None, 'keytab': None, 'hostname': > 'ipa-1.int.example.com', 'request_cert': False, 'trust_sshfp': False, > 'no_ac': False, 'unattended': True, 'all_ip_addresses': False, > 'location': None, 'sssd': True, 'ntp_servers': None, 'kinit_attempts': > 5, 'dns_updates': False, 'conf_sudo': True, 'conf_ssh': True, > 'force_join': False, 'firefox_dir': None, 'server': > ['ipa-1.int.example.com'], 'prompt_password': False, 'permit': False, > 'debug': False, 'preserve_sssd': False, 'mkhomedir': False, 'uninstall': > False} > > This server has been through several iterations of ipa-server-install / > ipa-server-uninstall. It is possible that one of the earlier > incantations was done with --mkhomedir, since I didn't do the first one. > > Next time I do a fresh, clean IPA install I will check the PAM > configuration.
> (Although in that case, perhaps ipa-server-uninstall is > not cleaning up fully after itself?) That may be possible. > > Regards, > > Brian. > -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project