Re: [Freeipa-users] oddjob_mkhomedir troubles

Thu, 20 Apr 2017 04:38:40 -0700 

On 2017-04-19 13:06, Ronald Wimmer wrote:

[...]
as the default directory (by setting override_homedir in sssd.conf) oddjob_mkhomedir creates the user directory but I still get a permission denied when logging in for the first time. (cd /home/user works) 


The only thing I see in the logs is:
Apr 20 13:10:02 testclient systemd: Starting Session 1260 of user myu...@mydomain.at. Apr 20 13:10:02 testclient oddjob-mkhomedir[15879]: error setting permissions on /home/mydomain.at/myuser: Operation not permitted Apr 20 13:10:02 testclient dbus[770]: [system] Activating service name='org.freedesktop.problems' (using servicehelper) Apr 20 13:10:02 testclient dbus-daemon: dbus[770]: [system] Activating service name='org.freedesktop.problems' (using servicehelper) Apr 20 13:10:02 testclient dbus[770]: [system] Successfully activated service 'org.freedesktop.problems' Apr 20 13:10:02 testclient dbus-daemon: dbus[770]: [system] Successfully activated service 'org.freedesktop.problems' 

This is where PAM put the module:
/etc/pam.d/fingerprint-auth:session optional pam_oddjob_mkhomedir.so umask=0077 /etc/pam.d/fingerprint-auth-ac:session optional pam_oddjob_mkhomedir.so umask=0077 /etc/pam.d/password-auth:session optional pam_oddjob_mkhomedir.so umask=0077 /etc/pam.d/password-auth-ac:session optional pam_oddjob_mkhomedir.so umask=0077 /etc/pam.d/smartcard-auth:session optional pam_oddjob_mkhomedir.so umask=0077 /etc/pam.d/smartcard-auth-ac:session optional pam_oddjob_mkhomedir.so umask=0077 /etc/pam.d/system-auth:session optional pam_oddjob_mkhomedir.so umask=0077 /etc/pam.d/system-auth-ac:session optional pam_oddjob_mkhomedir.so umask=0077 

Maybe it is not placed in the right line in /etc/pam.d/system-auth:
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     optional      pam_oddjob_mkhomedir.so umask=0077
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid 
session     required      pam_unix.so
session     optional      pam_sss.so

Is there a PAM expert around who can tell?

Regards,
Ronald

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to