Active directory
378 views
Skip to first unread message
Adam
Aug 21, 2015, 2:14:06 PM8/21/15
to Project Jupyter
Hi,
spawning jupyterhub-singleuser --user=student --port=50123 --cookie-name=jupyter-hub-token-student --base-url=/user/student --hub-prefix=/hub/ --hub-api-url=http://localhost:8081/hub/api --ip=localhost
Couldn't set CWD to /home/student ([Errno 2] No such file or directory: '/home/student')
/usr/local/lib/python3.4/dist-packages/IPython/utils/path.py:310: UserWarning: IPython parent '/home/student' is not a writable location, using a temp directory.
" using a temp directory.".format(parent))
Is their anyway to force the creation of the home directory when the AD user tries to login via Jupyter?
Many thanks for the help.
- I've setup a Ubuntu machine with Active directory integration.
- Any users on our domain can login at console successfully. When users log in a home directory is created.
- Jupyter is running on this machine.
- If the user has logged in the server via command line previously and their home directory exists, they can log into Jupyter successfully.
- If they haven't logged in via command line before, then the follow error is displayed on the console. e.g the home directory doesn't exist.
spawning jupyterhub-singleuser --user=student --port=50123 --cookie-name=jupyter-hub-token-student --base-url=/user/student --hub-prefix=/hub/ --hub-api-url=http://localhost:8081/hub/api --ip=localhost
Couldn't set CWD to /home/student ([Errno 2] No such file or directory: '/home/student')
/usr/local/lib/python3.4/dist-packages/IPython/utils/path.py:310: UserWarning: IPython parent '/home/student' is not a writable location, using a temp directory.
" using a temp directory.".format(parent))
Is their anyway to force the creation of the home directory when the AD user tries to login via Jupyter?
Many thanks for the help.
Matthias Bussonnier
Aug 22, 2015, 5:41:47 AM8/22/15
to jup...@googlegroups.com
Hi Adam,
If I remember corectly JupyterHub use unix PAM by default faut authentication.
What you want to do is write your custom authenticator[1][2] that probably also
plug into AD and triggers the user home creation at login.
I have no experience with AD, so I'm not sure.
You can also allow the system to create users with adduser [3]
but I suppose AD will make some extra step you want to make sure are done.
Does that help ?
--
M
[1]: some existing authenticator:
https://github.com/jupyter/jupyterhub/wiki/Authenticators
[2]: https://github.com/jupyter/jupyterhub/blob/master/docs/authenticators.md
[3]: https://github.com/jupyter/jupyterhub/blob/master/docs/getting-started.md#adding-and-removing-users
> --
> You received this message because you are subscribed to the Google Groups
> "Project Jupyter" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jupyter+u...@googlegroups.com.
> To post to this group, send email to jup...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jupyter/636629bf-b412-44e6-b7ce-64da0a0bc5d3%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
If I remember corectly JupyterHub use unix PAM by default faut authentication.
What you want to do is write your custom authenticator[1][2] that probably also
plug into AD and triggers the user home creation at login.
I have no experience with AD, so I'm not sure.
You can also allow the system to create users with adduser [3]
but I suppose AD will make some extra step you want to make sure are done.
Does that help ?
--
M
[1]: some existing authenticator:
https://github.com/jupyter/jupyterhub/wiki/Authenticators
[2]: https://github.com/jupyter/jupyterhub/blob/master/docs/authenticators.md
[3]: https://github.com/jupyter/jupyterhub/blob/master/docs/getting-started.md#adding-and-removing-users
> You received this message because you are subscribed to the Google Groups
> "Project Jupyter" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jupyter+u...@googlegroups.com.
> To post to this group, send email to jup...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jupyter/636629bf-b412-44e6-b7ce-64da0a0bc5d3%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
MinRK
Aug 23, 2015, 3:31:09 PM8/23/15
to jup...@googlegroups.com
Adam,
What mechanism triggers the creation of the home directory, do you know? Is there a corresponding shell call? We can ensure this is called with a hook in the Authenticator when a user is added.
To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/CANJQusXnkx34o668K%2BCxes4h8Czvxq-k63-QDpUcA2wUsUqqDw%40mail.gmail.com.
Ryan Lovett
Aug 25, 2015, 1:08:37 PM8/25/15
to Project Jupyter
Check out pam_mkhomedir provided by libpam-modules.
Morgan Jones
Sep 4, 2015, 11:59:20 AM9/4/15
to Project Jupyter
Hi Adam,
I'm having the same issue. Have you made any progress?
I believe the issue is related to the functionality of the python "simplepam" module. I don't think it calls the "session" region of the /etc/pam.d/login service.
I have tested the login service with pamtester and the user home directory is created, but when simplepam calls the service the directory is not created.
I'm going to post an issue on github and see what hapens.
Cheers,
Morgan
Adam
Sep 9, 2015, 5:58:40 AM9/9/15
to Project Jupyter
Hi Morgan, I've been on holiday, but now I am back I am looking into this.
No progress so far, by using pam_mkhomedir or by running a script.
Looks like you have a response to the thread that you posted, that suggests that simplepam is the issue and that we should use Pamela instead.
https://github.com/jupyter/jupyterhub/issues/295
I'm unsure how to do this. Will this require a custom authenticator?
Reply all
Reply to author
Forward
0 new messages