Author Topic: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME  (Read 72521 times)

AndresitoGeorge

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Hey UdoB,

Great howto. I was having issue with getting information from the ldapsearch. The user names I was using had a "." between the first name and last name. So the the command would authenticate, but the search did not return anything. I changed the user names to first initial and last name, and now everything seems fine.

Thanks again for the great tutorial.

UdoB

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +17/-0
    • View Profile
Great howto. I was having issue with getting information from the ldapsearch. The user names I was using had a "." between the first name and last name. So the the command would authenticate, but the search did not return anything. I changed the user names to first initial and last name, and now everything seems fine.

I'm happy it is useful for somebody  :)

You might click on [applaud] (left sidebar) to get me another positive karma point ;)

Best regards
Udo

furiac3lta

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +0/-0
    • View Profile
udo i want to ask something..have you know any way to mount shared files by user session in the start session...example i use gigolo and i configured all shared folder by user in one client in this case debian client...and works wonderfull....but one user change his pass in the user corner and when the client start the session gigolo ask the pass for each shared folder...how i can solved that..please help me thx a lot

UdoB

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +17/-0
    • View Profile
to mount shared files by user session in the start session...example i use gigolo

Sorry, I have absolutely no idea what that is.

With Zentyal/Samba a user has a set of well defined access rights on a server's share (and/or any other share on other servers belonging to the domain Zentyal/Samba instantiates). Changing my password (or deleting my complete account) can not influence the rights of a another user.

If you want to share files from one user to allow another user accessing them you can either create a share for this specific use case and grant exactly the required rights to the target users. Or you can set file permissions (better/recommended: rights on directories/folders instead on single files), again to grant specific users/usergroups read/write access.

How the access control under Samba works is well documented, I think... 

Best regards
Udo

furiac3lta

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +0/-0
    • View Profile
hi udo..gigolo is an applicattion with gui-interface to mount shared folder i install from debian repo. Now I m try to mount share folder with pam_mount.conf.xml uncomment
<luserconf name=".pam_mount.conf.xml" />

i create with vim .pam_mount.conf.xml in user home and i put this:

<pam_mount>
<volume user="*" fstype="cifs" server="servername" path="sharefile" mountpoint="~/sharefile"
options="iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid" />
</pam_mount>

But the shared folder in the server dont mount when the user is loggin...

can you help me? is something wrong?

nijssen

  • Zen Apprentice
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
In my situation home folders were not automagically mounted, but after some deep digging in various logfiles I found the cause: the home folder of the particular user started with a capital letter.
Solved it by making a link to the home folder with the same name, starting with the small variant of the capital.

Another issue that came by: when the home folder size is above its quotum, it does not automount as well, it even causes that the lightdm environment does not log in (it sets you back to typing user-pass).
Solve that by logging in on tty1 (CTRL-ALT-F1), clean up some files, log out and back in on tty7.

eniac111

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Hello everyone, thanks for the great howto.

There's just one thing. Does anyone know how to use skel with this setup?

UdoB

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +17/-0
    • View Profile
Does anyone know how to use skel with this setup?

What do you mean?

"/etc/skel"-content as template for new users does work as expected. At least on my machine. Verified a second ago - just for you  ;)

Best regards
Udo

eniac111

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Does anyone know how to use skel with this setup?

What do you mean?

"/etc/skel"-content as template for new users does work as expected. At least on my machine. Verified a second ago - just for you  ;)

Best regards

Thank you, I will try the setup again with new, clear installation.
btw, this is the project I'm working on: http://www.youtube.com/watch?v=G2QWXrKYQPU

Best regards

marceloeng

  • Zen Warrior
  • ***
  • Posts: 135
  • Karma: +1/-0
    • View Profile
Hi UdoB,

Thanks for How to.

I'm from Brazil and my zentyal is 2.2.9.

Cannot folowing the entire HowTo, because the ldap connection.


My server config is:
Quote
DN Base:    dc=srvcomdesk
Root DN:    cn=ebox,dc=srvcomdesk
Senha:    F2Bh85qODbV.hQjv
Usuários DN:    ou=Users,dc=srvcomdesk
Grupos DN:    ou=Groups,dc=srvcomdesk

my \etc\ldap.conf in ubuntu client is:
Quote
base dc=srvcomdesk

uri ldap://192.168.2.1:390 # my ip server

ldap_version 3

binddn cn=ebox,dc=srvcomdesk
bindpw F2Bh85qODbV.hQjv

scope sub
bind_policy soft
pam_password md5

nss_base_passwd         ou=Users,dc=srvcomdesk
nss_base_passwd         ou=Computers,dc=srvcomdesk
nss_base_shadow         ou=Users,dc=srvcomdesk
nss_base_group          ou=Groups,dc=srvcomdesk
nss_schema              rfc2307bis
nss_map_attribute uniqueMember member
nss_reconnect_tries 2
nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,m$


If i test a user with ldapsearch command, show me a error:
Quote
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)


Best Regards,
Marcelo

UdoB

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +17/-0
    • View Profile
Thanks for How to.

Is's a pleasure for me  :)
 
Quote
my \etc\ldap.conf in ubuntu client is:

Quote
If i test a user with ldapsearch command, show me a error:

Please check if you did this:
Code: [Select]
~# ln -s /etc/ldap.conf  /etc/ldap/ldap.conf

For the ldap-utils package (which contains/supplies ldapsearch) the relevant file is /etc/ldap/ldap.conf!

Try adding "-v" to ldapsearch to get a verbose output.

Best regards
Udo

christian

  • Guest

my \etc\ldap.conf in ubuntu client is:
Quote
base dc=srvcomdesk
uri ldap://192.168.2.1:390 # my ip server

Why is your port 390 while it's supposed to be 389 (Zentyal 2.2 isn't it?)

marceloeng

  • Zen Warrior
  • ***
  • Posts: 135
  • Karma: +1/-0
    • View Profile
Re: HOWTO: Ubuntu client with LDAP authentication and pam_moun
« Reply #27 on: April 23, 2013, 12:46:02 am »
Hi christian,

I have change the port and now connect with ldapsearch and ssh.

But when restart Ubuntu 12, does not entry in system. Ubuntu frozen.
Quote
base dc=srvcomdesk

uri ldap://192.168.2.1:389 # my ip server

ldap_version 3

binddn cn=ebox,dc=srvcomdesk
bindpw F2Bh85qODbV.hQjv

scope sub
bind_policy soft
pam_password md5

nss_base_passwd         ou=Users,dc=srvcomdesk
nss_base_passwd         ou=Computers,dc=srvcomdesk
nss_base_shadow         ou=Users,dc=srvcomdesk
nss_base_group          ou=Groups,dc=srvcomdesk
nss_schema              rfc2307bis
nss_map_attribute uniqueMember member
nss_reconnect_tries 2
nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,m$

Regards,
Marcelo

christian

  • Guest
I can't help you further at low level detail but reading your conf, I'm still wondering, as you are using 2.2 why some settings are here:

Quote
nss_schema              rfc2307bis
nss_map_attribute uniqueMember member

Are you sure about this ?
- I'm not aware that rfc2307bis is implemented with Zentyal 2.2
Do you have any reference for this?

- "uniquemember" ???
so far, if I'm not wrong, Zentyal still implements "memberuid" (somewhat linked to above comment about RFC isn't it?)

marceloeng

  • Zen Warrior
  • ***
  • Posts: 135
  • Karma: +1/-0
    • View Profile
Hi Christian,

I don't have sure, because I don't find documentation about ldap connection on zentyal 2.2.  And this post, was more complete found for me.

The error that crached the Ubuntu is a line in /etc/security/pam_mount.conf.xml.  I removed and ubuntu loads fine.


Changes my ldap.conf.

Quote
nss_schema              rfc2307
nss_map_attribute memberUid member


Regards,
Marcelo
« Last Edit: April 23, 2013, 04:11:16 pm by marceloeng »