search for: mkhomedir_helper

...spasswords\sfor\s*\nNew \sPassword:\s%n*\nRetype\snew\spassword:\s%n*. ; guest account = nobody ; invalid users = root pam password change = yes # Domain domain logons = yes enable privileges = yes logon path = logon home = logon drive = logon script = startup.bat root preexec = /sbin/mkhomedir_helper %U add user script = /usr/sbin/smbldap-useradd -a -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smblda...

...ession): pam_modutil_drop_priv: change_gid failed: Success Jul 6 18:59:02 testvm login[1230]: pam_keyinit(login:session): Unable to change GID to 70005 temporarily Jul 6 18:59:02 testvm login[1230]: pam_unix(login:session): session opened for user domainuser by LOGIN(uid=0) Jul 6 18:59:02 testvm mkhomedir_helper: PAM unable to change perms on copy /home/domainuser/.profile: Invalid argument Jul 6 18:59:02 testvm login[1230]: pam_systemd(login:session): Failed to create session: Seat has no VTs but VT number not 0 Jul 6 18:59:02 testvm login[1230]: Permission denied GID 70005 is «domain admins» group. A...

...And it works fine! :) Turns out the host that had directory creation working properly before had SELinux disabled. When I look at the audit log this is what I found: type=AVC msg=audit(1450562436.438:2148162): avc: denied { entrypoint } for pid=17881 comm="sshd" path="/usr/sbin/mkhomedir_helper" dev="vda1" ino=1048040 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:oddjob_mkhomedir_exec_t:s0 tclass=file Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to gener...

> > You may also need to restart sssd or nslcd, depending upon which one is > running the backed ldap connection service on the clients. Hmm.. I got a different result after restarting nclcd. Instead of logging me in and just complaining that it couldn't create the home directory, it still complains about not creating the home directory, but now it doesn't let me in: #ssh