Problem:
We have an existing user (real life person, not anything related to The Foreman) in LDAP named “foreman”. I’m trying to install foreman using the recommended puppet-based foreman-installer" using these options to specify an alternate user name:
foreman-installer \
--foreman-user=foremansvc \
--foreman-group=foremansvc \
--foreman-db-username=foremansvc \
--foreman-pam-service=foremansvc \
--puppet-server-reports=foremansvc
…I don’t think the pam-service or puppet-server-reports is necessary - I’ve just been digging through the install log and trying to change values for everything with a value of “foreman”, changing that if there’s an installer option and it STILL creates a user in /etc/passwd and /etc/shadow as “foreman” with a homedir at /usr/share/foreman.
Here’s a “grep foreman /var/log/secure” from a clean install of CentOS 7 using those options:
May 30 13:33:11 captain groupadd[10190]: group added to /etc/group: name=foreman, GID=994
May 30 13:33:11 captain groupadd[10190]: group added to /etc/gshadow: name=foreman
May 30 13:33:11 captain groupadd[10190]: new group: name=foreman, GID=994
May 30 13:33:12 captain useradd[10195]: new user: name=foreman, UID=997, GID=994, home=/usr/share/foreman, shell=/sbin/nologin
May 30 13:33:28 captain su: pam_unix(su:session): session opened for user foreman by (uid=0)
May 30 13:33:36 captain su: pam_unix(su:session): session closed for user foreman
May 30 13:33:36 captain su: pam_unix(su:session): session opened for user foreman by (uid=0)
May 30 13:33:43 captain su: pam_unix(su:session): session closed for user foreman
May 30 13:33:44 captain su: pam_unix(su:session): session opened for user foreman by (uid=0)
May 30 13:33:52 captain su: pam_unix(su:session): session closed for user foreman
May 30 13:33:52 captain su: pam_unix(su:session): session opened for user foreman by (uid=0)
May 30 13:34:00 captain su: pam_unix(su:session): session closed for user foreman
May 30 13:34:00 captain su: pam_unix(su:session): session opened for user foreman by (uid=0)
May 30 13:34:08 captain su: pam_unix(su:session): session closed for user foreman
May 30 13:34:08 captain su: pam_unix(su:session): session opened for user foreman by (uid=0)
May 30 13:34:15 captain su: pam_unix(su:session): session closed for user foreman
May 30 13:34:59 captain groupadd[10880]: group added to /etc/group: name=foreman-proxy, GID=993
May 30 13:34:59 captain groupadd[10880]: group added to /etc/gshadow: name=foreman-proxy
May 30 13:34:59 captain groupadd[10880]: new group: name=foreman-proxy, GID=993
May 30 13:34:59 captain useradd[10885]: new user: name=foreman-proxy, UID=996, GID=993, home=/usr/share/foreman-proxy, shell=/sbin/nologin
May 30 13:37:05 captain groupadd[11811]: group added to /etc/group: name=foremansvc, GID=1000
May 30 13:37:05 captain groupadd[11811]: group added to /etc/gshadow: name=foremansvc
May 30 13:37:05 captain groupadd[11811]: new group: name=foremansvc, GID=1000
May 30 13:37:05 captain useradd[11820]: new user: name=foremansvc, UID=1000, GID=1000, home=/usr/share/foreman, shell=/bin/false
May 30 13:37:05 captain useradd[11820]: add ‘foremansvc’ to group ‘puppet’
May 30 13:37:05 captain useradd[11820]: add ‘foremansvc’ to shadow group ‘puppet’
May 30 13:37:12 captain su: pam_unix(su:auth): auth could not identify password for [foreman]
May 30 13:37:12 captain su: pam_succeed_if(su:auth): requirement “uid >= 1000” not met by user “foreman”
May 30 13:37:15 captain usermod[12030]: change user ‘foreman-proxy’ shell from ‘/sbin/nologin’ to ‘/bin/false’
May 30 13:37:15 captain usermod[12037]: add ‘foreman-proxy’ to group ‘puppet’
May 30 13:37:15 captain usermod[12037]: add ‘foreman-proxy’ to shadow group ‘puppet’
May 30 14:32:43 captain su: pam_unix(su:auth): auth could not identify password for [foreman]
May 30 14:32:43 captain su: pam_succeed_if(su:auth): requirement “uid >= 1000” not met by user “foreman”
Expected outcome:
Using --foreman-user= would NOT create a “foreman” user.
Foreman and Proxy versions:
1.24.3
Foreman and Proxy plugin versions:
Distribution and version:
CentOS 7
Other relevant data: