How to manage windows login
I am trying to configure a new RHEL 7.3 server to allow windows users to login.
I am using sssd and it seems to be working with domain users
the windows users need to be in a different folder location. I believe I have made the correct changes to the sssd.conf file and I would like to delete the test user and try logging in again but I can not find a utility that will allow me to remove the account. I tried userdel but got nowhere.
As far as I can tell I am not using samba, the users are logging in using ssh.
Thank you,
Stacey
Responses
Guru
6435 points
Are you looking to delete the test user or the test user's home directory?
If the former, that's done by your domain admins.
If the latter, that's usually a matter of nuking home directory, then making sure that any information cached about the user is flushed before the account is next used for logging in (so that it creates a new home directory in the appropriate location).
The latter (delete the users home directory), I though there was some sort of passwd like file where you had to delete the user or the user would always be reconnected to the original home directory every time he/she logged in to the Linux server.
Thank you,
Stacey
Guru
6435 points
Negative. Other than the directory clean-up, it's mostly a matter of waiting for cached data-objects to expire from the AD-integration-bridge and from the NSS subsystems. You can typically manually-purge these if you're under a time-constraint, but it's not otherwise strictly necessary to do so.
So to clear the cache I would use something like sss_cache -u testuser.
Would that mean that after a windows user times out of the cache I would see numbers instead of names when I do an ls -l on the users home folder?
Thank you,
Stacey Dillinger
Guru
6435 points
Depends. If the userid is mappable to an ID in AD and the system is still bound to AD, the ls should (ultimately) cause the sssd subsystem to return a mapping (probably via getent) back to ls.
Where you're more likely to see bare IDs after a cache timeout is if the AD-user launched a daemonized process (backgrounded and detached from a controlling TTY): when you use ps, you'd likely see UNIXized ADI UID/GID numbers for the process rather than username or groupname values.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.