Many of my viewers are seeking to find some information on “oddjob”, so I thought I might give some details that should help clear the air.
All Linux distributions that I have ever tested are subject to this situation, however please don’t see this as a problem. It is merely something that has not been configured (yet, as it is entirely optional).
If you have ever created a local user on a Linux system, you will find that the home directory for the new user is automatically created for you. As a user or an admin of the system in question, no further work needs to be performed.
However, many people in production environments integrated their Linux servers into some form of Identity Management solution.
This could be Microsoft Active Directory, Red Hat Directory Server, FreeIPA, or one of many other forms of IDM.
When you add your Linux system to your Identity Manager (IDM), this simply sets up the system with the ability to conduct user lookups and authenticate any request that comes in against your chosen IDM.
But, lets say you are in the situation where you are connected to your corporate IDM, and you have noticed that when a new user attempts to log into a Linux system, their home directory does not exist and is not created during the login process.
Chances are, the system has not yet been configured to auto-create the folder on log-in. If this is the case, you can follow the below steps on how to achieve this.
In the past, and even today, you can use the trusty “pam_mkhomedir.so” library. This method has been used for many years, however oddjob does supersede this method.
If you with do use this method, use it for RHEL5 and older systems.
Install the pam_mkhomedir.so package.
[root@server /]# yum install -y pam_mkhomedir.so
then add the below line to the end of /etc/pam.d/system-auth
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022
This has been the method of choice for many many years. Although, with RHEL6 or newer systems, the new recommended way to auto-create home directories is to use oddjobd.
Follow the below steps to use oddjob.
Install oddjob
[root@server /]# yum install -y oddjob-mkhomedir
Set oddjob to start on boot, and start the service
[root@server /]# chkconfig oddjobd on [root@server /]# service oddjobd start Starting oddjobd: [ OK ] [root@server /]#
Now we need to update our authentication mechanism to tell oddjob to create our home directory automatically.
root@server ~]# authconfig --enablemkhomedir --update Starting Winbind services: [ OK ] Starting oddjobd: [ OK ] [root@server ~]#
That’s it. As simple as that.
Note: If you use SELinux in enforcing mode in your environments (and yes you should be if you just answered no to that question), you will need to stick with oddjob as there is currently an issue with pam_mkhomedir setting the incorrect SELinux contexts on home directories when they are created.
Hi There,
So I’ve got this working and SSH logins will create a home directory just fine. However how do you configure oddjobd to create home directories when the login comes from another source that isn’t SSHD?
cheers!
Hi Craig
Apologies for the late reply.
oddjobd gets loaded via a pam process. If you have installed oddjobd and updated your authconfig, it should create a new home directory for any successful login process. It is not specific to services.
In the old method of using pam_mkhomedir.so, this could be configured on a per service level, however I have never seen that done with oddjobd.
Dale
Hello,
Just for your information, you could add
session optional pam_oddjob_mkhomedir.so
to your password-auth-ac and system-auth-ac files inside the /etc/pam.d directory instead of running authconfig.
Thanks for the post!
Thanks for the post!
How can you change the default directory path created by oddjob from
/home/user
to
/home/username-first-letter/user
?
Thanks!
Hi Matt
Can you clarify what you are trying to achieve? If I understand correctly, I’ll do some testing on the below example for you.
E.g
Full Name: John Doe
Username: jdoe
Home Dir Path: /home/doe/jdoe
Is this a good understanding of your objective?
Dale
Thanx.
Tried this on a CentOS 6.5 install, a client computer hooked up to rhel/CentOS’s “Identity Management” that supposedly (since rhel 6.2) is the “modern/recommended” way of doing IDM.
I noticed that when doing the authconfig –enablemkhomedir –update command, the service sssd was for some reason stopped ( where your example above instead says “Starting Winbind services”) and that then stopped the IDM from working…
Just start the sssd service again (and make sure with chkconfig that it’s started at boot etc) and stuff works just fine. See below :
Ref 1 – Red Hat’s guide to Identity Management
Ref 2 – Nice blog by Luc de Louw on How-to-IPA
Is it possible to have different home directories for different users.