[Solved] Cannot mount cifs home folders with pam_mount.conf

Support
,
1

NethServer Version: 7.6.1810
Module: not sure

Hi,

A year back or so I followed this instruction to join xubuntu machines to my nethserver AD, with home folders on the nethserver. Now the mount of the home folders have stopped working. The computer is still joined to the domain and it is possible to logon, but home folders is no longer mounted in a correct way. And the logon is stuck for a minute or so until I have a prompt.

Output when switching to an AD user below:

$ su user
(pam_mount.c:365): pam_mount 2.16: entering auth stage
(pam_mount.c:568): pam_mount 2.16: entering session stage
(mount.c:262): Mount info: globalconf, user=user@my.domain fstab=0 ssh=0
(mount.c:659): Password will be sent to helper as-is.
command: ā€˜mountā€™ ā€˜-tā€™ ā€˜cifsā€™ ā€˜//server.my.domain/user@my.domainā€™ ā€˜/home/user@my.domainā€™ ā€˜-oā€™ ā€˜username=user@my.domain,uid=123456789,gid=123456789,nosuid,nodev,vers=1.0ā€™
(mount.c:72): Messages from underlying mount program:
(mount.c:76): mount error(11): Resource temporarily unavailable
(mount.c:76): Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
(pam_mount.c:522): mount of user@my.domain failed
command: ā€˜pmvarrunā€™ ā€˜-uā€™ ā€˜user@my.domainā€™ ā€˜-oā€™ ā€˜1ā€™
Invalid user name
(pam_mount.c:439): error reading login count from pmvarrun
(pam_mount.c:660): done opening session (ret=0)

The client is a xubuntu 18.10.

Perhaps I should add that if I remove

override_homedir = /home/%u@%d
override_shell = /bin/bash

from /etc/sssd/sssd.conf the mount is completed correct at /home/user but at login the command prompt starts in folder /var/lib/nethserver/home/user instead of /home/user

Also, if I removed vers=1.0 from

 <volume user="*" sgrp="domain users@mydomain.ad" fstype="cifs" server="neth.mydomain.ad" path="%(DOMAIN_USER)" mountpoint="/home/%(DOMAIN_USER)" options="nosuid,nodev,vers=1.0" />

in /etc/security/pam_mount.conf.xml the logon is done immediately without being stuck in a minute or so.

Any suggestions for where I shall continue trouble shooting?

Thanks in advance!

/Mathias

2

IIRC samba dropped the support for version protocol 1. Just edit your config and add vers=2.1 or 3.0.

3

Hi,
You can try this in your pam_mount.conf.xml
(replace where needed WORKGROUP and Server_netbios_name), you can also experiment with the FQDM with or without workgroup etc.

<volume options="uid=%(USERUID),domain=%(DOMAIN)" username="*" workgroup="WORKGROUP" mountpoint="/home/%(DOMAIN_USER)" path="%(DOMAIN_USER)" server="SERVER_netbios_name" fstype="cifs" />

Also, make sure you put this

<mkmountpoint enable="1" remove="true" />

in the pam_mount.conf.xml in /etc/security

Hope it helps

Best regards
Bogdan

2 Likes
4

Thanks, Iā€™ll give this a try this evening when Iā€™m back home.
Iā€™ll keep you posted.
Cheers
/Mathias

1 Like
5

Well the suggestions from @giacomo and @Ctek did unfortunately not do. Thanks anyway!

When i activate debug in pam_mount.conf.xml I get the below error message when loging in on the client via ssh I get this output:

command: 'ofl' '-k0' '/home/user@my.domain' 
HXproc_run_async: ofl: File or folder does not excist
command: 'umount' '/home/user@my.domain' 
(pam_mount.c:743): pam_mount execution complete
(pam_mount.c:116): Clean global config (0)
(pam_mount.c:133): clean system authtok=0x5567af664970 (0)

Any other suggestions?

6

You have to make sure that the create folder is set to enable.
So when the users is trying to mount the folder from the server, when the destination does not exist it will create it. (as an alternative try to create the folder manually)

Also make sure that $ is set on the path (because maybe it is required since the share is hidden)

BR
Bogdan

1 Like
7

Thanks @Ctek for helping out! Much appreciated.

Unfortunately still not working and now Iā€™m totally lost. :crazy_face:

/etc/security/am_mount.conf.xml looks like this:

<volume user="*" sgrp="domain users@my.domain" fstype="cifs" server="server" path="%(DOMAIN_USER)" mountpoint="/home/%(DOMAIN_USER)" options="nosuid,nodev,vers=2.1" />
<mkmountpoint enable="1" remove="true" />

The vers option Iā€™ve tried to remove, setting to 2.1 and 3 but still no luck.

In /etc/sssd/ Iā€™ve put:

override_homedir = /home/%u@%d
override_shell = /bin/bas

but logging in still fails.

I can mount the home folders manually using the same user name and folders as in belo. And when the home folder is manually mounted log in still fails.

Debug info from PAM that is the same more or less no matter what I change that might give some clue as to what might be wrong

command: 'pmvarrun' '-u' 'user@my.domain' '-o' '1' 
Invalid user name
(pam_mount.c:439): error reading login count from pmvarrun
(pam_mount.c:660): done opening session (ret=0)
Kunde inte starta /bin/bas: File or folder does not exist
(pam_mount.c:706): received order to close things
command: 'pmvarrun' '-u' 'user@my.domain' '-o' '-1' 
Invalid user name
(pam_mount.c:439): error reading login count from pmvarrun
(mount.c:884): going to unmount
(mount.c:262): Mount info: globalconf, user=user@my.domain <volume fstype="cifs" server="server" path="user@my.domain" mountpoint="/home/user@my.domain" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="nosuid,nodev,vers=2.1" /> fstab=0 ssh=0
command: 'ofl' '-k0' '/home/user@my.domain' 
HXproc_run_async: ofl: FIle or folder does not exist

Any other ideas? All suggestions will be very well received! :grinning:

Regards
/Mathias

8

Thereā€™s a typo, I assume it should be /bin/bash.

1 Like
9

Hi Markus, nice catch,
Yes it seems like a typo there that should be fixed.

@bragrabb
The second point is to make sure that you actually see the share name on the server like
ā€œuser@my.domainā€ when you browse the shares

Third point is that i would remove the ā€œvers=2.1ā€ option.

Maybe it works without specifying the version and it will autonegociate it
Iā€™m sure that there is a thing that we miss here or we do not seeā€¦

Best regards
Bogdan

3 Likes
10

Well how about that - Once again the nethserver community comes to my rescue. :slight_smile:
Even though Iā€™m less impressed by my own performance in this particular caseā€¦

Many thanks @Ctek and @mrmarkuz for helping out. When I corrected my type and removed the vers parameter it all started to work again. :smile:

Iā€™m not the one to tell but perhaps the HowTo could/should be updated?

Case closed! And now heading for a cold :beer:.

Kind regards
/Mathias

2 Likes
11

The HOWTO probably should be at least updated to note that 18.10 requires different config. I have been putting off moving to 18.04 as 16.04 is still supported and I have not been impressed with 18.04ā€™s stability.

As to the version info (ver=1.0/ver=2.1), I tried various things, but only 1.0 worked for me. However, that was NethServer 7.4. I need to upgrade everything to the latest (slowly) and make sure it all continues to work.

Have you tried with mixed clients? Ubuntu 16.04 and Ubuntu 18.04/10?

12

I did try with different clients a year ago or so but the only one I got fully working was Xubuntu. The problem with the other variants was that the menu panel / program panel newer showed up, or rather just quickly showed up for a fraction of a second and then was gone.

So everything works as intended except for the program panel is missing. When i run mate-panel --reset as suggested in this thread I get this output:

(mate-panel:5312): dconf-WARNING **: 11:21:07.071: failed to commit changes to dconf: GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._g_2dfile_2derror_2dquark.Code2: Failed to rename file ā€œ/home/user@my.domain/.config/dconf/user.M3Y5YZā€ to ā€œ/home/user@my.domain/.config/dconf/userā€: g_rename() failed: Permission denied

The /home/user@my.domain/ share is located on the nethserver and auto mounted when logging in. I presume this was the problem I run into a year ago. The question now is what the solution looks like.

But perhaps this matter should be posted in a separate thread and this might not even be related to nethserver.

Regards
/Mathias

13

Hmm. I have not seen that error, but I am not using later versions of NethServer or Ubuntu yet. I will need to upgrade in a few years as Ubuntu 16.04 reaches end of life in 2021.

The error seems a bit odd. Is the ā€œuser@my.domainā€ the actual value or does that stand for something else? It is almost as if there is some string interpolation that is not happening correctly somewhere.

I will be travelling for work the next two weeks so I may not be able to respond quickly.

14

The real user name and domain name has been changed to protect the inocent. :slight_smile:
And thanks for looking into this!

15

Hi
Try to perform the operation yourself. The system might not have the right to add/modify files in your profile.
Because MATE is started as another user (root or system)
So try to rename yourself the file ā€œ/home/user@my.domain/.config/dconf/user.M3Y5YZā€ to ā€œ/home/home/user@my.domain/.config/dconf/userā€ and then logoff and logon

BR
Bogdan

16

Bragrabb, can you confirm that you have this in /etc/pam.d/common-session ??

session optional pam_mkhomedir.so skel=/etc/skel umask=077

BR
Bogdan

17

Hi @Ctek,

Thanks for your suggestion. In /etc/pam.d/common-session it says:

session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

Slightly different. :slight_smile: And this might actually also explain why Iā€™ve had issues with ssh and key based login. The certificate files have privileges 755 when Iā€™m logged on to a client. But when logged on to my nethserver the privileges is 700, as required by ssh.

Iā€™ll give this a try but it will have to wait until the coming weekend, unfortunately. Iā€™ll keep you posted.

Regards
/Mathias