Author Topic: HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME  (Read 72564 times)

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Hi. Just wanted to thank you for this! It has been fantastically useful.

I came across one issue. In Ubuntu 12.04 a LDAP user on the zentyal box will be able to log in but not mount the home directory.

You need two lines in  /etc/security/pam_mount.conf.xml under  <!-- Volume definitions -->


<volume user="*" fstype="cifs" server="192.168.0.4" path="%(DOMAIN_USER)" mountpoint="/home/%(DOMAIN_USER)" options="sec=ntlm,nodev,nosuid" />
<volume user="*" fstype="cifs" server="192.168.0.4" path="temp" mountpoint="/home/%(DOMAIN_USER)/SRV/temp" options="sec=ntlm,nodev,nosuid" />

It seems it wont work without this temp mount.

Thanks again.

UdoB

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +17/-0
    • View Profile
Hi. Just wanted to thank you for this! It has been fantastically useful.
Thanks for the flowers  :)
Quote
<volume user="*" fstype="cifs" server="192.168.0.4" path="%(DOMAIN_USER)" mountpoint="/home/%(DOMAIN_USER)" options="sec=ntlm,nodev,nosuid" />
<volume user="*" fstype="cifs" server="192.168.0.4" path="temp" mountpoint="/home/%(DOMAIN_USER)/SRV/temp" options="sec=ntlm,nodev,nosuid" />

It seems it wont work without this temp mount.
That's really strange, thanks for documenting it here. From time to time one finds a specific situation where an otherwise well working configuration simply does not do it :( For me this seems to be part of the price I have to pay living in free GNU userland.

Best regards
Udo

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Hi again,
I seem to be having a mild spot of bother.
I have made an ltsp edubuntu server. I set up this server as described in your post and with the modification I described
Quote
<volume user="*" fstype="cifs" server="192.168.0.4" path="%(DOMAIN_USER)" mountpoint="/home/%(DOMAIN_USER)" options="sec=ntlm,nodev,nosuid" />
<volume user="*" fstype="cifs" server="192.168.0.4" path="temp" mountpoint="/home/%(DOMAIN_USER)/SRV/temp" options="sec=ntlm,nodev,nosuid" />
This seemed to make this work for me.
Unfortunately it seems that it's not mounting the homes from the zentyal server when users log in as thin clients. The files just get saved in the ltsp server's /home/username
(although the users were created on the zentyal server)
I can login via ssh and it works as expected or use sshfs but I am finding my users have their files saved in two sperate home locations.
Have you any idea what might be causing this to happen?

UdoB

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +17/-0
    • View Profile
Have you any idea what might be causing this to happen?
No, sorry. I've never used the thin clients approach with Zentyal...
Best regards
Udo

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Sorry about this it doesn't seem to be anything to do with ltsp.
I'm working with a fresh install of (ed)ubuntu 12.10 with nothing else in place.

I've done everything in the tutorial but all I get when I ssh in is:

could not chdir to directory /home/test3 no such file or directory

What could be going wrong?

UdoB

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +17/-0
    • View Profile
Sorry about this it doesn't seem to be anything to do with ltsp.
Ooops.
could not chdir to directory /home/test3 no such file or directory

Okay. Two debugging paths needs to get checked: a) pam and b) basic mount capabilities

Skipping a) and starting with b):   :o
Become root on your client and try to mount a users $HOME:
Code: [Select]
mount -t cifs  //192.168.0.4/exampleusername  /mnt -o username=exampleusername
You'll get a password prompt. On success /mnt should contain that users $HOME. On error: what is the error message?
 
Best regards
Udo

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Doing this locally I get:
Code: [Select]
root@lovelace:~# mount -t cifs //192.168.0.10/test5 /mnt -o username=test5
Password:
Unable to find suitable address.

However doing it from a remote computer that I have used to ssh in I get:
Code: [Select]
Last login: Thu Jul  4 13:25:57 2013 from kerberos.computing.lan
lovelace_admin@lovelace:~$ sudo -i
[sudo] password for lovelace_admin:
root@lovelace:~# mount -t cifs  //192.168.0.10/test5  /mnt -o username=test5
mount: unknown filesystem type 'cifs '
root@lovelace:~#

:o


« Last Edit: July 04, 2013, 02:31:37 pm by morphy_richards »

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Hi morphy:

Have you cifs-utils installed on that remote computer?

UdoB

  • Zen Warrior
  • ***
  • Posts: 148
  • Karma: +17/-0
    • View Profile
Code: [Select]
root@lovelace:~# mount -t cifs //192.168.0.10/test5 /mnt -o username=test5
Password:
Unable to find suitable address.
Please add your Domainname as an explicit option. (In my local test this was not necessary because I have an adequate smb.conf.)
Code: [Select]
mount -t cifs //192.168.0.10/test5 /mnt -o username=test5,domain=YOURSAMBADOMAIN

Code: [Select]
mount: unknown filesystem type 'cifs '
jbahillo already pointed to the package cifs-utils which contains /sbin/mount.cifs.

Best regards
Udo

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Thanks for your help with this so far!
Looking at the [file sharing] section of the Zentyal web UI :

I have
Realm:    COMPUTING.LAN
NetBIOS domain name:    COMPUTING
NetBIOS computer name:    athena
Server description:    Zentyal File Server

I've tried:
mount -t cifs //192.168.0.10/test5 /mnt -o username=test5,domain=COMPUTING ,domain=COMPUTING.LAN (and even tried domain=athena)
each says
Code: [Select]
root@lovelace:/var/log/samba# mount -t cifs //192.168.0.10/test5 /mnt -o username=test5,domain=COMPUTING
Password:
Unable to find suitable address.
I also had a poke about in my /etc/samba/smb.conf and tried setting
Code: [Select]
[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
   workgroup = COMPUTING
# server string is the equivalent of the NT Description field
#   server string = %h server (Samba, Ubuntu)
  server string = Zentyal File Server

... .. ... ...
 ;   interfaces = 192.168.0.0/24 eth2
(Although I'm really not at all sure what I am doing with this, I thought I would have a try at configuring it)

I looked in the var/log/samba files too but couldn’t see anything that immediately jumped out at me.

Best regards to you as well.

« Last Edit: July 05, 2013, 10:44:35 am by morphy_richards »

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile
Hello:


I wonder we you just need to try on the server itself. Have you tried doing so in a remote workstation and making sure the cifs-utis package is installed?

Nevertheless you could issue:

Code: [Select]
sudo netstat -patun | grep samba

and make sure that samba is listening on 0.0.0.0:port or at least, on 192.168.0.10:port

I would as well try putting options first and then parameters:

Code: [Select]
sudo mount -t cifs -o username=samba,password=P455W0RD //192.168.1.110/i /mnt/HTPC

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Hmm... thanks for that

I tried ssh'ing into the actual zentyal server and did:
root@athena:~# mount -t cifs //192.168.0.10/test5 /mnt -o username=test5,domain=COMPUTING
Code: [Select]
mount: wrong fs type, bad option, bad superblock on //192.168.0.10/test5,
       missing codepage or helper program, or other error
       (for several filesystems (e.g. nfs, cifs) you might
       need a /sbin/mount.<type> helper program)
       In some cases useful info is found in syslog - try
       dmesg | tail  or so

syslog
Code: [Select]
Jul  5 11:05:56 athena kernel: [4817736.132349] FS-Cache: Loaded
Jul  5 11:05:56 athena kernel: [4817736.146990] FS-Cache: Netfs 'cifs' registered for caching
Jul  5 11:05:56 athena kernel: [4817736.147089] Key type cifs.spnego registered
Jul  5 11:05:56 athena kernel: [4817736.147098] Key type cifs.idmap registered
Jul  5 11:05:56 athena kernel: [4817736.147270] CIFS: no cache= option specified, using "cache=loose". This default will change to "cache=strict" in 3.
Jul  5 11:05:56 athena kernel: [4817736.162685] CIFS VFS: Connecting to DFS root not implemented yet
Jul  5 11:05:56 athena kernel: [4817736.162731] CIFS VFS: cifs_mount failed w/return code = -22

On the remote computer to check I did sudo apt-get install cifs-utils and got the "cifs-utils is already the newest version..." I then removed and re-installed it again just to check but got the same result.

On the actual server itself:
Code: [Select]
root@athena:~# sudo netstat -patun | grep samba
root@athena:~#
There was no result.
(netstat on it's own returns only tcp, tcp6, udp and udp6 results.)

I also tried mount -t cifs -o username=test5,password=test5 //192.168.0.10/test5 ~/testMount5 with the options at the beginning but still got
 
Code: [Select]
wrong fs type, bad option, bad superblock on //192.168.0.10/test5
.....

« Last Edit: July 05, 2013, 12:31:52 pm by morphy_richards »

jbahillo

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1444
  • Karma: +77/-2
    • View Profile

Code: [Select]
root@athena:~# sudo netstat -patun | grep samba
root@athena:~#
There was no result.




Then... could you please make sure that samba is running? That command would point that samba is not running...

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
 :-[
That was it. The module wasn’t enabled. Maximum embarrassment factor!
(I do this kind of thing a lot actually)
In my own defence I (mumble mumble) only started doing this a few months ago and haven’t used a *nix system since '99.

On the bright side this is clearly a great community and my hat is off to you for this product and the excellent support you all give.

It's currently enabling, saving changes and up to 75% done.
I'll try it again once its done and let you know how it went.

Thanks for now.
(Shuffles off in a crablike motion while hoping for holes in the earth that might swallow me up)

morphy_richards

  • Zen Apprentice
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Hello again ...  :-[

I did a complete re-install of Zentyal.
This time I made sure I have got the file sharing module properly configured and installed.
My client system is (Ed)Ubuntu 12.04 (also pretty much a fresh re-install)

Followed through the tutorial again.
Still I'm getting

Code: [Select]
root@lovelace:~# ssh test1@lovelace
test1@lovelace's password:
[...]

Last login: Wed Jul 10 12:07:29 2013 from localhost
Could not chdir to home directory /home/test1: No such file or directory
test1@lovelace:/$

ssh'ing into the zentyal server and doing
mount -t cifs //192.168.0.10/test1 /mnt -o username=test1,domain=COMPUTING
but still getting
Code: [Select]
mount: wrong fs type, bad option, bad superblock on //192.168.0.10/test1,
       missing codepage or helper program, or other error

sudo netstat -patun | grep samba
returns
Code: [Select]
root@athena:~# sudo netstat -patun | grep samba
tcp        0      0 192.168.0.4:88          0.0.0.0:*               LISTEN      12525/samba     
tcp        0      0 127.0.1.1:88            0.0.0.0:*               LISTEN      12525/samba     
tcp        0      0 127.0.0.1:88            0.0.0.0:*               LISTEN      12525/samba     
tcp        0      0 192.168.0.4:636         0.0.0.0:*               LISTEN      12523/samba     
tcp        0      0 127.0.1.1:636           0.0.0.0:*               LISTEN      12523/samba     
tcp        0      0 127.0.0.1:636           0.0.0.0:*               LISTEN      12523/samba     
tcp        0      0 192.168.0.4:1024        0.0.0.0:*               LISTEN      12520/samba     
tcp        0      0 127.0.1.1:1024          0.0.0.0:*               LISTEN      12520/samba     
tcp        0      0 127.0.0.1:1024          0.0.0.0:*               LISTEN      12520/samba     
tcp        0      0 192.168.0.4:3268        0.0.0.0:*               LISTEN      12523/samba     
tcp        0      0 127.0.1.1:3268          0.0.0.0:*               LISTEN      12523/samba     
tcp        0      0 127.0.0.1:3268          0.0.0.0:*               LISTEN      12523/samba     
tcp        0      0 192.168.0.4:3269        0.0.0.0:*               LISTEN      12523/samba     
tcp        0      0 192.168.0.4:389         0.0.0.0:*               LISTEN      12523/samba     
tcp        0      0 127.0.1.1:3269          0.0.0.0:*               LISTEN      12523/samba     
tcp        0      0 127.0.1.1:389           0.0.0.0:*               LISTEN      12523/samba     
tcp        0      0 127.0.0.1:3269          0.0.0.0:*               LISTEN      12523/samba     
tcp        0      0 127.0.0.1:389           0.0.0.0:*               LISTEN      12523/samba     
tcp        0      0 192.168.0.4:135         0.0.0.0:*               LISTEN      12520/samba     
tcp        0      0 127.0.1.1:135           0.0.0.0:*               LISTEN      12520/samba     
tcp        0      0 127.0.0.1:135           0.0.0.0:*               LISTEN      12520/samba     
tcp        0      0 192.168.0.4:464         0.0.0.0:*               LISTEN      12525/samba     
tcp        0      0 127.0.1.1:464           0.0.0.0:*               LISTEN      12525/samba     
tcp        0      0 127.0.0.1:464           0.0.0.0:*               LISTEN      12525/samba     
udp        0      0 192.168.0.4:389         0.0.0.0:*                           12524/samba     
udp        0      0 127.0.1.1:389           0.0.0.0:*                           12524/samba     
udp        0      0 127.0.0.1:389           0.0.0.0:*                           12524/samba     
udp        0      0 192.168.0.4:464         0.0.0.0:*                           12525/samba     
udp        0      0 127.0.1.1:464           0.0.0.0:*                           12525/samba     
udp        0      0 127.0.0.1:464           0.0.0.0:*                           12525/samba     
udp        0      0 192.168.0.4:88          0.0.0.0:*                           12525/samba     
udp        0      0 127.0.1.1:88            0.0.0.0:*                           12525/samba     
udp        0      0 127.0.0.1:88            0.0.0.0:*                           12525/samba