View Issue Details

IDProjectCategoryView StatusLast Update
0006071CentOS-6pampublic2013-03-07 14:38
Reporterbtimm 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version6.3 
Target VersionFixed in Version 
Summary0006071: pam_mkhomedir.so does not create user home directories on SSH login
DescriptionUsing the same configuration that we have had since the CentOS 5.x series, user accounts suddenly do not have their home directories created on first login via SSH. However, once logged in (or from root) if you switch into (su) the account, the home directory is created correctly.
Steps To Reproduce1. Configure Winbind using authconfig

2. Configure PAM to create home directories automatically in /etc/pam.d/system-auth:
session required pam_mkhomedir.so skel=/etc/skel umask=0022

3. Join machine to domain using "net join ads -U <user>"

4. Login as an authorized user, at which point the following message is printed:
"Could not chdir to home directory <home dir>: No such file or directory"

5. Switch into the user account using su -
"sudo su - <my user>"
Creating directory <homedir>
Additional InformationContents of nsswitch.conf:

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis

passwd: files winbind
shadow: files winbind
group: files winbind

#hosts: db files nisplus nis dns
hosts: files dns

# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus

And of system-auth:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_winbind.so require_membership_of=<sanitized> use_first_pass
auth required pam_deny.so

account required pam_unix.so broken_shadow
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_winbind.so require_membership_of=<sanitized> use_first_pass
account required pam_permit.so

password requisite pam_cracklib.so try_first_pass retry=3 type=
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
password sufficient pam_winbind.so use_authtok
password required pam_deny.so

session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session required pam_mkhomedir.so umask=0022 skel=/etc/skel

TagsNo tags attached.

Activities

scronline

scronline

2013-03-07 01:43

reporter  

krb5.conf (461 bytes)
scronline

scronline

2013-03-07 01:44

reporter  

sssd.conf (1,177 bytes)
scronline

scronline

2013-03-07 01:48

reporter   ~0016611

Also happening with sssd, krb and ldap config

user@server's password:
Could not chdir to home directory /home/user: No such file or directory
-bash-4.1$ pwd
/

[root@server ~]# su - user
Creating directory '/home/user'.

I've attached the relevant config files.
scronline

scronline

2013-03-07 01:48

reporter  

system-auth-ac (1,172 bytes)
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_sss.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_sss.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_mkhomedir.so skel=/etc/skel/ umask=0077
session     optional      pam_sss.so
session     required      pam_unix.so
system-auth-ac (1,172 bytes)
scronline

scronline

2013-03-07 01:54

reporter   ~0016612

As an additional note (and a work around)

user@server's password:
Could not chdir to home directory /home/user: No such file or directory
-bash-4.1$ su - user
Password:
Creating directory '/home/user'.
[user@ldappr ~]$
btimm

btimm

2013-03-07 14:38

reporter   ~0016617

Actually I found the configuration problem.

In 6.x, you need the following line in /etc/pam.d/password-auth as well as system-auth:

session required pam_mkhomedir.so <options>

Issue History

Date Modified Username Field Change
2012-11-13 16:08 btimm New Issue
2013-03-07 01:43 scronline File Added: krb5.conf
2013-03-07 01:44 scronline File Added: sssd.conf
2013-03-07 01:48 scronline Note Added: 0016611
2013-03-07 01:48 scronline File Added: system-auth-ac
2013-03-07 01:54 scronline Note Added: 0016612
2013-03-07 14:38 btimm Note Added: 0016617