Results 1 to 10 of 10
Hi all!
I've been trying to configure gdm to log by a RADIUS server.
I'm done with the auth. But the logging it's only working if the user has already ...
- 11-10-2011 #1Just Joined!
- Join Date
- Nov 2011
- Posts
- 7
Force PAM to create user home folder if it already not exists
Hi all!
I've been trying to configure gdm to log by a RADIUS server.
I'm done with the auth. But the logging it's only working if the user has already a local home folder. So I'm trying to configure pam_mkhomedir.so in order to create the user home folder on the fly, but I have no success.
Thanks
- 11-10-2011 #2Linux Enthusiast
- Join Date
- Jan 2010
- Location
- Western Kentucky
- Posts
- 616
in /etc/pam.d/system-auth not work?Code:session optional pam_mkhomedir.so
linux user # 503963
- 11-11-2011 #3Just Joined!
- Join Date
- Nov 2011
- Posts
- 7
First, thanks for the reply.
I had added "session sufficient pam_mkhomedir.so" to the /etc/pam.d/gdm filea and it's not working.
If I apply your suggestion I assume that the line had to be at the top of the file because it's optional, right?
- 11-11-2011 #4Linux Enthusiast
- Join Date
- Jan 2010
- Location
- Western Kentucky
- Posts
- 616
If I remember PAM correctly, it won't matter where you place it. The control fields only determine how the action will play out.
In your case, an "optional" module will fail the operation only if its the only module in the stack. Most likely it won't be, since its a session stack.
Be sure to place it in the appropriate stack.linux user # 503963
- 11-14-2011 #5Just Joined!
- Join Date
- Nov 2011
- Posts
- 7
Putting that on common-auth its not working.
It's very rare. I had put that line on common-session with a debug option, and trying to log with a non local user at gdm fails but if try a local user by cli auth.log says "the user already has a home directory".
Any suggestions?
- 11-14-2011 #6Linux Enthusiast
- Join Date
- Jan 2010
- Location
- Western Kentucky
- Posts
- 616
I have read in a few places that maybe pam_oddjob_mkhomedir. Here's an article from a redhat magazine, its dated, but it could help. Its at the very bottom.
redhat.com | Tips and tricks
But that is redhat, for debian-type systems it says you should add to common-account, not common auth.
Giving users a home directory automatically
Add:
Code:session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
linux user # 503963
- 11-15-2011 #7Just Joined!
- Join Date
- Nov 2011
- Posts
- 7
The oddjob thing is a redhat stuff and it's not at ubuntu repositories.
I have tried common-auth, common-session and common-account.
I'm starting to think that is a gdm problem.
Just for the record, I'm using Ubuntu 10.04.3 and gdm 2.30.2.
- 11-18-2011 #8Just Joined!
- Join Date
- Nov 2011
- Posts
- 7
I'm posting the configuration files:
############# /etc/pam.d/common-account ####################
account sufficient pam_radius_auth.so
session required pam_mkhomedir.so
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
############# /etc/pam.d/common-auth #######################
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
############# /etc/pam.d/common-session #######################
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_mkhomedir.so
session required pam_unix.so
session optional pam_ck_connector.so nox11
############# /etc/pam.d/gdm #######################
auth sufficient pam_radius_auth.so debug
auth requisite pam_nologin.so
auth sufficient pam_env.so readenv=1
auth sufficient pam_env.so readenv=1 envfile=/etc/default/locale
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
auth optional pam_gnome_keyring.so
account sufficient pam_radius_auth.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_limits.so
session sufficient pam_mkhomedir.so skel=/home/formacio umask=0022
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_gnome_keyring.so auto_start
@include common-password
############# /etc/pam.d/login #######################
auth required pam_securetty.so
auth requisite pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Standard Un*x authentication.
@include common-auth
auth optional pam_group.so
session required pam_limits.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard
# Standard Un*x account and session
@include common-account
@include common-session
@include common-password
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
################################################## ##########
I hope this will help.
- 11-22-2011 #9Just Joined!
- Join Date
- Nov 2011
- Posts
- 7
This way it's not working.
I already notice that the real problem is that accounting/session is failing because the radius user has not an entry at `/etc/passwd`
I'm currently trying to do adduser by `libpam_script.so` plugin. Maybe it's the solution
- 11-29-2011 #10Just Joined!
- Join Date
- Nov 2011
- Posts
- 7
Finally I have solved the problem by using `pam_script` to execute `adduser` before entering the gdm session.
Thanks all.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
