Centos shell prompt for IDM FreeIPA users

Free IPA Red Hat Identity Management (IDM) is a Red Hat usefull if you need Active Directory users to access to linux server. With IDM you can also create local users or certificate to be deployed to clients. 
The problem I had was that when I login with my AD users into IPA client I get wrong centos shell prompt.

Before Starting, to clarify terminology:

  • IPA-server is your red hat IDM server that is “in trust” with your Active Directory
  • IPA-clients are your redhat servers present in your environment where you need to login with AD users
  • AD is acrive directory
  • IDM is Identity Management

If you are reading this tutorial you have already create the “trust” between IPA Server and Active Directory and you have already installed and configured ipa-clients on your clients linux (IPA Clients).

When I try to login into my IPA clients with AD user, i get this shell prompt:

login as: myaduser
Using keyboard-interactive authentication.
Password:
Last login: Tue Feb 30 17:47:09 2020 from 272.169.310.2
-sh-4.2$

I really don’t like “-sh-4.2$” shell prompt but I prefer:

[myaduser@my-ipa-client ~]#

Now I show you two ways to do it.

Method 1: Edit clients sssd configuration 

Very easy way but could require big effort if you have lots of client to configure; it is enough tu edit sssd.conf file in your ipa clients like this:

[root@cacti ~]# vim/etc/sssd/sssd.conf
[domain/mydomain.domain]

default_shell = /bin/bash
override_shell = /bin/bash
full_name_format = %1$s

 

Full_name_format is not necessary but if you prefer it will avoid to have username and domain name in prompt shell. Su now:

login as: myaduser
Using keyboard-interactive authentication.
Password:
Last login: Tue Feb 30 17:47:09 2020 from 272.169.310.2
[myaduser@my-ipa-client ~]#

without Full_name_format you will have:

[myaduser@mydomain@my-ipa-client ~]#

Method 2: Edit IDM ID Views

We can obtain the same result using ID Views on IDM Server. ID Views allows you to overwrite user properties and in our case we can set login shell prompt for every users. Open your IDM server GUI and click on ID Views and “+Add” to create an ID Views

ipa idm id views

create id views

Now we can open our ID Views:

open id views

Now we have to add users to ID Views and select the ipa-clients where the users need to logon. You have to write a valid user name (it must be real AD user) and you have to type “/bin/bash” as Login Shell and set the default home page

idviews add user

idviews add user settings

After that you only need to go to Hosts tab and select the host where you need to apply this configuration (click on +Apply to hosts)

idviews host Remember to clear cache

Both method could need to clear cache on client side.

I suggest to run this command on client:

[root@my-ipa-client ~]# sss_cache -E
[root@my-ipa-client ~]# systemctl restart sssd

If it is not enough to see configuration applied I suggest to delete user files in /home directory if present

[root@my-ipa-client ~]# rm -rf /home/mydomain/mydomainuser
[root@my-ipa-client ~]# sss_cache -E
[root@my-ipa-client ~]# systemctl restart sssd

In the end these are the two method to set the right centos shell prompt using IDM FreeIPA server

Do not forget official documentation

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.