[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 562
  • Last Modified:

Home Directories for domain users

I seem to be having problems creating a home directory for any windows user when they log into Red hat Enterprise 5. I have successfully joined the RHL 5 box to my domain and I can see all domain users when I run wbinfo -u and -g. When the user logs in it states that
"Your home directory is listed as /home/domain/user but does not appear to exist. Do you want to log in with root?"
How do I create the directory, shouldnt it just create when I log in?

Thanks
0
progjm
Asked:
progjm
  • 8
  • 7
2 Solutions
 
arnoldCommented:
There is a configuration option that deals with automatically createing home dirs for winbind users.
http://www.linuxmail.info/active-directory-integration-samba-centos-5/
0
 
progjmAuthor Commented:
Following all steps in that article, now I get authentication fails for all users including root. Any ideas?
0
 
arnoldCommented:
Boot using single user mode. root is a local account?  If not you would need to boot the system using a live CD and then adjust the settings on /etc/nsswitch.conf on the harddrive as well as /etc/password and /etc/shadow.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
progjmAuthor Commented:
After some testing i found that when I add this line to the /etc/pam.d/system-auth
session required pam_oddjob_mkhomedir.so skel=/etc/skel umask=0022
Is when the logon issues begin, any ideas on why?
0
 
arnoldCommented:
What is the order of checks in /etc/nsswitch.conf for passwd does it check files first?

I do not know why the addition of the entry leads to logon issues.
0
 
progjmAuthor Commented:
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#      nisplus or nis+            Use NIS+ (NIS version 3)
#      nis or yp            Use NIS (NIS version 2), also called YP
#      dns                  Use DNS (Domain Name Service)
#      files                  Use the local files
#      db                  Use the local database (.db) files
#      compat                  Use NIS on compat mode
#      hesiod                  Use Hesiod for user lookups
#      [NOTFOUND=return]      Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files winbind
shadow:     files winbind
group:      files winbind

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files    

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:    files nisplus
0
 
arnoldCommented:
Once you setup the mechanism as outlined in the active directory integration, did you test the active directory integration with the below and was it successful?
wbinfo -a username%password

What are the permissions on the /home/DOMAIN directory/folder?

Try running strace on the login session process and see whether it is getting stuck when it tries to create the user homedir and fails.
i.e. ssh in, locate the process on the server. use strace -f -p <the_specific_ssh_process>
In the ssh session authenticate and see the strace output.
0
 
progjmAuthor Commented:
Answer to your fist question is yes they work perfectly

Group access has the domain users group added, read and write

One thing I did notice is that I didnt see an oddjob service running or listed what is it and should it be there?

i will try the next step and see

Thanks

0
 
arnoldCommented:
I think this is the service that is called by pam to get the directory created.
0
 
progjmAuthor Commented:
might be my issue
0
 
arnoldCommented:
Change the required on the pam_oddjob to optional and you will return to getting missing home directory errors.

Run chkconfig --list | grep odd
if you have it listed but it is set to be off, run chkconfig oddjobd on; /etc/init.d/oddjobd start and try again.
0
 
progjmAuthor Commented:
nothing there, how should I go about getting it installed
0
 
arnoldCommented:
One option is to get it from RHN.  Do you use yum package manager?
yum install oddjob
up2date -i oddjob
They have a reference to an update:
http://rhn.redhat.com/errata/RHBA-2008-0021.html
0
 
progjmAuthor Commented:
I will give it a shot and update in the morning. Thanks for your help
0
 
progjmAuthor Commented:
Well looks like when I edited the statemant
session required pam_oddjob_mkhomedir.so skel=/etc/skel umask=0022
to
session required mkhomedir.so skel=/etc/skel umask=0077
it works great.

Thanks again for your help
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now