FreeIPA added users not showing up in home directory and can't login.

[ringo47]

Hey. First off, thanks a ton for writing this up. Followed this on a test setup I'm working on and it looks good except for the IPA. I had to run it on 20.04 Ubuntu and the only option was to use the free-ipa-server container. I can access the GUI and add users, but can't seem to login via SSH as that user. Here is part of my ipa-user find -all (excluding the admin part):

  dn: uid=testdummy,cn=users,cn=accounts,dc=example,dc=com
  User login: testdummy
  First name: Test
  Last name: Dummy
  Full name: Test Dummy
  Display name: Test Dummy
  Initials: TD
  Home directory: /home/testdummy
  GECOS: Test Dummy
  Login shell: /bin/sh
  Principal name: testdummy@example.COM
  Principal alias: testdummy@example.COM
  User password expiration: 20210922143135Z
  Email address: testdummy@example.com
  UID: 1857600003
  GID: 1857600003
  Account disabled: False
  Preserved user: False
  Member of groups: ipausers
  ipauniqueid: af0c7d84-d4f8-11eb-8a02-0242ac110002
  krbextradata: AAJHl9Rga2FkbWluZEBNQVlNT0JJTElUWS5DT00A
  krblastadminunlock: 20210624143111Z
  krblastpwdchange: 20210624143135Z
  krbloginfailedcount: 0
  krbticketflags: 128
  mepmanagedentry: cn=testdummy,cn=groups,cn=accounts,dc=example,dc=com
  objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux,
               krbticketpolicyaux, ipaobject, ipasshuser, ipaSshGroupOfPubKeys, mepOriginEntry

This is when I run it inside the docker container. I can't find the /home/testdummy neither in the host or the container. I read it has something to do with --mkhomedir and just wanted to make sure I'm not missing something simple. Users show up fine in the WebGUI and can login too. Just can't ssh. I'm looking at the sssd section in this guide for Fedora, but wanted to ask you if you had to do the same thing for Ubuntu.

[ringo47]

Here is my docker: docker run --name freeipa-server-container-example --dns=127.0.0.1 -ti --cap-add NET_ADMIN --secu rity-opt seccomp=unconfined -h ipa.example.com --read-only -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /var /lib/ipa-data:/data:Z -v /etc/timezone:/etc/timezone:ro -v /etc/localtime:/etc/localtime:ro -e PASSWORD=pw123 - e IPA_SERVER_IP=1.2.4.126 -p 53:53/udp -p 80:80 -p 443:443 -p 389:389 -p 636:636 -p 88:88 -p 464:464 -p 88:88/udp -p 464:464/udp -p 123:123/udp --sysctl net.ipv6.conf.all.disable_ipv6=0 --restart always c5089d4815ee ipa-serv er-install -U --realm example.COM --no-ntp --ds-password=pw123 --admin-password=pw123

[nateGeorge]

I'd recommend using 18 LTS Ubuntu for now until FreeIPA server has a repo for 20.04. I haven't tried working on it in 20 LTS but another prof at Regis might be (@Mrsnellek, Kellen Sorauf, you can find his email through the Regis site).

It sounds like you are close to solving the issue though, and I wonder if there is some Linux setting that needs changing and the freeipa server is ok.

[ringo47]

Downgrading to 18 LTS might be a problem but a new master machine is an option. Just to confirm, with the current instructions on 18 LTS, if I do ipa user-add, then set details and password and then run kinit <user>, will a home directory be created for the current user? Thanks

[nateGeorge]

I don't think it creates a home dir but I'm not sure. In my create users script (https://github.com/nateGeorge/slurm_gpu_ubuntu/blob/master/create_users.sh) I created users' home directories in a shared storage location.

[wentau]

I am sorry to post to a closed issue but am facing the same problem right now. It seems there won't be a repo for Ubuntu 20.04 in the near future. Wondering if @ringo47 has solved the problem without downgrading to 18. Many thanks!