I'm trying to configure the likewise plugin to use /bin/bash for the user shell, and to create home directories for AD users when they login via SSH to my ESX server, however the specified options don't appear to have any effect:
# egrep -e 'homedir' -e 'shell' -e 'umask' -e 'skel' lsassd.conf
#login-shell-template = /bin/ash
login-shell-template = /bin/bash
homedir-template setting
homedir-prefix = <absolute path>
homedir-template = /home
create-homedir = no
create-homedir = yes
homedir-umask = 022
homedir-umask = 022
Paths to skeleton directories for provisioning
Default: /etc/skel
skeleton-dirs = /etc/skel
skeleton-dirs = /etc/skel
How can I configure the likewise agent to use BASH for the shell, and create suitable home-dirs for AD users when they authenticate?
Second issue is more of an annoyance than a problem: I created the AD group "ESX Admins" as per the documentation, however members of that group are not able to authenticate successfully via SSH or vSphere client. In order to successfully authenticate, I had to explicitly add users from AD to the Administrators role. Is this a bug?
Thanks,
Steve.
I found the answer:
1. set homedir-prefix=/home
2. set homedir-template= %H/%U
stop service:
/etc/init.d/lsassd stop
remove cache file:
rm /etc/likewise/db/lsass-adcache.filedb
start service:
/etc/init.d/lsassd start
still no idea why I couldn't just add a group tho -- still have to explicitly list users for the administrator role.
Would you be able to post your lsassd.conf file? I'm having trouble getting the "create-homedir = yes" part to work. Below are the uncommented lines from mine:
domain-separator = \
log-level = error
path = /lib/liblsass_auth_provider_ad.so
login-shell-template = /bin/bash
homedir-prefix = /home
homedir-template = %H/%U
ldap-sign-and-seal = false
cache-entry-expiry = 4h
machine-password-lifespan = 30d
space-replacement = ^
assume-default-domain = yes
create-homedir = yes
homedir-umask = 022
skeleton-dirs = /etc/skel
cell-support = unprovisioned
nss-enumeration-enabled = no
The "login-shell-template = /bin/bash", "homedir-prefix = /home", "homedir-template = %H/%U", and "assume-default-domain = yes" configuration options seem to work for me. I'm able to log in via ssh without appening @domain.name", and the error I get is that it can't find my home directory at /home/username. My shell is also configured to be the bash shell. Having it auto-create the home directory at login is the last piece I'm missing.
Jbanda - Not sure that this is still an "issue" for you but if you take a look at this KB: you will see that those options for automatically creating the home directories are no longer supported/allowed. I ran into the same issue as you. So, I just wrote a simple bash script such as the following and run it on all my hosts after the update (I login to each one after I configure Active Directory authentication anyway so I just paste the lines of code once I'm logged in). Takes 2 seconds to do!
#!/bin/bash
userdel -f -r username
mkdir /home/username
chown username:domain^users /home/username
chmod 700 /home/username
The DEFAULT "space separator" in the lsassd.conf file is the " ^ " symbol which explains the "domain^users" in the group permissions in the above lines. If you've chosen a different character in the conf file you will need to use that in place of the ^ within "domain^users"
I hope this helps!!