Force PAM to create user home folder if it already not exists

[lorens]

I have already debugging enabled, tells authentication succeeded.

[lorens]

I'm trying another configuration. See below.

/etc/pam.d/common-session (at top)
session sufficient pam_mkhomedir.so skel=/home/formacio umask=0022

/etc/pam.d/gdm
auth sufficient pam_radius_auth.so debug
auth requisite pam_nologin.so
auth sufficient pam_succeed_if_so.so
@include common-auth
auth optional pam_gnome_keyring.so
account sufficient pam_radius_auth.so
@include common-account
session required pam_limits.so
#session required pam_mkhomedir.so skel=/home/formacio umask=0022
@include common-session
session optional pam_gnome_keyring.so auto_start
@include common-password


The result is that trying to log in with an local user I see at auth.log pam_mkhomedir(PLUGIN:session): Home directory /home/LOCAL_USER already exists

If I try a RADIUS_USER auth.log tells nothing about pam_mkhomedir.

Any idea?

[nbhadauria]

manually create home directory for RADIUS_USER and then try..

[lorens]

This is working, but it's not an acceptable solution.
Because I don't know all usernames that can login at the machine, so I have to create home directories dynamically.

[lorens]

I'm posting the configuration files:

############# /etc/pam.d/common-account ####################

account sufficient pam_radius_auth.so
session required pam_mkhomedir.so

account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so


############# /etc/pam.d/common-auth #######################

auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so


############# /etc/pam.d/common-session #######################

session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_mkhomedir.so
session required pam_unix.so
session optional pam_ck_connector.so nox11


############# /etc/pam.d/gdm #######################

auth sufficient pam_radius_auth.so debug
auth requisite pam_nologin.so
auth sufficient pam_env.so readenv=1
auth sufficient pam_env.so readenv=1 envfile=/etc/default/locale
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth
auth optional pam_gnome_keyring.so
account sufficient pam_radius_auth.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_limits.so
session sufficient pam_mkhomedir.so skel=/home/formacio umask=0022
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session optional pam_gnome_keyring.so auto_start
@include common-password


############# /etc/pam.d/login #######################

auth required pam_securetty.so
auth requisite pam_nologin.so
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_env.so readenv=1
session required pam_env.so readenv=1 envfile=/etc/default/locale

# Standard Un*x authentication.
@include common-auth

auth optional pam_group.so

session required pam_limits.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard

# Standard Un*x account and session
@include common-account
@include common-session
@include common-password

session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open

################################################## ##########

I hope this will help.

[nbhadauria]

I have done same thing but with ldap not with radius and don't really have a setup where i can try this.

Still if you like give it a try.

Use a new formatted desktop and use only this configuration ..

vi /etc/pam.d/common-auth

session required pam_limits.so
session required pam_unix.so
session optional pam_radius_auth.so
session required pam_mkhomedir.so skel=/etc/skel
session optional pam_foreground.so

[lorens]

This way it's not working.

I already notice that the real problem is that accounting/session is failing because the radius user has not an entry at `/etc/passwd`

I'm currently trying to do adduser by `libpam_script.so` plugin. Maybe it's the solution

[lorens]

Finally I have solved the problem by using `pam_script` to execute `adduser` before entering the gdm session.

Thanks all.

[nbhadauria]

That's great ..

Do upload your solution ..