So I would have to setup an ID View Override for every user in AD that needs to login to to a FreeIPA host?
I guess I’m having trouble understanding why it wouldn’t just use the defaults set into FreeIPA? The Default home directory is set to /home and the default shell is set to /bin/bash. This is a lot of work to go to unless there’s a way to set it globally for the entire domain. Also noticing sudo doesn’t work for those users even though I have the ad_admins group added to the sudo group I created. Regards, ------------------------------------------ Aric Wilisch [email protected] > On Apr 15, 2015, at 2:00 PM, Alexander Bokovoy <[email protected]> wrote: > > On Wed, 15 Apr 2015, Aric Wilisch wrote: >> Today I managed to finally get a trust established between my AD Domain and >> my FreeIPA 4 environment. >> >> However I’m noticing a couple issues and hope someone might be able to give >> me some help. >> >> First when the user logs in it creates their home directory in >> /home/fioptics/<username> rather than /home/<username>. I read that you >> had to put subdomain_homedir= /home in /etc/sssd/sssd.conf but that >> didn’t seem to fix it. >> >> Also the FreeIPA environment is set to use /bin/bash as the shell, >> however everyone from AD is logging in and using /bin/sh. >> >> I’m hoping if I can get these issues sorted out the other issues I”m >> seeing with go as well, but if they don’t I can address those at that >> time. > These issues are addressed with IDViews functionality in FreeIPA 4.1. > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id-views.html > > <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/id-views.html> > > I have a 'sneak peak' videos of how this feature works: > http://talks.vda.li/video/freeipa-idviews-override-shell-and-homedir.webm > <http://talks.vda.li/video/freeipa-idviews-override-shell-and-homedir.webm> > http://talks.vda.li/video/freeipa-idviews-override-public-ssh-key.webm > <http://talks.vda.li/video/freeipa-idviews-override-public-ssh-key.webm> > These are draft sequences, no sound or subtitles so you need to read > documentation too :) > -- > / Alexander Bokovoy
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
