Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
Hi all! I've been trying to configure gdm to log by a RADIUS server. I'm done with the auth. But the logging it's only working if the user has already ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2011
    Posts
    7

    Force PAM to create user home folder if it already not exists


    Hi all!

    I've been trying to configure gdm to log by a RADIUS server.
    I'm done with the auth. But the logging it's only working if the user has already a local home folder. So I'm trying to configure pam_mkhomedir.so in order to create the user home folder on the fly, but I have no success.

    Thanks

  2. #2
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    Code:
    session     optional      pam_mkhomedir.so
    in /etc/pam.d/system-auth not work?
    linux user # 503963

  3. #3
    Just Joined!
    Join Date
    Nov 2011
    Posts
    7
    First, thanks for the reply.

    I had added "session sufficient pam_mkhomedir.so" to the /etc/pam.d/gdm filea and it's not working.
    If I apply your suggestion I assume that the line had to be at the top of the file because it's optional, right?

  4. #4
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    If I remember PAM correctly, it won't matter where you place it. The control fields only determine how the action will play out.

    In your case, an "optional" module will fail the operation only if its the only module in the stack. Most likely it won't be, since its a session stack.

    Be sure to place it in the appropriate stack.
    linux user # 503963

  5. #5
    Just Joined!
    Join Date
    Nov 2011
    Posts
    7
    Putting that on common-auth its not working.

    It's very rare. I had put that line on common-session with a debug option, and trying to log with a non local user at gdm fails but if try a local user by cli auth.log says "the user already has a home directory".

    Any suggestions?

  6. #6
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    I have read in a few places that maybe pam_oddjob_mkhomedir. Here's an article from a redhat magazine, its dated, but it could help. Its at the very bottom.

    redhat.com | Tips and tricks

    But that is redhat, for debian-type systems it says you should add to common-account, not common auth.

    Giving users a home directory automatically

    Add:
    Code:
    session    required   pam_mkhomedir.so skel=/etc/skel/ umask=0022
    linux user # 503963

  7. #7
    Just Joined!
    Join Date
    Nov 2011
    Posts
    7
    The oddjob thing is a redhat stuff and it's not at ubuntu repositories.

    I have tried common-auth, common-session and common-account.

    I'm starting to think that is a gdm problem.

    Just for the record, I'm using Ubuntu 10.04.3 and gdm 2.30.2.

  8. #8
    Just Joined!
    Join Date
    Nov 2011
    Posts
    7
    I'm posting the configuration files:

    ############# /etc/pam.d/common-account ####################

    account sufficient pam_radius_auth.so
    session required pam_mkhomedir.so

    account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
    account requisite pam_deny.so
    account required pam_permit.so


    ############# /etc/pam.d/common-auth #######################

    auth [success=1 default=ignore] pam_unix.so nullok_secure
    auth requisite pam_deny.so
    auth required pam_permit.so


    ############# /etc/pam.d/common-session #######################

    session [default=1] pam_permit.so
    session requisite pam_deny.so
    session required pam_permit.so
    session required pam_mkhomedir.so
    session required pam_unix.so
    session optional pam_ck_connector.so nox11


    ############# /etc/pam.d/gdm #######################

    auth sufficient pam_radius_auth.so debug
    auth requisite pam_nologin.so
    auth sufficient pam_env.so readenv=1
    auth sufficient pam_env.so readenv=1 envfile=/etc/default/locale
    auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
    @include common-auth
    auth optional pam_gnome_keyring.so
    account sufficient pam_radius_auth.so
    @include common-account
    session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
    session required pam_limits.so
    session sufficient pam_mkhomedir.so skel=/home/formacio umask=0022
    @include common-session
    session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
    session optional pam_gnome_keyring.so auto_start
    @include common-password


    ############# /etc/pam.d/login #######################

    auth required pam_securetty.so
    auth requisite pam_nologin.so
    session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
    session required pam_env.so readenv=1
    session required pam_env.so readenv=1 envfile=/etc/default/locale

    # Standard Un*x authentication.
    @include common-auth

    auth optional pam_group.so

    session required pam_limits.so
    session optional pam_lastlog.so
    session optional pam_motd.so
    session optional pam_mail.so standard

    # Standard Un*x account and session
    @include common-account
    @include common-session
    @include common-password

    session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open

    ################################################## ##########

    I hope this will help.

  9. #9
    Just Joined!
    Join Date
    Nov 2011
    Posts
    7
    This way it's not working.

    I already notice that the real problem is that accounting/session is failing because the radius user has not an entry at `/etc/passwd`

    I'm currently trying to do adduser by `libpam_script.so` plugin. Maybe it's the solution

  10. #10
    Just Joined!
    Join Date
    Nov 2011
    Posts
    7
    Finally I have solved the problem by using `pam_script` to execute `adduser` before entering the gdm session.

    Thanks all.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •