Thanks to the others who contributed the content!
Now if I could just solve my FTP problem…
Congratulation, good work, well done !
Shoot … I have a running FTPES on my member-file server … still trying to find to get to wrinting the howto (doubles as my documentation )
Please! That is why I wrote up the HOWTO as well. If I can use it and make it work five or six times in a row, then it is probably good and now the Internet has backed up my HOWTO
I have another problem to solve before I get to FTP now. It looks like the built in NIC on the motherboard is bad. I thought it was the cheap USB Ethernet adaptor I bought, but now that I replaced that with a PCIe NIC, I still get hard lock ups under heavy network traffic.
Playing five or six Youtube videos or a really large torrent download (a well-seeded download) will do it. SUSE Leap downloading via torrent seems to cause it on demand. Without network load, the system seems stable. Grrrr…
I found a problem with my original set up (not in the HOWTO above). I had multiple folders mounted in the pam_mount.conf.xml
file. The volumes section looked like this:
<volume user="*" sgrp="domain users@mydomain.ad" fstype="cifs" server="neth.mydomain.ad" path="%(DOMAIN_USER)" mountpoint="/home/%(DOMAIN_USER)" options="nosuid,nodev" />
<volume user="*" sgrp="domain users@mydomain.ad" fstype="cifs" server="neth.mydomain.ad" path="share1" mountpoint="/home/%(DOMAIN_USER)/share1" options="nosuid,nodev" />
<volume user="*" sgrp="domain users@mydomain.ad" fstype="cifs" server="neth.mydomain.ad" path="share2" mountpoint="/home/%(DOMAIN_USER)/share1/share2" options="nosuid,nodev" />
So each user would get /home/user/share1/share2
. That was the idea. Immediately after a reboot, this would work every time. However, after multiple, rapid login/logout sequences where I changed users each time, I started to see that share2
was not being mounted. There were no errors that I could find anywhere in any log. I set debug on and still no errors. I flattened the structure out so that share1
and share2
both were mounted into the user’s home directory and the problems stopped.
Is this a bug in pam_mount or something that is documented but I missed it?
WARNING: I just had to tweak the volume configuration again. Due to the Meltdown/Spectre kernel updates, all my Ubuntu 16.04 machines updated to kernel 4.13. Apparently that changes some part of the CIFS/SMB behavior as a client. I was getting really odd errors where files would appear with ls, but if you tried to read the file you would get a “file not found” error. The solution was to add the vers=1.0 extra option to the option strings in the above volumes. At least so far this seems to be working.
Hello,
is there a possibility that the home directory is mirrored on the computer?
It’s not a problem with the stationary computers, but what to do if you want to use the family laptop somewhere else.
Or is this idea to be rejected immediately?
Interesaant would still be a script that can automate the installation and setup.
Where the effort is not great but it must be stopped on all computers …
But the HowTo is TOP!
Good job!
Thank you
There is another HOWTO that shows that… Let’s see where that was…
OK, I am not correct. I thought that there was a howto on that. I am not seeing it now
It is possible. I know that when I looked online to find instructions on how to to the above HOWTO, I found examples of “roaming profiles” with Linux clients.
That said, this HOWTO is not for that particular use case.
It would be possible to skip the mount parts, use pam_mkhomedir (double check the name of the PAM module) and some pre/post login scripts to run rsync or something. The first login might take a loooooooooong time if the user has a lot of files.
If you have an all-Linux system, you might want to look at AndrewFS or something similar.
Has anyone tested it with Ubuntu 17.10 or the upcomming 18.04 (nightly build)?
I was able to install both on a ZFS rootFS, also joined the NS7 Domain, but got an error when I tried to logon on the GUI with a Domain-User…
pam_sss(gdm-password:auth): received for user xxx (User not known to the underlying authentication module)
Feb 1 19:56:22 xubuzfs lightdm: pam_unix(lightdm:auth): check pass; user unknown
Feb 1 19:56:22 xubuzfs lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Feb 1 19:56:22 xubuzfs lightdm: pam_sss(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=admin@example.org
Feb 1 19:56:22 xubuzfs lightdm: pam_sss(lightdm:auth): received for user admin@example.org: 10 (User not known to the underlying authentication module)
Feb 1 19:56:24 xubuzfs lightdm: PAM unable to dlopen(pam_kwallet.so): /lib/security/pam_kwallet.so: cannot open shared object file: No such file or directory
Feb 1 19:56:24 xubuzfs lightdm: PAM adding faulty module: pam_kwallet.so
Feb 1 19:56:24 xubuzfs lightdm: PAM unable to dlopen(pam_kwallet5.so): /lib/security/pam_kwallet5.so: cannot open shared object file: No such file or directory
Feb 1 19:56:24 xubuzfs lightdm: PAM adding faulty module: pam_kwallet5.so
Feb 1 19:56:27 xubuzfs realmd[2820]: quitting realmd service after timeout
Feb 1 19:56:27 xubuzfs realmd[2820]: stopping service
Any suggestions ?
OK, got it…
nano /etc/lightdm/lightdm.conf
[SeatDefaults]
allow-guest=false
greeter-show-manual-login=true
to be able to logon on GUI after ad join on a xUbuntu 17.10 Desktop…
See Step 11 in the HOWTO. What you have is not quite the same. If you try to use the same configuration does it not work? If not, I will update the HOWTO so that it shows the slight change for 17.10. Thanks!
I can try that and give you a feedback…
That’s a great howto! Very detailed post, thanks for posting it.
Hi there!
Great HowTo! Thanks @Kyle_Hayes for putting effort into compiling this instruction.
I’ve managed to get Ubuntu 32 bit 16.04 LTS work like a breeze.
However I’, facing a problem with 64 bit 16.04 LTS. I can join the AD, logon via terminal and access all my files. No problem. But when I logon via lightdm some interesting (?) things happens. The desktop appears with all the files I have on it, as normally. But the launcher to the left shows up for less than a second an then disappears!? In syslog I get this error message, which I suspect is related:
Blockquote (update-manager:7337): dconf-WARNING **: failed to commit changes to dconf: GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._g_2dfile_2derror_2dquark.Code2: Failed to rename file ‘/home/name@ad.server/.config/dconf/user.BRVNFZ’ to ‘/home/name@ad.server/.config/dconf/user’: g_rename() failed: Permission denied > Blockquote
Then I try a freshly installed Ubuntu 64 bit 17.10 with no success unfortunately. I cannot start sssd.service and systemctl status sssd gives this message:
Blockquote sssd[1504]: tkey query failed: GSSAPI error: Major = Unspecified GSS failure Minor code may provide more information, Minor = Server not found in Kerberos database > Blockquote
Any ideas on what might be wrong? Have I misconfigured my nethserver? All suggestions will be highly appreciated since I for now have to keep my old Zentyal server, which I would prefer to ditch as soon as possible.
Kind regards
/Mathias
Ok, let’s move forward here
It does not work for me.
The following manual command is executed correctly:
mount -t cifs -o username=abc //server/abc@ad.domain.de /home/abc.
The home directory of abc gets mounted.
In pam_mount.conf.xml I have:
’<volume user="*" fstype=“cifs” server=“server” path="%(USER)" mountpoint="/home/%(USER)" 'options=“nosuid,nodev,vers=1.0” />
The resulting pam_mount command is:
mount ‘-t’ ‘cifs’ ‘//server/abc@ad.domain.de’ '/home/abc ‘-o’ 'username=abc@ad.domain.de,uid=xxx,gid=xxx,nosuid,nodev,
vers=1.0’
This command fails. The server reports:
'domain_client_validate: unable to validate password for user abc@ad.domain.de in domain LAN to Domain controller NSDC-xxx.AD.DOMAIN.DE. Error was NT_STATUS_WRONG_PASSWORD.'
In fact the user can login to this server; ‘abc@ad.domain.de’ works as well as ‘abc’ with the same password.
What the hell …?
/etc/security/pam_mount.conf.xml:
<!-- Volume definitions -->
<volume user="*" sgrp="domain users@example.org" fstype="cifs" server="neth7" path="%(DOMAIN_USER)" mountpoint="~/nethome" options="nosuid,nodev" />
Change the servername (neth7) and domainname (example.org). The rest should be OK…
You mean lightdm.conf ? Sorry, I stoppt working on 17.10 because 18.04 b1 is out and I tought It is time to change…