Configuring PAM Authentication with Active Directory

R Studio 1.3.1093-1 CentOS 7 Server w/ Active Directory Authentication.

My CentOS 7 server is configured to authenticate against Active Directory (AD) using SSSD. If a user logs into the server through SSH a directory is dynamically created for them. They then can use the R Studio interface to login. Everything works fine.

If the user has never logged in before they don't have a home directory. If they try to login via the R Studio interface their login fails. The logs indicate R Studio is trying to setup/create files in the users home directory which doesn't exist and thus fails.

I'm familiar with PAM and have created a custom /etc/pam.d/rstudio file. I've tried using both pam_mkhomedir.so and pam_oddjob_mkhomedir.so to dynamically create the users home directory but it doesn't work. It's as if it's trying to create files in the users home directory during authentication and not getting to the session section where it would create the directory.

/etc/pam.d/rstudio 
auth         requisite     pam_succeed_if.so uid >= 1000 debug
auth         requisite     pam_sss.so    
session    required     pam_unix.so
#session    required     pam_mkhomedir.so  skel=/etc/skel umask=0022 debug
session     required    pam_oddjob_mkhomedir.so umask=0077
account   requisite     pam_unix.so

I've seen documentation for the Pro version that it can create a user's home directory. I need to know if this is possible in the Open Source and if so what version I need to be on for it to work.

https://docs.rstudio.com/rsp/configuration/authentication/active-directory/

session required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

Thanks,

Pete Kain

Hi Pete

Integration with PAM is a feature of RStudio Server Pro and is not available in the open source version.

Andrie

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.