Solved Strange pam_mkhomedir behavior (or lack thereof)

[LordInateur]

To start: Please move this thread into a new category if it fits more appropriately-- I wasn't quite sure if the general forum was correct but I didn't see a more specific category.

I'm having a few issues creating new home directories for users when they sign in to my server machine, and I'm hoping to get some advice.

As part of my server authentication procedure I've historically had security/pam_mkhomedir installed and configured in an LDAP-oriented workflow for connections through SSH. My current PAM configuration for SSH at /etc/pam.d/sshd reads as follows:

# auth
auth            sufficient      pam_opie.so             no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
auth            sufficient      /usr/local/lib/pam_ldap.so      no_warn
auth            required        pam_unix.so             no_warn try_first_pass

# account
account         required        pam_nologin.so
account         required        pam_login_access.so
account         required        /usr/local/lib/pam_ldap.so      no_warn ignore_authinfo_unavail ignore_unknown_user
account         required        pam_unix.so

# session
session         required        pam_permit.so
session         required        /usr/local/lib/pam_mkhomedir.so         debug

# password
password        required        pam_unix.so             no_warn try_first_pass

It appears that pam_mkhomedir is running to some degree, as (with the debug option enabled) the following (redacted) entries present themselves in /var/log/debug.log when I successfully log in and back out of the server with my LDAPS user.

Aug 25 12:58:51 my-host sshd[6370]: in openpam_dispatch(): calling pam_sm_open_session() in /usr/local/lib/pam_mkhomedir.so
Aug 25 12:58:51 my-host sshd[6370]: in pam_get_user(): entering
Aug 25 12:58:51 my-host sshd[6370]: in pam_get_item(): entering: PAM_USER
Aug 25 12:58:51 my-host sshd[6370]: in pam_get_item(): returning PAM_SUCCESS
Aug 25 12:58:51 my-host sshd[6370]: in pam_get_user(): returning PAM_SUCCESS
Aug 25 12:58:51 my-host sshd[6370]: in copymkdir(): mkdir(/home/my-user)
Aug 25 12:58:51 my-host sshd[6370]: in openpam_dispatch(): /usr/local/lib/pam_mkhomedir.so: pam_sm_open_session(): Success
Aug 25 12:58:54 my-host sshd[6370]: in openpam_dispatch(): calling pam_sm_close_session() in /usr/local/lib/pam_mkhomedir.so
Aug 25 12:58:54 my-host sshd[6370]: in openpam_dispatch(): /usr/local/lib/pam_mkhomedir.so: pam_sm_close_session(): Success

However, this doesn't result in the actual creation of the home directory. I'm setting up some new servers and I rarely create new users, so I suppose I simply hadn't noticed this issue before today. Does anyone have any ideas on why that might be the case and the next steps I should take to debug this?

Thanks!

 

[SirDice]

The debug output seems to suggest it succeeded in creating the home directory. But apparently it's not there? Maybe you have a mismatch? /usr/home vs /home for example. The default is usually /usr/home and /home is a symlink to /usr/home.

 

[LordInateur]

The debug output seems to suggest it succeeded in creating the home directory. But apparently it's not there? Maybe you have a mismatch? /usr/home vs /home for example. The default is usually /usr/home and /home is a symlink to /usr/home.

Yeah this was sort of the track I was currently trying to follow--I've been trying to track down whether or not there's some sort of config I could apply to force pam_mkhomedir to use the true path. /home is definitely symlinked to /usr/home in my case.

 

[SirDice]

Is the home directory set correctly in the user's LDAP entry?

 

[LordInateur]

You know, I spoke too soon and re-double-checked the symlink, and lo and behold it was a PEBCAK issue. I've got it everywhere else but apparently not there-- thanks.

(future archaeologists, please use this thread as an example of why sleep is a good thing)