Active Directory User Admin problem

Hi,

So I successfully installed Active Directory on Nethserver but I am facing an issue with the admin user. I enabled the admin user, changed the password. I tried to login to the terminal with it, and the home folder was not created for it.

Could not chdir to home directory /var/lib/nethserver/home/admin: Permission denied
-bash: /var/lib/nethserver/home/admin/.bash_profile: Permission denied
-bash-4.2$ cd /home
-bash-4.2$ ls
tessierp (users I created after the AD creation have their home directory)

So by default it seems admin and administrators which I created from installing AD Services wont have home folders created.

Definitely a bug. Should I delete and just add again or will that mess up the AD config?

Also, another bug I found is, when I create a user through the user & groups on the webpage, a home folder is not created in /home/{user} but under /var/lib/nethserver/home. So when I create .ssh folder with authorized_keys or authorized_keys2 under it, it will not work.

Users need to have shell enabled to be able to access the teminal.
The home folder usually is created at login. I tested via SSH and it worked.

image

Maybe wrong permissions in /var/lib/nethserver/home/?

Please share the result of:

ls -l /var/lib/nethserver/home/

Nethserver does not make use of local users, you need to create users with an account provider. The Nethserver home dir is /var/lib/nethserver/home.

It’s possible to to have a /home/USER too with a bind mount:

https://docs.nethserver.org/en/v7/accounts.html#user-home-directories

Thanks for the response. Yes I realized the shell part and was able to get the home folder created under /var/lib/nethserver/home .

Where do you place the authorized_keys? It is under /var/lib/nethserver/home/{username}/.ssh correct? If that is so, that is what I have done and it doesn’t work for me. Here are the permissions I have (default, didn’t change anything after the creation of the users :

Yes, except for root it is /root/.ssh

I tested it and it worked.

Try from the server you want to connect from:

ssh-copy-id USER@NETHSERVER

OK. Well I’m having other issues now. For some reason I can’t login to the cockpit with the newly created users. I had to remove and install the AD from scratch. But every user I create in the cockpit now can’t login to the cockpit
 :-/

Users need to have the shell enabled to be able to access the server manager.

https://docs.nethserver.org/en/v7/access2.html#login

See also role delegation:

https://docs.nethserver.org/en/v7/base_system2.html#role-delegation

It seems that all issues comes from the user you have creating during the installation, it is not so innocent I think.

Yes that is my feeling as well. It is now removed and I removed the AD As well to fix a few other things and start fresh without reinstalling everything. But now, I noticed that the NIC I used for the green network got bridged with the AD which lives in a VM, all that is normal I know however, what is not normal is that after uninstalling the AD I still have a bridge.

the samba AD container needs a bridge to be created, but a developer assumes that the same bridge could be used for vpn, so we cannot remove something, we simply do not know if the bridge is not a mandatory somewhere

I understand and this is good to know for future reference. I don’t have a VPN yet. So is there a way for me to just reset to the original settings enps01 and remove the bridge just to start fresh? If so, what would be the procedure?

So just to touch base on this issue. I rebuilt my AD and enabled the admin user. SSH Certificate is installed under the user’s .shh folder. Just doesn’t want to work. I tried the command you suggested, ssh-copy-id and got this :

/usr/bin/ssh-copy-id: ERROR: failed to open ID file ‘/var/lib/nethserver/home/admin/.pub’: No such file or directory
(to install the contents of ‘/var/lib/nethserver/home/admin/.pub’ anyway, look at the -f option)

So I’m missing a .pub folder. Is that required for .ssh?? Never needed that before.

do you have a .ssh in your home


Under /var/lib/nethserver/home I currently have

So let me see if I understand correctly. Right under home, I should add a “.ssh” folder with all the authorized_keys for everyone as opposed to a .ssh in every user’s folder? If that is the case then I don’t have that right now.

this is my home

╰─➀  ll ~/.ssh
total 84K
-rw-------  1 stephdl stephdl 5,9K 21 nov.   2017 authorized_keys
-rw-------  1 stephdl stephdl 3,6K 15 déc.  19:59 config
-rw-------  1 stephdl stephdl  668 29 août   2014 id_dsa
-rw-------. 1 stephdl stephdl  751 28 janv.  2015 id_dsa_cvs_access
-rw-------  1 stephdl stephdl  668 24 mai    2014 id_dsa_cvs_access2
-rw-------  1 stephdl stephdl  610 24 mai    2014 id_dsa_cvs_access2.pub
-rw-------. 1 stephdl stephdl  610 28 janv.  2015 id_dsa_cvs_access.pub
-rw-------  1 stephdl stephdl  606 29 août   2014 id_dsa.pub
-rw-------  1 stephdl stephdl 1,7K  7 févr.  2016 id_rsa
-rw-------  1 stephdl stephdl  404  7 févr.  2016 id_rsa.pub
-rw-r--r--  1 stephdl stephdl  19K 22 janv. 23:56 known_hosts
-rw-------. 1 stephdl stephdl  13K 28 janv.  2015 known_hosts~
drw-------  2 stephdl stephdl 4,0K  2 avril  2017 oldkey

This is mine

And yes I did place the public key information inside the file.

and ?

If I try to login, it doesn’t work. It defaults to the password challenge. If I specify no password challenge, it wont let me login. It is like it is not seeing the .ssh. So I wonder if I’m missing something in my sshd_config. I’m running with the AD and from what I can see with your output, your user definition is different.

I don’t understand sorry, I wonder if a reinstallation is not your best bet

I’m literally trying to avoid that since so much as been done already.

1 Like