You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some distributions will not activate the network interface until the user has logged in. This causes a chicken-egg problem as the user will not be available to the system until the machine fetches it at least once from the network.
We need to provide a tool that can be run at kickstart time or manually by an admin when a machine is being installed that allow to fetch all user data needed for a login [initgroups(username) will suffice] and set a pre-cached password so that at first boot the user will be allowed to login.
We also need to consider the cloud use case when an instance is started in the cloud and the cloud does not have direct connectivity to the enterprise IPA/AD. In this case VPN should be started first but to start a VPN (for now manually) one needs to log into the machine first. To log into the VM you need the central identities pre-cashed.
The suggestion is to have a tool that would allow to grind the pre-cached LDB with the specified accounds and related groups and deliver this file via a config server. Such file can be created on the server side and then passed in instead of constructing it on the client side inside the VM from different parts using a client side tool.
You can tell gdm greeter to display a user account (if the user is valid and ldap works and/or pre-seed is done) by adding to /etc/gdm/custom.conf:
Include=user1,user2,user3 (comma delimited)
Invalid users will not display. Valid users will display realname/gecos field properly in GDM greeter even if he or she has not logged in yet. Results are only visible after a full reboot.
If you don't do this step, the user must click "Other" and then type in his or her username manually and attempt to log in.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/904
Some distributions will not activate the network interface until the user has logged in. This causes a chicken-egg problem as the user will not be available to the system until the machine fetches it at least once from the network.
We need to provide a tool that can be run at kickstart time or manually by an admin when a machine is being installed that allow to fetch all user data needed for a login [initgroups(username) will suffice] and set a pre-cached password so that at first boot the user will be allowed to login.
Comments
Comment from dpal at 2011-06-30 15:09:31
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.7.0
Comment from dpal at 2011-06-30 15:59:14
We also need to consider the cloud use case when an instance is started in the cloud and the cloud does not have direct connectivity to the enterprise IPA/AD. In this case VPN should be started first but to start a VPN (for now manually) one needs to log into the machine first. To log into the VM you need the central identities pre-cashed.
The suggestion is to have a tool that would allow to grind the pre-cached LDB with the specified accounds and related groups and deliver this file via a config server. Such file can be created on the server side and then passed in instead of constructing it on the client side inside the VM from different parts using a client side tool.
Comment from mattymo at 2011-07-05 17:04:34
You can tell gdm greeter to display a user account (if the user is valid and ldap works and/or pre-seed is done) by adding to /etc/gdm/custom.conf:
Include=user1,user2,user3 (comma delimited)
Invalid users will not display. Valid users will display realname/gecos field properly in GDM greeter even if he or she has not logged in yet. Results are only visible after a full reboot.
If you don't do this step, the user must click "Other" and then type in his or her username manually and attempt to log in.
Comment from sgallagh at 2011-07-05 17:26:56
When creating this tool, it would be very handy to add an option to tweak the GDM custom config for this purpose.
component: SSSD => sss_tools
Comment from dpal at 2011-12-10 18:55:52
This is out of scope of the 1.8 release.
milestone: SSSD 1.8.0 => SSSD 1.9.0
rhbz: =>
Comment from dpal at 2012-01-16 16:40:27
"Nice to have" for 1.9.
blockedby: =>
blocking: =>
Comment from dpal at 2012-02-09 15:28:11
Fields changed
feature_milestone: =>
milestone: SSSD 1.9.0 => SSSD 1.10 beta
Comment from dpal at 2012-02-10 21:44:19
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=789473
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=789473 789473]
Comment from sgallagh at 2012-05-03 19:39:50
Fields changed
milestone: SSSD 1.10 beta => SSSD 1.9.0 beta 3
Comment from jhrozek at 2012-07-19 16:24:03
Nick has been working on this and already sent a patch.
owner: somebody => nguay
patch: 0 => 1
Comment from jhrozek at 2012-07-23 18:15:21
Fields changed
milestone: SSSD 1.9.0 beta 6 => SSSD 1.9.0 beta 7
Comment from jhrozek at 2012-08-01 21:16:34
Master: 6ea6ec5
milestone: SSSD 1.9.0 beta 7 => SSSD 1.9.0 beta 6
resolution: => fixed
status: new => closed
Comment from simo at 2017-02-24 14:21:59
Metadata Update from @Simo:
The text was updated successfully, but these errors were encountered: