progjm
asked on
Home Directories for domain users
I seem to be having problems creating a home directory for any windows user when they log into Red hat Enterprise 5. I have successfully joined the RHL 5 box to my domain and I can see all domain users when I run wbinfo -u and -g. When the user logs in it states that
"Your home directory is listed as /home/domain/user but does not appear to exist. Do you want to log in with root?"
How do I create the directory, shouldnt it just create when I log in?
Thanks
"Your home directory is listed as /home/domain/user but does not appear to exist. Do you want to log in with root?"
How do I create the directory, shouldnt it just create when I log in?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Boot using single user mode. root is a local account? If not you would need to boot the system using a live CD and then adjust the settings on /etc/nsswitch.conf on the harddrive as well as /etc/password and /etc/shadow.
ASKER
After some testing i found that when I add this line to the /etc/pam.d/system-auth
session required pam_oddjob_mkhomedir.so skel=/etc/skel umask=0022
Is when the logon issues begin, any ideas on why?
session required pam_oddjob_mkhomedir.so skel=/etc/skel umask=0022
Is when the logon issues begin, any ideas on why?
What is the order of checks in /etc/nsswitch.conf for passwd does it check files first?
I do not know why the addition of the entry leads to logon issues.
I do not know why the addition of the entry leads to logon issues.
ASKER
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files winbind
shadow: files winbind
group: files winbind
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files winbind
shadow: files winbind
group: files winbind
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
Once you setup the mechanism as outlined in the active directory integration, did you test the active directory integration with the below and was it successful?
wbinfo -a username % password
What are the permissions on the /home/DOMAIN directory/folder?
Try running strace on the login session process and see whether it is getting stuck when it tries to create the user homedir and fails.
i.e. ssh in, locate the process on the server. use strace -f -p <the_specific_ssh_process>
In the ssh session authenticate and see the strace output.
wbinfo -a username % password
What are the permissions on the /home/DOMAIN directory/folder?
Try running strace on the login session process and see whether it is getting stuck when it tries to create the user homedir and fails.
i.e. ssh in, locate the process on the server. use strace -f -p <the_specific_ssh_process>
In the ssh session authenticate and see the strace output.
ASKER
Answer to your fist question is yes they work perfectly
Group access has the domain users group added, read and write
One thing I did notice is that I didnt see an oddjob service running or listed what is it and should it be there?
i will try the next step and see
Thanks
Group access has the domain users group added, read and write
One thing I did notice is that I didnt see an oddjob service running or listed what is it and should it be there?
i will try the next step and see
Thanks
I think this is the service that is called by pam to get the directory created.
ASKER
might be my issue
Change the required on the pam_oddjob to optional and you will return to getting missing home directory errors.
Run chkconfig --list | grep odd
if you have it listed but it is set to be off, run chkconfig oddjobd on; /etc/init.d/oddjobd start and try again.
Run chkconfig --list | grep odd
if you have it listed but it is set to be off, run chkconfig oddjobd on; /etc/init.d/oddjobd start and try again.
ASKER
nothing there, how should I go about getting it installed
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will give it a shot and update in the morning. Thanks for your help
ASKER
Well looks like when I edited the statemant
session required pam_oddjob_mkhomedir.so skel=/etc/skel umask=0022
to
session required mkhomedir.so skel=/etc/skel umask=0077
it works great.
Thanks again for your help
session required pam_oddjob_mkhomedir.so skel=/etc/skel umask=0022
to
session required mkhomedir.so skel=/etc/skel umask=0077
it works great.
Thanks again for your help
ASKER