Home folders are not created automatically for domain users

Issues related to configuring your network
Post Reply
andreiv3103
Posts: 12
Joined: 2009/10/26 10:21:14

Home folders are not created automatically for domain users

Post by andreiv3103 » 2014/09/24 10:37:18

First, here is my setup:
Installed CentOS 7 on a physical computer, went with default settings, minimal install.
Added packages needed to join an Active Directory domain (realmd sssd adcli samba-common ntp oddjob-mkhomedir)
Joined AD (running on Windows 2008 R2), successfully using realm command
Tested login with domain user through ssh and console and it works, the user's home folder is created at first login in /home/domain/username
Installed samba
Created a very simple config for samba:
[global]
workgroup = mydomain
server string = Samba Server Version %v
security = ads
; encrypt passwords = yes
passdb backend = tdbsam
realm = mydomain.ld

# Not interested in printers
load printers = no
cups options = raw
printcap name = /dev/null

# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 50

[homes]
comment = Home Directories
browseable = no
writable = yes

When I log in with domain account from a windows computer, it works, I see only one folder named as the username, which is expected, but when I double-click on it, it stays a while and then it says that the path cannot be found.
I look on the server and yes, the path is not there. The home folder wasn't created.

After testing and digging for a few days I believe that the problem is PAM. sssd sends the authentication request to PAM. In the
/etc/pam.d/system-auth file there is a command that says:

session optional pam_mkhomedir.so umask=0077

I changed the "optional" to "required" but no change. oddjob service is running, but the pam_mkhomedir.so seems either not to execute at all or to execute but with some error.

I found no way to debug PAM to see exactly what is going on.

I turned on debugging for sssd, I see that it indeed calls PAM for authentication, PAM replies with OK (which is true since I can logon) but it is clear that PAM fails to create the home dir.

That's it. Any idea or suggestion would be greatly appreciated.

jensd
Posts: 36
Joined: 2014/07/08 12:23:09

Re: Home folders are not created automatically for domain us

Post by jensd » 2014/09/30 12:37:53

Check if you enabled the mkhomedir-module in: /etc/sysconfig/authconfig

If it's not enabled, try running the following:

Code: Select all

authconfig --enablemkhomedir --update

User avatar
jyoung
Posts: 102
Joined: 2014/09/22 13:40:31
Location: Nashville, TN, USA

Re: Home folders are not created automatically for domain us

Post by jyoung » 2014/10/03 23:32:57

I'd recommend using oddjob-mkhomedir instead:

Code: Select all

yum install oddjob-mkhomedir
/etc/pam.d/system-auth and /etc/pam.d/password-auth

Code: Select all

session     optional      pam_oddjob_mkhomedir.so skel=/etc/skel
Update the oddjob-mkhomedir configuration so that it has the right umask to use when creating a home directory:

Code: Select all

sed -i 's/0022/0077/g' /etc/oddjobd.conf.d/oddjobd-mkhomedir.conf
Start (or restart) oddjob just in case

Code: Select all

systemctl enable oddjob; systemctl start oddjob
-- Jeremy --

Post Reply