Enabling mkhomedir on Ubuntu for FreeIPA

bgstack15 freeipa, , ,

The story

In my endeavors to practice with FreeIPA, I tested the Ubuntu port of freeipa. There is a known bug where the –mkhomedir option of the ipa-client-install command for Ubuntu does not actually enable making homedirs for users on first login.

The solution

apt-get install freeipa-client
th="$( hostname --fqdn )"; case "${th}" in *.*) :;; *) th="${th}.$( awk '/search/ {print $2}' /etc/resolv.conf )";; esac;
ipa-client-install --mkhomedir --force-ntpd --enable-dns-updates --hostname "${th}"
sed -i -r -e 's/Default:\s\w+/Default: yes/;' /usr/share/pam-configs/mkhomedir
pam-auth-update # and add the homedir option manually because it cannot be scripted.

References

Weblinks

  1. https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1336869

3 thoughts on “Enabling mkhomedir on Ubuntu for FreeIPA

  3. thank you,
    as your article saved me, I can give you the way we scripted it
    adding one line “session optional pam_mkhomedir.so” to: /etc/pam.d/common-session
    reloading pam-auth-update

    ansible version:
    lineinfile:
    dest: /etc/pam.d/common-session
    regexp: ‘^({{ item.key }})([ \\t]+)[a-z\,\.\-/@A-Z0-9]+’
    line: ‘{{ item.key }} {{ item.value }}’
    state: present
    with_items:
    – { key: ‘session optional’, value: ‘pam_mkhomedir.so’ }
    when: ansible_distribution == ‘Debian’ or ansible_distribution == ‘Ubuntu’

    – name: Reload pam configuration
    shell: DEBIAN_FRONTEND=noninteractive pam-auth-update –package –force
    when: ansible_distribution == ‘Debian’ or ansible_distribution == ‘Ubuntu’

    Reply

Leave a reply to ranjith Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.