#2169 RHEL7 sssd not setting IPA AD trusted user homedir
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1034920

Description of problem:

IPA server with AD trust setup is showing AD users homedir as root (/) by
default:

[root@rhel7-1 sssd]# getent passwd aduser@AD2.EXAMPLE.TEST
aduser@ad2.example.test:*:551801123:551801123:aduser:/:

[root@rhel7-1 sssd]# grep homedir /etc/sssd/sssd.conf

[root@rhel7-1 sssd]#

It appears the same even if I set subdomain_homedir

[root@rhel7-1 sssd]# service sssd stop
Redirecting to /bin/systemctl stop  sssd.service

[root@rhel7-1 sssd]# rm -rf /var/lib/sss/{mc,db}/*

[root@rhel7-1 sssd]# vi /etc/sssd/sssd.conf
[domain/testrelm.com]
...
subdomain_homedir = /home/%d/%u
...

[root@rhel7-1 sssd]# service sssd start
Redirecting to /bin/systemctl start  sssd.service

[root@rhel7-1 sssd]# getent passwd aduser@AD2.EXAMPLE.TEST
aduser@ad2.example.test:*:551801123:551801123:aduser:/:

But, if I set override_homedir, it works:

[root@rhel7-1 sssd]# service sssd stop
Redirecting to /bin/systemctl stop  sssd.service

[root@rhel7-1 sssd]# rm -rf /var/lib/sss/{mc,db}/*

[root@rhel7-1 sssd]# vi /etc/sssd/sssd.conf
...
[domain/testrelm.com]
...
override_homedir = /home/%d/%u
...

[root@rhel7-1 sssd]# service sssd start
Redirecting to /bin/systemctl start  sssd.service

[root@rhel7-1 sssd]# getent passwd aduser@AD2.EXAMPLE.TEST
aduser@ad2.example.test:*:551801123:551801123:aduser:/home/ad2.example.test/adu
ser@ad2.example.test:

Shouldn't that have been there from the default?

Version-Release number of selected component (if applicable):
sssd-1.11.2-1.el7.x86_64
ipa-server-3.3.3-5.el7.x86_64


How reproducible:
unknown

Steps to Reproduce:
1.  Setup AD server with user aduser
2.  Setup IPA server with trust to AD
3.  getent passwd 'aduser@AD.DOMAIN'

Actual results:
homedir is /

Expected results:
homedir is /home/AD.DOMAIN/aduser@ad.domain

Additional info:

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.11.3
review: True => 0
selected: =>
testsupdated: => 0

Moving tickets that didn't make 1.11.3 to 1.11.4

milestone: SSSD 1.11.3 => SSSD 1.11.4

Fields changed

owner: somebody => preichl

resolution: => fixed
status: new => closed

The original fix did a bit too much, so we reworked it:
- master:
- 8263ece
- 99bde10
- e684f30
- sssd-1-11:
- fba393b
- 653e517
- b85f4ea
- 007c086

Fields changed

changelog: => This fix makes the value of home directory consistent between IPA clients and IPA server when trust between IPA and AD is established and POSIX attributes are used on the AD side.

Metadata Update from @jhrozek:
- Issue assigned to preichl
- Issue set to the milestone: SSSD 1.11.4

2 years ago

Login to comment on this ticket.

Metadata