FreeIPA - mapping ipa user with centos server

General support questions
Post Reply
rocklee44
Posts: 7
Joined: 2018/07/09 09:15:14

FreeIPA - mapping ipa user with centos server

Post by rocklee44 » 2018/07/09 09:17:40

Hi all,
I'm FreeIPA newbie, I have some fool questions, I tried google but I can find what I want so I hope you can help me.
My environment :
IPA server : ipa001.mydomain.com , CentOS Linux release 7.4.1708 (Core) , I install IPA server followed this instruction : https://access.redhat.com/documentat...ll-interactive
IPA client : a CentOS Linux release 7.4.1708 (Core) server : server01.mydomain.com, I install IPA client followed this instruction : https://access.redhat.com/documentat...nt-basic-setup
I can see my server01 in "Hosts" list , I create an ipa user "jack.chuong" and this user can ssh to server01 , but I get error about creating home directory

Code: Select all

login as: jack.chuong
Using keyboard-interactive authentication.
Password:
org.freedesktop.DBus.Error.ServiceUnknown: The name com.redhat.oddjob_mkhomedir was not provided by any .service files
Last login: Fri Jul  6 17:26:38 2018 from 192.168.16.128
Could not chdir to home directory /home/jack.chuong: No such file or directory
-bash-4.2$ who
jack.chuong pts/0        2018-07-09 13:59 (192.168.13.191)
root     pts/1        2018-07-09 13:59 (192.168.13.191)
Can I map ipa user into server01 local user ? (For ex : see it in /etc/passwd ?)
Can I map ipa user into server01 local exist user ? For ex : if server01 has a local user "jack.chuong" and this user has owner permission on directory /opt/something , can ipa user can ssh into server01 and is mapped into local user "jack.chuong" and has permission on directory /opt/something ?

hunter86_bg
Posts: 1369
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: FreeIPA - mapping ipa user with centos server

Post by hunter86_bg » 2018/07/09 10:57:12

Have you installed and enabled oddjob?

Code: Select all

 yum install oddjob oddjob-mkhomedir  
Have you allowed user's home dir to be created upon first login?
About the /etc/passswd -> you can create a local user , but this is pointless - otherwise why would you use a centralised user management ?
You can setup autofs to mount user's home directory from a nfs server, which will be consistent across the whole environment.

rocklee44
Posts: 7
Joined: 2018/07/09 09:15:14

Re: FreeIPA - mapping ipa user with centos server

Post by rocklee44 » 2018/07/10 02:08:36

Thank you for your reply,
oddjob and oddjob-mkhomedir are installed and enabled but they seem cannot start.

Code: Select all

Package oddjob-0.31.5-4.el7.x86_64 already installed and latest version
Package oddjob-mkhomedir-0.31.5-4.el7.x86_64 already installed and latest version

systemctl list-unit-files | grep oddjob
oddjobd.service                               enabled

systemctl status oddjobd.service
â oddjobd.service - privileged operations for unprivileged applications
   Loaded: loaded (/usr/lib/systemd/system/oddjobd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2018-07-06 17:34:03 ICT; 3 days ago
  Process: 12481 ExecStart=/usr/sbin/oddjobd -n -p /var/run/oddjobd.pid -t 300 (code=exited, status=1/FAILURE)
 Main PID: 12481 (code=exited, status=1/FAILURE)

Jul 06 17:34:03 server01.mydomain.com systemd[1]: Started privileged operations for unprivileged applications.
Jul 06 17:34:03 server01.mydomain.com systemd[1]: Starting privileged operations for unprivileged applications...
Jul 06 17:34:03 server01.mydomain.com oddjobd[12481]: Error binding to service name "com.redhat.oddjob"!
Jul 06 17:34:03 server01.mydomain.com oddjobd[12481]: Error initializing service "com.redhat.oddjob"!
Jul 06 17:34:03 server01.mydomain.com oddjobd[12481]: Error registering with D-Bus layer!
Jul 06 17:34:03 server01.mydomain.com[1]: oddjobd.service: main process exited, code=exited, status=1/FAILURE
Jul 06 17:34:03 server01.mydomain.com[1]: Unit oddjobd.service entered failed state.
Jul 06 17:34:03 server01.mydomain.com[1]: oddjobd.service failed.
I don't know about "allowed user's home dir to be created upon first login".
You're right, I should not think about mapping ipa user to local user :). I don't need user's home directory is consistent across the whole environment so I just have to fix oddjobd error so ipa users don't get error when they ssh to server01.
I wonder what happens if I create an ipa user same as server01 local user, can it mount home directory ?

hunter86_bg
Posts: 1369
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: FreeIPA - mapping ipa user with centos server

Post by hunter86_bg » 2018/07/11 04:01:07

The authconfig utility has a backup option ('--savebackup' or something like that ),so first create a backup and then run something like:

Code: Select all

authconfig --enablemkhomedir --update 
and try to restart oddjobd .

rocklee44
Posts: 7
Joined: 2018/07/09 09:15:14

Re: FreeIPA - mapping ipa user with centos server

Post by rocklee44 » 2018/07/18 02:19:51

Thank hunter86_bg,
Then restart dbus.service and oddjobd.service , it can create home directory for freeipa user now.

Post Reply