First, here is my setup:
Installed CentOS 7 on a physical computer, went with default settings, minimal install.
Added packages needed to join an Active Directory domain (realmd sssd adcli samba-common ntp oddjob-mkhomedir)
Joined AD (running on Windows 2008 R2), successfully using realm command
Tested login with domain user through ssh and console and it works, the user's home folder is created at first login in /home/domain/username
Installed samba
Created a very simple config for samba:
[global]
workgroup = mydomain
server string = Samba Server Version %v
security = ads
; encrypt passwords = yes
passdb backend = tdbsam
realm = mydomain.ld
# Not interested in printers
load printers = no
cups options = raw
printcap name = /dev/null
# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 50
[homes]
comment = Home Directories
browseable = no
writable = yes
When I log in with domain account from a windows computer, it works, I see only one folder named as the username, which is expected, but when I double-click on it, it stays a while and then it says that the path cannot be found.
I look on the server and yes, the path is not there. The home folder wasn't created.
After testing and digging for a few days I believe that the problem is PAM. sssd sends the authentication request to PAM. In the
/etc/pam.d/system-auth file there is a command that says:
session optional pam_mkhomedir.so umask=0077
I changed the "optional" to "required" but no change. oddjob service is running, but the pam_mkhomedir.so seems either not to execute at all or to execute but with some error.
I found no way to debug PAM to see exactly what is going on.
I turned on debugging for sssd, I see that it indeed calls PAM for authentication, PAM replies with OK (which is true since I can logon) but it is clear that PAM fails to create the home dir.
That's it. Any idea or suggestion would be greatly appreciated.
Home folders are not created automatically for domain users
-
- Posts: 12
- Joined: 2009/10/26 10:21:14
Re: Home folders are not created automatically for domain us
Check if you enabled the mkhomedir-module in: /etc/sysconfig/authconfig
If it's not enabled, try running the following:
If it's not enabled, try running the following:
Code: Select all
authconfig --enablemkhomedir --update
Re: Home folders are not created automatically for domain us
I'd recommend using oddjob-mkhomedir instead:
/etc/pam.d/system-auth and /etc/pam.d/password-auth
Update the oddjob-mkhomedir configuration so that it has the right umask to use when creating a home directory:
Start (or restart) oddjob just in case
Code: Select all
yum install oddjob-mkhomedir
Code: Select all
session optional pam_oddjob_mkhomedir.so skel=/etc/skel
Code: Select all
sed -i 's/0022/0077/g' /etc/oddjobd.conf.d/oddjobd-mkhomedir.conf
Code: Select all
systemctl enable oddjob; systemctl start oddjob
-- Jeremy --