/etc/sssd/sssd.conf :
Code: Select all
domains = my.domain
config_file_version = 2
services = nss, pam
default_domain_suffix = my.domain
[domain/my.domain]
ad_domain = my.domain
krb5_realm = MY.DOMAIN
realmd_tags = manages-system joined-with-samba
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /usr/sbin/nologin
ldap_id_mapping = True
use_fully_qualified_names = True
fallback_homedir = /home/%u
access_provider = simple
simple_allow_groups = webspace@my.domain
Code: Select all
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth required pam_faildelay.so delay=2000000
auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
auth [default=1 ignore=ignore success=ok] pam_localuser.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so forward_pass
auth required pam_deny.so
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 1000 quiet
account [default=bad success=ok user_unknown=ignore] pam_sss.so
account required pam_permit.so
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_sss.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077 skel=/etc/skel
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_sss.so
Code: Select all
[root@webserver ~]# ls -la /etc/skel
total 24
drwxr-xr-x. 3 root root 81 Apr 20 09:20 .
drwxr-xr-x. 83 root root 8192 Apr 19 16:03 ..
-rw-r--r--. 1 root root 18 Sep 6 2017 .bash_logout
-rw-r--r--. 1 root root 193 Sep 6 2017 .bash_profile
-rw-r--r--. 1 root root 231 Sep 6 2017 .bashrc
drwxr-xr-x. 2 root root 6 Apr 19 15:50 public_html
Code: Select all
[root@webserver ~]# tail /var/log/messages
Apr 20 09:31:16 webserver sssd: ; TSIG error with server: tsig verify failure
Apr 20 09:31:54 webserver systemd: Created slice User Slice of mcgheee@my.domain.
Apr 20 09:31:54 webserver systemd: Starting User Slice of mcgheee@my.domain.
Apr 20 09:31:54 webserver systemd: Started Session 22 of user mcgheee@my.domain.
Apr 20 09:31:54 webserver systemd-logind: New session 22 of user mcgheee@my.domain.
Apr 20 09:31:54 webserver systemd: Starting Session 22 of user mcgheee@my.domain.
Apr 20 09:31:54 webserver oddjob-mkhomedir[1893]: error creating /home/mcgheee/public_html: No such file or directory
Apr 20 09:31:54 webserver systemd-logind: Removed session 22.
Apr 20 09:31:54 webserver systemd: Removed slice User Slice of mcgheee@my.domain.
Apr 20 09:31:54 webserver systemd: Stopping User Slice of mcgheee@my.domain.