homedir creation is broken with sssd
Hello
I have use realm to join a domain without difficulty and use
pam-auth-update --enable mkhomedir, as suggest by the documentation
The problem is, when a new user log into the system, the content of /etc/skel is not copy into the new home directory, even if Download Desktop.... are created.
Adduser work normally and the homedirectory is created fine.
I try to add "umask=002 skel=/etc/skel" after session optional pam_mkhomedir.so in /etc/pam.
I try although to install oddjob-mkhomedir, but no change also.
Is this a bug or I have missed some important configuration?
Thanks for your attention
Question information
- Language:
- English Edit question
- Status:
- Expired
- For:
- Ubuntu pam Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Related FAQ:
None Link to a FAQ
Revision history for this message
![]() |
#1 |
This question was expired because it remained in the 'Open' state without activity for the last 15 days.
Revision history for this message
![]() |
#3 |
*permissions on /etc/skel : drwxr-xr-x for skel and all file in it -rw-r--r--
*/etc/pam.
Is this syntax correct? session optional pam_mkhomedir.so umask=002 skel=/etc/skel
*I have create a normal (that is local and not AD) test user, the homedirectory is correctly created for this test user.
*I have install Oddjob to see if it can solve the problem, but I have seen no change and I have not done any configuration for it.
*Enable PAM debug logging: I do not know how, and a quick search give thinks only for AIX and redhat.
*Look for custom scripts or configurations: I don't have any , so not sure of what to check.
*I have not activate SELinux
*AppArmor: I use the default setting of ubuntu
sudo aa-status have something related to AD
4 processes are in complain mode.
/usr/sbin/sssd (5326)
/usr/
/usr/
/usr/
I am not sure if it is normal or default behavior.
*I try to contact Canonical to buy some professional support, but I have no respond from the commercial, not I am sure that the support can answer this type of question.
Thanks for your attention
Revision history for this message
![]() |
#4 |
Please show:
/etc/pam.
Also please add "debug" do the pam_mkhomedir line, and inspect the logs afterwards.
Revision history for this message
![]() |
#5 |
Here the /etc/pam.
#
# /etc/pam.
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of interactive sessions.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions etc.
# See "man pam_umask".
session optional pam_umask.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_sss.so
session optional pam_mount.so
session optional pam_systemd.so
session optional pam_mkhomedir.so umask=002 skel=/etc/skel debug
# end of pam-auth-update config
Revision history for this message
![]() |
#6 |
With the debug flag, the content of auth.log is there:
Sep 15 17:00:02 testmachine gdm-launch-
Sep 15 17:00:08 testmachine polkitd(
Sep 15 17:00:09 testmachine realmd[542178]: Loaded settings from: /usr/lib/
Sep 15 17:00:09 testmachine realmd[542178]: holding daemon: startup
Sep 15 17:00:09 testmachine realmd[542178]: starting service
Sep 15 17:00:09 testmachine realmd[542178]: connected to bus
Sep 15 17:00:09 testmachine realmd[542178]: GLib-GIO: _g_io_module_
Sep 15 17:00:09 testmachine realmd[542178]: released daemon: startup
Sep 15 17:00:09 testmachine realmd[542178]: claimed name on bus: org.freedesktop
Sep 15 17:00:25 testmachine gdm-password]: pam_unix(
Sep 15 17:00:25 testmachine gdm-password]: pam_sss(
Sep 15 17:00:26 testmachine gdm-password]: gkr-pam: unable to locate daemon control file
Sep 15 17:00:26 testmachine gdm-password]: gkr-pam: stashed password to try later in open session
Sep 15 17:00:26 testmachine gdm-password]: pam_unix(
Sep 15 17:00:26 testmachine systemd-
Sep 15 17:00:26 testmachine systemd: pam_unix(
Sep 15 17:00:26 testmachine gdm-password]: pam_mkhomedir(
Sep 15 17:00:26 testmachine gdm-password]: gkr-pam: gnome-keyring-
Sep 15 17:00:27 testmachine gnome-keyring-
Sep 15 17:00:27 testmachine gnome-keyring-
Sep 15 17:00:27 testmachine gnome-keyring-
Sep 15 17:00:31 testmachine polkitd(
Sep 15 17:00:32 testmachine gdm-launch-
Sep 15 17:00:32 testmachine gdm-launch-
Sep 15 17:00:32 testmachine gdm-launch-
Sep 15 17:00:32 testmachine gdm-launch-
Sep 15 17:00:32 testmachine gdm-launch-
Sep 15 17:00:32 testmachine gdm-launch-
Sep 15 17:00:32 testmachine gdm-launch-
Sep 15 17:00:32 testmachine systemd-
Sep 15 17:00:32 testmachine systemd-
Sep 15 17:00:33 testmachine realmd[542178]: client using service: :1.12357
Sep 15 17:00:33 testmachine realmd[542178]: holding daemon: :1.12357
Sep 15 17:00:34 testmachine polkitd(
Sep 15 17:00:38 testmachine realmd[542178]: * Resolving: _ldap._
Sep 15 17:00:38 testmachine realmd[542178]: * Resolving: _ldap._
Sep 15 17:00:38 testmachine realmd[542178]: * Performing LDAP DSE lookup on: 155.132.166.130
Sep 15 17:00:38 testmachine realmd[542178]: * Performing LDAP DSE lookup on: 155.132.166.130
Sep 15 17:00:38 testmachine realmd[542178]: Searching for (objectClass=*)
Sep 15 17:00:38 testmachine realmd[542178]: Got defaultNamingCo
Sep 15 17:00:38 testmachine realmd[542178]: Sending TCP Netlogon request
Sep 15 17:00:38 testmachine realmd[542178]: * Performing LDAP DSE lookup on: 155.132.189.130
Sep 15 17:00:38 testmachine realmd[542178]: * Performing LDAP DSE lookup on: 155.132.189.130
Sep 15 17:00:38 testmachine realmd[542178]: Received TCP Netlogon response
Sep 15 17:00:38 testmachine realmd[542178]: * Successfully discovered: Olympe.local
Sep 15 17:00:47 testmachine realmd[542178]: client gone away: :1.12357
Sep 15 17:00:47 testmachine realmd[542178]: released daemon: :1.12357
Sep 15 17:00:48 testmachine polkitd(
Sep 15 17:00:48 testmachine gdm-password]: pam_unix(
I see strange things with user gdm and mount, and it looks like the home is consider as already created
Revision history for this message
![]() |
#7 |
the syslog contain errors with sssd, but it is later in time, so I think it is not relevant:
ep 15 17:09:58 ilos sssd_check_
Sep 15 17:09:58 ilos sssd_check_
Sep 15 17:09:58 ilos sssd_check_
Sep 15 17:09:58 ilos sssd_check_
Sep 15 17:09:58 ilos systemd[1]: Started SSSD PAC Service responder.
Sep 15 17:09:58 ilos systemd[1]: sssd-pam-
Sep 15 17:09:58 ilos systemd[1]: sssd-pam-
Sep 15 17:09:58 ilos sssd_check_
Sep 15 17:09:58 ilos sssd_check_
Sep 15 17:09:58 ilos sssd_check_
Sep 15 17:09:58 ilos systemd[1]: Failed to listen on SSSD PAM Service responder private socket.
Sep 15 17:09:58 ilos systemd[1]: Dependency failed for SSSD PAM Service responder socket.
Sep 15 17:09:58 ilos systemd[1]: sssd-pam.socket: Job sssd-pam.
Sep 15 17:09:58 ilos sssd_check_
Sep 15 17:09:58 ilos systemd[1]: sssd-pam.socket: Control process exited, code=exited, status=17/n/a
Sep 15 17:09:58 ilos systemd[1]: sssd-pam.socket: Failed with result 'exit-code'.
Sep 15 17:09:58 ilos systemd[1]: Closed SSSD PAM Service responder socket.
Sep 15 17:09:58 ilos sssd_pac[544432]: Starting up
Sep 15 17:09:58 ilos kernel: [1229428.735765] audit: type=1400 audit(169479059
Revision history for this message
![]() |
#8 |
At that point in time, the home directory already exists. Is that the directory name you expected?
```
Sep 15 17:00:26 testmachine gdm-password]: pam_mkhomedir(
```
This directory name is generated by sssd for the remote users, and it can be tweaked in the configuration.
Also double check this user does not exist in /etc/passwd, where it could then have a different home directory specified.
Revision history for this message
![]() |
#9 |
Yes it is the expected path for the home
the home is created with the expected directories in it (even the one that I add in /etc/skel), but none of the file from /etc/skel are copied (neither the original one, nor the one I have added).
Revision history for this message
![]() |
#10 |
This question was expired because it remained in the 'Open' state without activity for the last 15 days.
Revision history for this message
![]() |
#11 |
Hello
I have more information on this problem, It only appear when using libpam-mount to mount a samba share automatically.
(only install libpam-mount do not create problem, but using it yes)
Thanks for your attention
Revision history for this message
![]() |
#12 |
This question was expired because it remained in the 'Open' state without activity for the last 15 days.
Revision history for this message
![]() |
#13 |
Hello
I have found how to solve this problem.
By default in /etc/pam.
In my case the auto mount try to mount a shared ressource in the homedir of the user before the homedir is created and mess with creation of the homedirectory.
If I deplace the pam_mkhomedir line before the pam_mount line in common.session everything is working fine.
Thanks for your attention