As sysadmin, I want to set /bin/bash shell as a default shell for all AD users.
Some ipa-clients/servers are showing /bin/sh prompt for my user. Even though loginShell attribute in AD is set to /bin/bash.
-sh-4.2$ getent passwd user@domain.lan user@domain.lan:*:1816801103:1816801103:Name Lastname:/home/domain.lan/user
-sh-4.2$ getent passwd user@domain.lan user@domain.lan:*:1816801103:1816801103:Name Lastname:/home/domain.lan/user:/bin/bash
Other servers are showing correct shell. And some servers are showing correct shell only for some users, ant not all of them!
$ cat /etc/centos-release CentOS Linux release 7.4.1708 (Core)
Both Good and Not Good servers. $ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server package freeipa-server is not installed package freeipa-client is not installed ipa-server-4.5.4-10.el7.centos.4.4.x86_64 ipa-client-4.5.4-10.el7.centos.4.4.x86_64 389-ds-base-1.3.6.1-24.el7_4.x86_64 pki-ca-10.4.1-17.el7_4.noarch krb5-server-1.15.1-8.el7.x86_64
Both Good and Not Good clients: package freeipa-server is not installed package freeipa-client is not installed package ipa-server is not installed ipa-client-4.5.4-10.el7.centos.3.x86_64 package 389-ds-base is not installed package pki-ca is not installed package krb5-server is not installed
Setting /bin/bash inside AD loginShell attribute proved to solve some situations. Logs available upon request.
This functionality is not supported yet. The corresponding RFE is tracked at ticket https://pagure.io/freeipa/issue/5896. I'm closing this one as a duplicate.
Right now I have FreeIPA part prototyped and designed but SSSD part missing yet. If you are using posix attributes from AD directly, then you need to set SSSD configuration to inherit corresponding attributes to subdomains.
Metadata Update from @abbra: - Issue close_status updated to: duplicate - Issue status updated to: Closed (was: Open)
This doesn't really explain why it "works for some users".
pet, 25. sij 2019. u 15:24 Alexander Bokovoy pagure@pagure.io napisao je:
abbra added a new comment to an issue you are following: `` This functionality is not supported yet. The corresponding RFE is tracked at ticket https://pagure.io/freeipa/issue/5896. I'm closing this one as a duplicate. Right now I have FreeIPA part prototyped and designed but SSSD part missing yet. If you are using posix attributes from AD directly, then you need to set SSSD configuration to inherit corresponding attributes to subdomains. `` To reply, visit the link below or just reply to this email https://pagure.io/freeipa/issue/7849
abbra added a new comment to an issue you are following: `` This functionality is not supported yet. The corresponding RFE is tracked at ticket https://pagure.io/freeipa/issue/5896. I'm closing this one as a duplicate.
Right now I have FreeIPA part prototyped and designed but SSSD part missing yet. If you are using posix attributes from AD directly, then you need to set SSSD configuration to inherit corresponding attributes to subdomains. ``
To reply, visit the link below or just reply to this email https://pagure.io/freeipa/issue/7849
As I said, "if you are using POSIX attributes from AD directly, then you need to set SSSD configuration to inherit corresponding attributes to subdomains". In any case, appearance or loss of such data is purely an SSSD property, not FreeIPA.
Hi,
The only attribute used from AD is sshPublicKey. It's set in [domain/IPA.DOMAIN/AD.DOMAIN] section.
/bin/bash is set in AD loginShell attribute "just to see if it works auto-magically".
I have the situation with 2 users and 2 servers where a) user1@AD.DOMAIN logins to server1.IPA.DOMAIN and gets /bin/bash. b) user2@AD.DOMAIN logins to server1.IPA.DOMAIN and gets /bin/sh c) user1@AD.DOMAIN logins to server2.IPA.DOMAIN and gets /bin/sh
uto, 29. sij 2019. u 18:43 Alexander Bokovoy pagure@pagure.io napisao je:
abbra added a new comment to an issue you are following: `` As I said, "if you are using POSIX attributes from AD directly, then you need to set SSSD configuration to inherit corresponding attributes to subdomains". In any case, appearance or loss of such data is purely an SSSD property, not FreeIPA. `` To reply, visit the link below or just reply to this email https://pagure.io/freeipa/issue/7849
abbra added a new comment to an issue you are following: `` As I said, "if you are using POSIX attributes from AD directly, then you need to set SSSD configuration to inherit corresponding attributes to subdomains". In any case, appearance or loss of such data is purely an SSSD property, not FreeIPA.
``
Login to comment on this ticket.