First, here is my setup:
Installed CentOS 7 on a physical computer, went with default settings, minimal install.
Added packages needed to join an Active Directory domain (realmd sssd adcli samba-common ntp oddjob-mkhomedir)
Joined AD (running on Windows 2008 R2), successfully using realm command
Tested login with domain user through ssh and console and it works, the user's home folder is created at first login in /home/domain/username
Installed samba
Created a very simple config for samba:
[global]
workgroup = mydomain
server string = Samba Server Version %v
security = ads
; encrypt passwords = yes
passdb backend = tdbsam
realm = mydomain.ld

# Not interested in printers
load printers = no
cups options = raw
printcap name = /dev/null

# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 50

[homes]
comment = Home Directories
browseable = no
writable = yes

When I log in with domain account from a windows computer, it works, I see only one folder named as the username, which is expected, but when I double-click on it, it stays a while and then it says that the path cannot be found.
I look on the server and yes, the path is not there. The home folder wasn't created.

After testing and digging for a few days I believe that the problem is PAM. sssd sends the authentication request to PAM. In the
/etc/pam.d/system-auth file there is a command that says:

session optional pam_mkhomedir.so umask=0077

I changed the "optional" to "required" but no change. oddjob service is running, but the pam_mkhomedir.so seems either not to execute at all or to execute but with some error.

I found no way to debug PAM to see exactly what is going on.

I turned on debugging for sssd, I see that it indeed calls PAM for authentication, PAM replies with OK (which is true since I can logon) but it is clear that PAM fails to create the home dir.

That's it. Any idea or suggestion would be greatly appreciated.

Hi andreiv

I had the same problem right now.
Could login with domain-credentials but where thrown out directly afterwards.
In /var/log/messages I could see the system tried to create the HOMEDIR /home/DOMAINNAME/USERNAME but was not allowed.
I created the folder /home/DOMAINNAME, tried again but still got the error theat HOMEDIR could not be created.
I created /home/DOMAINNAME/USERNAME , tried login in again and it worked.

That is not what I want for the future, but at least I could login and work with the machine.

Iodok

Hi folks, this is actually quite straightforward, well I spent most of the morning!
Its our old friend selinux again;

http://wiki.centos.org/HowTos/SetUpSamba

If you want to share the default home directory, type this command:

setsebool -P samba_enable_home_dirs on

This worked perfectly for me.
Though, somewhat disappointingly, you still need to manually create the home dir or ssh as the user first. Samba for some reason will not use the oddjob mkhomedir utility.

Hope this helps.
Best Regards
Stephen