Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Desktop Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 15th November 2011, 13:28
lorens lorens is offline
Junior Member
 
Join Date: Nov 2011
Posts: 11
Thanks: 7
Thanked 0 Times in 0 Posts
Default

I have already debugging enabled, tells authentication succeeded.
Reply With Quote
Sponsored Links
  #12  
Old 15th November 2011, 14:04
lorens lorens is offline
Junior Member
 
Join Date: Nov 2011
Posts: 11
Thanks: 7
Thanked 0 Times in 0 Posts
Default

I'm trying another configuration. See below.

/etc/pam.d/common-session (at top)
session sufficient pam_mkhomedir.so skel=/home/formacio umask=0022

/etc/pam.d/gdm
auth sufficient pam_radius_auth.so debug
auth requisite pam_nologin.so
auth sufficient pam_succeed_if_so.so
@include common-auth
auth optional pam_gnome_keyring.so
account sufficient pam_radius_auth.so
@include common-account
session required pam_limits.so
#session required pam_mkhomedir.so skel=/home/formacio umask=0022
@include common-session
session optional pam_gnome_keyring.so auto_start
@include common-password


The result is that trying to log in with an local user I see at auth.log pam_mkhomedir(PLUGIN:session): Home directory /home/LOCAL_USER already exists

If I try a RADIUS_USER auth.log tells nothing about pam_mkhomedir.

Any idea?
Reply With Quote
  #13  
Old 15th November 2011, 14:11
nbhadauria nbhadauria is offline
Member
 
Join Date: Aug 2010
Location: New Delhi, India
Posts: 79
Thanks: 1
Thanked 13 Times in 13 Posts
Send a message via Skype™ to nbhadauria
Default

manually create home directory for RADIUS_USER and then try..
Reply With Quote
The Following User Says Thank You to nbhadauria For This Useful Post:
lorens (16th November 2011)
  #14  
Old 16th November 2011, 10:02
lorens lorens is offline
Junior Member
 
Join Date: Nov 2011
Posts: 11
Thanks: 7
Thanked 0 Times in 0 Posts
Default

This is working, but it's not an acceptable solution.
Because I don't know all usernames that can login at the machine, so I have to create home directories dynamically.

Last edited by lorens; 16th November 2011 at 12:17.
Reply With Quote
  #15  
Old 18th November 2011, 10:09
lorens lorens is offline
Junior Member
 
Join Date: Nov 2011
Posts: 11
Thanks: 7
Thanked 0 Times in 0 Posts
Default

I'm posting the configuration files:

############# /etc/pam.d/common-account ####################

account sufficient pam_radius_auth.so
session required pam_mkhomedir.so

account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so


############# /etc/pam.d/common-auth #######################

auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so


############# /etc/pam.d/common-session #######################

session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_mkhomedir.so
session required pam_unix.so
session optional pam_ck_connector.so nox11


############# /etc/pam.d/gdm #######################

auth sufficient pam_radius_auth.so debug
auth requisite pam_nologin.so
auth sufficient pam_env.so readenv=1
auth sufficient pam_env.so readenv=1 envfile=/etc/default/locale
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
auth optional pam_gnome_keyring.so
account sufficient pam_radius_auth.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_limits.so
session sufficient pam_mkhomedir.so skel=/home/formacio umask=0022
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_gnome_keyring.so auto_start
@include common-password


############# /etc/pam.d/login #######################

auth required pam_securetty.so
auth requisite pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale

# Standard Un*x authentication.
@include common-auth

auth optional pam_group.so

session required pam_limits.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard

# Standard Un*x account and session
@include common-account
@include common-session
@include common-password

session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open

################################################## ##########

I hope this will help.
Reply With Quote
  #16  
Old 18th November 2011, 15:39
nbhadauria nbhadauria is offline
Member
 
Join Date: Aug 2010
Location: New Delhi, India
Posts: 79
Thanks: 1
Thanked 13 Times in 13 Posts
Send a message via Skype™ to nbhadauria
Default

I have done same thing but with ldap not with radius and don't really have a setup where i can try this.

Still if you like give it a try.

Use a new formatted desktop and use only this configuration ..

vi /etc/pam.d/common-auth

session required pam_limits.so
session required pam_unix.so
session optional pam_radius_auth.so
session required pam_mkhomedir.so skel=/etc/skel
session optional pam_foreground.so
Reply With Quote
The Following User Says Thank You to nbhadauria For This Useful Post:
lorens (22nd November 2011)
  #17  
Old 22nd November 2011, 14:06
lorens lorens is offline
Junior Member
 
Join Date: Nov 2011
Posts: 11
Thanks: 7
Thanked 0 Times in 0 Posts
Default

This way it's not working.

I already notice that the real problem is that accounting/session is failing because the radius user has not an entry at `/etc/passwd`

I'm currently trying to do adduser by `libpam_script.so` plugin. Maybe it's the solution
Reply With Quote
  #18  
Old 29th November 2011, 13:24
lorens lorens is offline
Junior Member
 
Join Date: Nov 2011
Posts: 11
Thanks: 7
Thanked 0 Times in 0 Posts
Default

Finally I have solved the problem by using `pam_script` to execute `adduser` before entering the gdm session.

Thanks all.
Reply With Quote
  #19  
Old 29th November 2011, 17:54
nbhadauria nbhadauria is offline
Member
 
Join Date: Aug 2010
Location: New Delhi, India
Posts: 79
Thanks: 1
Thanked 13 Times in 13 Posts
Send a message via Skype™ to nbhadauria
 
Default

That's great ..

Do upload your solution ..
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
My Server Is Sending Spam. How Do I Block This? LordJ Server Operation 1 7th July 2011 19:34
user has no rights on his own home folder? notze General 1 20th May 2011 12:20
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
Vhosts...conf not synced to changes crypted General 50 24th April 2010 00:54
New FTP Users can't login pyropoptrt General 21 12th June 2009 13:13


All times are GMT +2. The time now is 23:48.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.