Force PAM to create user home folder if it already not exists
Hi all!
I've been trying to configure gdm to log by a RADIUS server. I'm done with the auth. But the logging it's only working if the user has already a local home folder. So I'm trying to configure pam_mkhomedir.so in order to create the user home folder on the fly. The problem is that it's not working... My /etc/pam.d/gdm file: #%PAM-1.0 auth sufficient pam_radius_auth.so auth requisite pam_nologin.so #auth sufficient pam_env.so readenv=1 #auth sufficient pam_env.so readenv=1 envfile=/etc/default/locale auth sufficient pam_succeed_if.so #auth sufficient pam_succeed_if.so user ingroup nopasswdlogin @include common-auth auth optional pam_gnome_keyring.so account sufficient pam_radius_auth.so @include common-account #session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close #session required pam_limits.so session sufficient pam_mkhomedir.so skel=/home/formacio umask=0 @include common-session session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open session optional pam_gnome_keyring.so auto_start @include common-password Thanks |
Quote:
|
Thanks for your reply.
I'm setting umask=0022 (sorry my mistake). I put it optional, but it's not working... Only for the record, I'm using Ubuntu 10.04.3 and gnome 2.30.2 NOTE: If I create manually the home directories all is working well, but sadly I have to create the directories dynamically. |
Try moving it to /etc/pam.d/system-auth or equivalent rather than /etc/pam.d/gdm
|
I tried putting it into common-auth and common-session with no success...
|
Ok, add 'debug' to the end of the line and we should see some info in /var/log/messages
|
I put the debug option but I don't see anything pam_mkhomedir.so related on /var/log/messages. I seems that pam_mkhomedir.so has no debug option.
|
Is your syslog configured to handle DEBUG level messages ?
The module is actually present .. ? |
I assume that syslog it's configured to output debug messages, because if I put the debug option on the pam_radius_auth.so lines I see the output.
Sorry, what do you mean with "the module is present"? |
I'm posting the configuration files:
############# /etc/pam.d/common-account #################### account sufficient pam_radius_auth.so session required pam_mkhomedir.so account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so account requisite pam_deny.so account required pam_permit.so ############# /etc/pam.d/common-auth ####################### auth [success=1 default=ignore] pam_unix.so nullok_secure auth requisite pam_deny.so auth required pam_permit.so ############# /etc/pam.d/common-session ####################### session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session required pam_mkhomedir.so session required pam_unix.so session optional pam_ck_connector.so nox11 ############# /etc/pam.d/gdm ####################### auth sufficient pam_radius_auth.so debug auth requisite pam_nologin.so auth sufficient pam_env.so readenv=1 auth sufficient pam_env.so readenv=1 envfile=/etc/default/locale auth sufficient pam_succeed_if.so user ingroup nopasswdlogin @include common-auth auth optional pam_gnome_keyring.so account sufficient pam_radius_auth.so @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session required pam_limits.so session sufficient pam_mkhomedir.so skel=/home/formacio umask=0022 @include common-session session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open session optional pam_gnome_keyring.so auto_start @include common-password ############# /etc/pam.d/login ####################### auth required pam_securetty.so auth requisite pam_nologin.so session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session required pam_env.so readenv=1 session required pam_env.so readenv=1 envfile=/etc/default/locale # Standard Un*x authentication. @include common-auth auth optional pam_group.so session required pam_limits.so session optional pam_lastlog.so session optional pam_motd.so session optional pam_mail.so standard # Standard Un*x account and session @include common-account @include common-session @include common-password session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open ############################################################ I hope this will help. |
Try removing pam_mkhomedir lines from every file except common-session, and alter common-session as below:-
Code:
############# /etc/pam.d/common-session ####################### |
This way it's not working.
I already notice that the real problem is that accounting/session is failing because the radius user has not an entry at `/etc/passwd` I'm currently trying to do adduser by `libpam_script.so` plugin. Maybe it's the solution ;) |
Finally I have solved the problem by using `pam_script` to execute `adduser` before entering the gdm session.
Thanks all. |
All times are GMT -5. The time now is 03:16 AM. |