local user accounts have no homedir

Showing results for 
Search instead for 
Do you mean 
Reply
Participant III
Posts: 18
Registered: ‎07-08-2015
#1 of 3 851
Accepted Solution

local user accounts have no homedir

Dear community,

 

We just started to manage our first local linux users using the Centrify feature 'local users'.

The agent creates those users, but doesn't create a corresponding homedir (although specified in the mapping).

 

Since these local accounts are technical accounts and typically accessed using su or dzdo, the pam module will not create the homedir, since the user doesn't 'login'.

 

Is there a way to get the homedir auto-created? Maybe a switch in the config file, I didn't find?

 

Thanks for any helpful suggestions.

Kind regards Jens

 

Centrify Guru I
Posts: 2,319
Registered: ‎07-26-2012
#2 of 3 847

Re: local user accounts have no homedir

@jrehn70988,

 

Welcome back!

 

"The agent creates those users, but doesn't create a corresponding homedir (although specified in the mapping).

 Since these local accounts are technical accounts and typically accessed using su or dzdo, the pam module will not create the homedir, since the user doesn't 'login'."

 

You are absolutely right and that's the expected behavior in UNIX systems using pluggable authentication modules (PAM).  The reason being that the session PAM module is responsible for home directory creation at first login based on a local or centralized skeleton (skel) file.

 

But, we have you covered!

 

In anticipation for requests like yours (custom actions) and more specifically for having the ability to use a shared account password management (SAPM) solution to automate the "vaulting" of local credentials created when using teh Centrify zone as a source (or the authoritative source) for UNIX local accounts,  we have the ability to run code on local account creation.  You can leverage this facility to write code that defines "what happens" after a local account is provisioned.

 

There is a GPO for adclient called "Notification Command Line"  that controls the adclient.local.account.notification.cli parameter of adclient.

The documentation is here: https://docs.centrify.com/en/css/2017.3-html/index.html#page/Group_policies/Local_account_management...

We also include a sample under /usr/share/centrifydc/samples/localacctmgmt called handle_local_accts.sh that you can use to get started with your script.

 

I think it may even have a section on home directory creation.  Feel free to modify at your leisure.

 

I have an old personal blog post and videos from when we introduced the feature 2 years ago.  Some of the GUI elements and terminology are outdated.

http://centrifying.blogspot.com/2016/01/labs-testing-local-account-management.html

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant III
Posts: 18
Registered: ‎07-08-2015
#3 of 3 843

Re: local user accounts have no homedir

Hi Robertson,

Thank you so much for your prompt reply. This is exactly, what I was looking for.
Kind regards
Jens