Unable to login Lubuntu Desktop openLDAP

Question

Our admin is trying to install an openLDAP system for some network machines.

I'm listing all the steps here so that someone may point out the breaking mistake.

Objective

1. Setup a centralized authentication system with Ubuntu server and lubuntu clients.

2. The users should have their personal directories kept on the server and accessible on every client they login.

Errors

1. After the steps below the openLDAP user test1 is able to login through terminal, but the desktop login keeps looping and returning.

2. Any new user 'test2' ( without creating folder on client machine ) created on server throws an error on client:

   Could not chdir to home directory /home/users/test2: No such file or director
   

Setup

Using a Ubuntu Server 13.04 and Lubuntu 13.10 client

Server IP : 192.168.0.55
Client IP : 192.168.0.100

1. The Lubuntu clients were installed through PXE booting over the network and installation files cached through apt-cacher-ng.

2. A preseed file provided some of the openLDAP details to the client

   ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://192.168.0.55
   ldap-auth-config ldap-auth-config/ldapns/base-dn string  dc=organization,dc=lin
   ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3
   ldap-auth-config ldap-auth-config/dbrootlogin boolean yes
   ldap-auth-config ldap-auth-config/dblogin boolean false
   ldap-auth-config ldap-auth-config/rootbinddn string cn=admin,dc=organization,dc=lin
   

3. Both server and clients are normal virtualbox VM's and no fancy hardware is involved. Already checked ls -lah. The output is :

   total 8.0K
   drwxr-xr-x 2 root root 4.0K Jul 21 09:20 .
   drwxr-xr-x 3 root root 4.0K Jul 21 09:20 ..
   

Server Steps

1. Installed openLDAP on the server sudo apt-get install slapd ldap-utils and specified administrator password

2. Edited configuration file to reflect new domain sudo nano /etc/ldap/ldap.conf:

   BASE dc=organization,dc=lin
   URI ldap://192.168.0.55
   

3. Ran the configuration assistant sudo dpkg-reconfigure slapd

   ? Omit Server Configuration - No
   ? DNS Domain Name - organization.lin
   ? Organization Name - Organization Name
   ? Admin Password - <adminPassword> and re-enter
   ? Back-end Database - HDB
   ? Remove Database - Yes
   ? Move Old Database - Yes
   ? Allow LDAPv2 - No
   

4. Tested LDAP Server sudo ldapsearch -x and verified the settings

5. Installed phpLDAPAdmin sudo apt-get install phpldapadmin

6. Created symbolic link sudo ln -s /usr/share/phpldapadmin/ /var/www/phpldapadmin

7. Edited phpLDAP configuration sudo nano /etc/phpldapadmin/config.php and set the following

   $servers->setValue('server','name','Organization LDAP Server');
   $servers->setValue('server','host','192.168.0.55');
   $servers->setValue('server','base',array('dc=organization,dc=lin'));
   $servers->setValue('login','bind_id','cn=admin,dc=organization,dc=lin');
   

8. Restarted the Apache service 'sudo /etc/init.d/apache2 restart'

9. Opened ports 'sudo ufw allow 80' and 'sudo ufw allow 389'

10. Tried logging into phpLDAP Admin http://192.168.0.55/phpldapadmin/

    Login DN : cn=admin,dc=organization,dc=lin
    Password : <adminPassword>
    

11. Now tested phpLDAPAdmin

    Created a POSIX group - Employees
    Created a POSIX Account below it - test1 / password1
    

12. The home directory for the user is /home/users/test1

Client Steps

1. Installed sudo apt-get install libnss-ldap libpam-ldap ldap-utils ldap-auth-client nscd on client

2. Edited sudo nano /etc/ldap.conf and entered following information :

   base dc=organization,dc=lin
   uri ldap://192.168.0.55/
   ldap_version 3
   rootbinddn cn=admin,dc=organization,dc=lin
   pam_password md5
   

3. Edited sudo nano /etc/ldap.secret and entered following information : <adminPassword>

4. Secured File sudo chmod 600 /etc/ldap.secret

5. Ran `sudo auth-client-config -t nss -p lac_ldap'

6. Edited sudo nano /etc/pam.d/common-password

7. Set line 26 as password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass

8. Created directory sudo mkdir /home/users

9. Installed NFS-Common sudo apt-get install nfs-common

10. Edited sudo nano /etc/fstab and entered the following:

    192.168.0.55:/home/users/   /home/users/   nfs rsize=8192,wsize=8192, timeo=14,intr
    

References

http://www.unixmen.com/openldap-installation-configuration-ubuntu-12-1013-0413-10-debian-67-2/

http://www.unixmen.com/configure-linux-clients-authenticate-using-openldap/

http://www.unixmen.com/openldap-installation-configuration-ubuntu-12-1013-0413-10-debian-67/

https://help.ubuntu.com/lts/serverguide/openldap-server.html

https://help.ubuntu.com/community/InstallingphpLDAPadmin

Answer 1

Seems to me the error is not in LDAP, but in automatically creating home directories of new users. According to the Debian wiki:

Include this in /etc/pam.d/common-session if you want to automatically create home directories when users first login:

session     required      pam_mkhomedir.so skel=/etc/skel umask=0022

Note that looping back to login screen happens whenever the home directory can't be written to - this may be because the directory doesn't exist, or doesn't have write permissions, or has a full disk quota, etc.