How to begin NethServer Active Directory logins from Fedora25 Client OS

Support
,
1

System version
NethServer release 7.3.1611 (Final)
Kernel release
3.10.0-514.10.2.el7.x86_64
Module: Account provider: Samba Active Directory

hello!
I just installed Nethserver in my environment! Yay! I;m quite excited to use it, but I wanted to see where maybe I have done configurations incorrectly.

I have a machine running NS, and then another (connected wirelessly) with Fedora 25, mostly a base installation, with a single local user defined in /etc/passwd.

My purpose for installing NS is to have installed the Samba Active Directory Module, so I may have centralized authentication for all my machines and VMs.

I have configured the NS to use a static IP address (x.x.x.10) and create a bridge adapter defined as (x.x.x.11).

I have tried on the Fedora 25 machine the following process to create Domain Logins:

but when I try and login using the AD User account:

Creating home directory for testuser.
su: warning: cannot change directory to /var/lib/nethserver/home/testuser: No such file or directory
-bash-4.3$

Can anyone point me to a solution?

Thanks!
-dave

1 Like
2

Probably the /etc/sssd/sssd.conf file of your fedora needs some adjustment.

Refer to sssd-ad and sssd.conf manpages.

See how to locally override the home dir path returned by the remote server.

3

Still seems to be calling to the oddjob file.

Here is the error after adding the override_homedir = /home/%f

org.freedesktop.DBus.Error.ServiceUnknown: The name com.redhat.oddjob_mkhomedir was not provided by any .service files
su: warning: cannot change directory to /var/lib/nethserver/home/testuser: No such file or directory
-bash-4.3$ exit

4

here is the content of my sssd.conf:

[sssd]
domains = home.sdrose.com
config_file_version = 2
services = nss, pam

[domain/home.sdrose.com]
ad_domain = home.sdrose.com
krb5_realm = HOME.SDROSE.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u@%d
access_provider = ad
override_homedir = /home/%f

You can see I have added the override to the bottom of the config file on the local Fedora25 workstation …

-dave

1 Like
5

Restart sssd? Clear sssd cache? :sweat:

systemctl restart sssd
sss_cache -E
6

Hello David
First, thank you for replying so quickly on my posting, and thank you for offering suggestions. I’d like to apologize for not knowing to restart sssd. I haven’t yet really ever used it, but I should have realized that it is a service, and as such, needed to be restarted. Also, I didn’t know about invalidating the cache …

However, even with those suggestions, I have the same error messaging …

[root@hp-note01 ~]# man sss_cache
[root@hp-note01 ~]# sss_cache -E
[root@hp-note01 ~]# systemctl restart sssd
[root@hp-note01 ~]# exit
logout
[drose@hp-note01 ~]$ su - testuser@home.sdrose.com
Password:
org.freedesktop.DBus.Error.ServiceUnknown: The name com.redhat.oddjob_mkhomedir was not provided by any .service files
su: warning: cannot change directory to /home/testuser@home.sdrose.com: No such file or directory
-bash-4.3$

And, I have tried with alternating which command is first, the cache invalidation and restarting the service.

May I ask … are you using either a RedHat or Fedora system and this auto-creation of home directories is working for you? Looking around the internet, I see oddjob-mkhomedir to be a problem since sometime in 2014 …

I appreciate you sharing your experience, as well as anyone else who may post suggestions …

Thank you!
-dave

1 Like
7

I see an improvement here!

Please, substitute in sssd.conf the override value:

 /home/%f

With

/home/%u

Then restart and clean sssd as above

You can create the directory manually

mkdir /home/testuser
chmod 700 /home/testuser
chown testuser:testuser /home/testuser