search for: pam_oddjob_mkhomedir

Hi, I do have a samba server up and running and users are authenticated by ldap. Login to the samba server works as long as the user has a home directory. Now if I create a new ldap entry for an user I'd like to use pam_oddjob_mkhomedir to create a home directory if it dose not exist on login. But something fails on my system. I followed the redhat faq http://kbase.redhat.com/faq/docs/DOC-3973 which may be wron according to that bugzilla entry. https://bugzilla.redhat.com/show_bug.cgi?id=429524 So I added session optional...

> > > If you're on a RedHat system with selinux (RHEL, CentOS, fedora), then > > it looks like > > <https://danwalsh.livejournal.com/69837.html> pam_oddjob_mkhomedir > > will create the home directories for you and also ensure that the > > correct selinux labels are applied. I have this on my todo list, as > > I'm currently using the ADUC method, which is labour intensive. > > This will only create the home directories if the user l...

If you're on a RedHat system with selinux (RHEL, CentOS, fedora), then it looks like <https://danwalsh.livejournal.com/69837.html> pam_oddjob_mkhomedir will create the home directories for you and also ensure that the correct selinux labels are applied. I have this on my todo list, as I'm currently using the ADUC method, which is labour intensive. -- Mason On Thu, 10 Oct 2019 at 03:27, Rowland penny via samba <samba at lists.samba.org&...

I have a problem creating homedirs on the fly. Since RHEL5 / CentOS5 you have to use pam_oddjob_mkhomedir instead of pam_mkhomedir. Everything is working (the homedir is created) but two things. First on every logon I get the following error message, and I don't know how to fix it: org.freedesktop.DBus.Error.ServiceUnknown: The name com.redhat.oddjob was not provided by any .service files Second...

...EL6 clients are fully compatible with EL7 servers and vice versa. >> 2. Home directories should be created/deleted automagically under the >> hood. > You can use pam_mkhomedir to create them, but archiving or deleting home > directories would be a manual process. You should use pam_oddjob_mkhomedir for that, it requires fewer privileges and integrates nicely with SELinux. >> 3. Every user should be able to login on any machines and find his or >> her files and preferences. > You can continue using NFS for that. FreeIPA also supports automount/autofs. You should check out the...

...euid=174000327(testuser) egid=174000327(testuser ) missing +w perm: /home, dir owned by 0:0 mode=0755) Apr 9 13:01:55 mailhost dovecot: lmtp(2935): Disconnect from local: Successful quit The error above seems expected, because it is not LMTP agent's job to create user's home directory but pam_oddjob_mkhomedir.so module should do that. Right? And there are common PAM log entries for every user session: Apr 9 13:24:42 mailhost auth: pam_sss(dovecot:auth): authentication success; logname= uid=0 euid=0 tty=dovecot ruser=validuser rhost=::1 user= validuser Apr 9 13:24:42 mailhost auth: pam_unix(dovecot:s...

...euid=174000327(testuser) egid=174000327(testuser ) missing +w perm: /home, dir owned by 0:0 mode=0755) Apr 9 13:01:55 mailhost dovecot: lmtp(2935): Disconnect from local: Successful quit The error above seems expected, because it is not lmtp agent's job to create user's home directory but pam_oddjob_mkhomedir.so module should do that. Right? And there are log entries every PAM user session: Apr 9 13:24:42 mailhost auth: pam_sss(dovecot:auth): authentication success; logname= uid=0 euid=0 tty=dovecot ruser=validuser rhost=::1 user= validuser Apr 9 13:24:42 mailhost auth: pam_unix(dovecot:session): se...

...EL7 servers and vice versa. > > 2. Home directories should be created/deleted automagically under the >>> hood. >>> >> You can use pam_mkhomedir to create them, but archiving or deleting home >> directories would be a manual process. >> > You should use pam_oddjob_mkhomedir for that, it requires fewer privileges > and integrates nicely with SELinux. > > 3. Every user should be able to login on any machines and find his or >>> her files and preferences. >>> >> You can continue using NFS for that. >> > FreeIPA also supports aut...

On 10/10/2019 13:05, Mason Schmitt wrote: > > > If you're on a RedHat system with selinux (RHEL, CentOS, > fedora), then > > it looks like > > <https://danwalsh.livejournal.com/69837.html>?pam_oddjob_mkhomedir > > will create the home directories for you and also ensure that the > > correct selinux labels are applied.? I have this on my todo > list, as > > I'm currently using the ADUC method, which is labour intensive. > > This will only create the home...

....so sha512 shadow nullok try_first_pass use_authtok password??? sufficient??? pam_winbind.so use_authtok password??? required????? pam_deny.so session???? optional????? pam_keyinit.so revoke session???? required????? pam_limits.so -session???? optional????? pam_systemd.so session???? optional????? pam_oddjob_mkhomedir.so umask=0077 session???? [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session???? required????? pam_unix.so session???? optional????? pam_winbind.so cached_login Jason.

Hi, all. I'm working on a project to create a Samba PDC with LDAP authentication. I've been pretty successful in getting everything to work. However, I've run into a small snag: The PDC is built on an OpenSuse 11.2 box. Most of the member servers are also OpenSuse 11.2 boxes. However, a CentOS 5.5 server was just added to the mix. While users can lo into the CentOS box,

I'm experimenting with smb + winbind. My host is joined to AD and I can login to my host fine using my AD credentials via SSH.?? The only issue is that I don't get a Kerberos ticket generated. In /etc/security/pam_winbind.conf I have: krb5_auth = yes krb5_ccache_type = KEYRING In /etc/krb5.conf, I also have: default_ccache_name = KEYRING:persistent:%{uid} Using wbinfo -K jas, then

Customer asks why [home] doesn't work for a new AD user, turns out the linux directory doesn't exist on the DM server How to let that directory be created? GPO? I find this: https://wiki.samba.org/index.php/User_Home_Folders#Using_Active_Directory_Users_and_Computers but the GPO seems only to create the network drive ... but not the directory on the samba server itself. hints?

Hi, Over the last few years, I've been using a rather bone-headed solution to implement centralized authentication and roamin user profiles in Linux-based networks: a combination of NIS and NFS. I'm aware it's not ideal in terms of security, but it's been running in our local school since 2010, and it just works. The current setup is based on Slackware Linux on both server

...first_pass use_authtok > password??? sufficient??? pam_winbind.so use_authtok > password??? required????? pam_deny.so > session???? optional????? pam_keyinit.so revoke > session???? required????? pam_limits.so > -session???? optional????? pam_systemd.so > session???? optional????? pam_oddjob_mkhomedir.so umask=0077 > session???? [success=1 default=ignore] pam_succeed_if.so service in > crond quiet use_uid > session???? required????? pam_unix.so > session???? optional????? pam_winbind.so cached_login I noticed that wbinfo has a --krb5ccname arg so I tried: % klist klist: Credentia...