Package: libpam-modules-bin Version: 1.7.0-5
Upon users first login to system, we notice this message: Creating directory '/home/aarong/'. Unable to create and initialize directory '/home/aarong/‘. On the destination host, we see the homedir /home/aarong, but with perms root:root. Looking at auth.log we’ve found the following: auth.log:2026-03-05T11:49:02.578743+00:00 ted-adg-001 sshd-session[1691]: Accepted publickey for aarong from 10.18.52.33 port 46426 ssh2: @#@$@#%^%$#@## auth.log:2026-03-05T11:49:02.578788+00:00 ted-adg-001 sshd-session[1691]: debug1: monitor_child_preauth: user aarong authenticated by privileged process auth.log:2026-03-05T11:49:02.587396+00:00 ted-adg-001 sshd-session[1691]: pam_unix(sshd:session): session opened for user aarong(uid=997654857) by aarong(uid=0) auth.log:2026-03-05T11:49:02.607945+00:00 ted-adg-001 systemd-logind[950]: New session 6 of user aarong. auth.log:2026-03-05T11:49:02.673876+00:00 ted-adg-001 (systemd): pam_unix(systemd-user:session): session opened for user aarong(uid=997654857) by aarong(uid=0) auth.log:2026-03-05T11:49:02.676906+00:00 ted-adg-001 systemd-logind[950]: New session 7 of user aarong. auth.log:2026-03-05T11:49:02.894459+00:00 ted-adg-001 mkhomedir_helper: PAM unable to create directory /home/aarong/: No such file or directory auth.log:2026-03-05T11:49:02.962185+00:00 ted-adg-001 sshd-session[1725]: Starting session: shell on pts/1 for aarong from 10.18.52.33 port 46426 id 0 Next deleted user’s homer and run this manually to see results: pam-auth-update It is setup the same as our Debian 12 hosts. /etc/pam.d/common-session file: # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of interactive sessions. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) session [default=1] pam_permit.so # here's the fallback if no module succeeds session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # reset the umask for new sessions #session optional pam_umask.so # and here are more per-package modules (the "Additional" block) session required pam_unix.so session optional pam_sss.so session optional pam_systemd.so session optional pam_mkhomedir.so umask=0077 # end of pam-auth-update config Changed umasked setting around without success. The fix was to cp mkhomedir_helper from a Debian 12 host to the Debian 13 host, it works as expected. Aaron Geddins Systems Engineer [email protected] o+1 929-591-2579 tassat.com CONFIDENTIALITY NOTICE THE INFORMATION CONTAINED IN THIS COMMUNICATION IS INTENDED FOR THE NAMED RECEIVER ONLY. THE TRANSMISSION MAY CONTAIN PRIVILEGED AND CONFIDENTIAL MATERIAL. IF YOU ARE NOT THE NAMED RECIPIENT, PLEASE BE ADVISED THAT ANY USE, DISSEMINATION OR UNAUTHORIZED COPYING OF THE MATERIAL IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS TRANSMISSION IN ERROR, PLEASE NOTIFY [email protected] AND DESTROY THE RECEIVED COPY. THANK YOU. v112620
