Home / server / Questions / 180998
Accepted
John
Asked: 2010-09-15 06:01:23 +0800 CST

How to automatically create user accounts ( SSH + LDAP )

  • 772

I set up remote LDAP server (Server1) and SSH with pam_ldap on Server2. Everything is working ok, I can login to SSH with LDAP credentials. But when I want to add new user, I have to firstly create it in LDAP databases and then run adduser on Server2.

How can I automatically create the user account on Server2 after adding it to LDAP database ? For example when the user first logs in? Thanks.

linux debian ssh ldap pam

3 Answers

  1. Best Answer

    You don't need to actually make the user on the server2, only their home directory on first login. You're looking for pam_mkhomedir:

    http://www.linux-pam.org/Linux-PAM-html/sag-pam_mkhomedir.html

    Google will find you many howtos and examples on getting this set up.

    • 13

  2. Have you enabled the LDAP module for NSS?

    See here on how to do this: http://wiki.debian.org/LDAP/NSS

    • 2

  3. Actually, I found a working procedure for Debian on this page

    Here it is:

    Create /usr/share/pam-configs/mkhomedir file

    Fill it with the following content:

    Name: Create home directory during login
Default: yes
Priority: 900
Session-Type: Additional
Session:
        required        pam_mkhomedir.so umask=0022 skel=/etc/skel

    Run the following command as root (or sudo) to update PAM configuration:

    pam-auth-update

    Login with non-existing user should now create it on the target system

    • 0