The story
In my endeavors to practice with FreeIPA, I tested the Ubuntu port of freeipa. There is a known bug where the –mkhomedir option of the ipa-client-install command for Ubuntu does not actually enable making homedirs for users on first login.
The solution
apt-get install freeipa-client th="$( hostname --fqdn )"; case "${th}" in *.*) :;; *) th="${th}.$( awk '/search/ {print $2}' /etc/resolv.conf )";; esac; ipa-client-install --mkhomedir --force-ntpd --enable-dns-updates --hostname "${th}" sed -i -r -e 's/Default:\s\w+/Default: yes/;' /usr/share/pam-configs/mkhomedir pam-auth-update # and add the homedir option manually because it cannot be scripted.
Thanks 🙂
Thank you very much 🙂
thank you,
as your article saved me, I can give you the way we scripted it
adding one line “session optional pam_mkhomedir.so” to: /etc/pam.d/common-session
reloading pam-auth-update
ansible version:
lineinfile:
dest: /etc/pam.d/common-session
regexp: ‘^({{ item.key }})([ \\t]+)[a-z\,\.\-/@A-Z0-9]+’
line: ‘{{ item.key }} {{ item.value }}’
state: present
with_items:
– { key: ‘session optional’, value: ‘pam_mkhomedir.so’ }
when: ansible_distribution == ‘Debian’ or ansible_distribution == ‘Ubuntu’
– name: Reload pam configuration
shell: DEBIAN_FRONTEND=noninteractive pam-auth-update –package –force
when: ansible_distribution == ‘Debian’ or ansible_distribution == ‘Ubuntu’