HOWTO: Ubuntu client with LDAP authentication and pam_mount for mounting $HOME

[MOSEK]

Hi. Just wanted to thank you for this! It has been fantastically useful.

I came across one issue. In Ubuntu 12.04 a LDAP user on the zentyal box will be able to log in but not mount the home directory.

You need two lines in  /etc/security/pam_mount.conf.xml under  <!-- Volume definitions -->


<volume user="*" fstype="cifs" server="192.168.0.4" path="%(DOMAIN_USER)" mountpoint="/home/%(DOMAIN_USER)" options="sec=ntlm,nodev,nosuid" />
<volume user="*" fstype="cifs" server="192.168.0.4" path="temp" mountpoint="/home/%(DOMAIN_USER)/SRV/temp" options="sec=ntlm,nodev,nosuid" />

It seems it wont work without this temp mount.

Thanks again.

I tried this, and it got so far, that I had a home folder. The problem i'm having is that it has nothing to do with the shared home folder. Pam is just creating a new folder, and uses that. non of the files form the folder is mounted.

When i manually mount with mount //server/username /home/username -o username=username
I works just fine, but i can't automatically mount anything either by pam or fstab. pam is not throwing any errors, just that is has nothing to mount. fstab is saying it can't get the credentials from the credentialsfile.

I'm really at a loss. I have tried all the solutions in this topic, and non of them seems to do the trick. My client is a ubuntu box. Can anybody help?

[UdoB]

My client is a ubuntu box.

Please be careful regarding version numbers on both client and server side - "ubuntu box" is not a helpful information nor did you mention the server version.

A few minutes ago I've installed a fresh Xubuntu 14.04 as a client and this Howto works exactly a shown in the first post. But... only for Zentyal 3.0.x, not for newer versions 

Best regards

[pidikun]

I tested this configuration on Debian Wheezy clients with the latest Zentyal 3.3 and except for the wrong default permissions everything worked fine.

[adhidash]

Hello there,

i'm new to Zentyal,

Does any of you ever try this method to join Ubuntu Client using LDAP authentication and pam_mount for mounting $HOME inside Zentyal 4.1 ?

I've tried the solutions above, but either Password Incorrect in Ubuntu client login (when i check the password is correct)

Then i tried using jxplorer to browse the LDAP Tree, and found the issue,
if i use Anonymous i can connect,
but when i use cn=Administrator,dc=test,dc=com or cn=Users,dc=test,dc=sg and insert correct password, i got this message

Error opening connection:
[LDAP: error code 49 - Simple Bind Failed: NT_STATUS_LOGON_FAILURE]

i guess because it can't connect correctly to LDAP Zentyal Server.

Can anyone of you give me enlightment here, what needs to be done !

Thanks a lot

[Sand_man]

Use SSSD (in 4.0 work fine):
https://wiki.zentyal.org/wiki/Authenticating_Linux_client_against_Samba

For offline logon add string
cache_credentials=true
in section [domain/zentyal-domain.lan] sssd.conf

and reduced debug_level to 5

Share folder connected as before.

(sorry for my bad English)

[adhidash]

Hi Sand_man,

thanks for the response,

i got this message when i logged in from fresh Ubuntu Client login

Login incorrect

but when i check /var/log/sssd/sssd_test.com.log i got no error

[be_get_account_info] (0x0100): Got request for [4097][1][name=administrator]
[acctinfo_callback] (0x0100): Request processed. Returned 0,0,Success

i don't get it, why can't i login with administrator account ?

-------------

Use SSSD (in 4.0 work fine):
https://wiki.zentyal.org/wiki/Authenticating_Linux_client_against_Samba

[Sand_man]

So it is difficult to say why. I add more file resolv.conf in /etc

Code: [Select]

nameserver 999.999.999.999
domain youdomain.lan(Well, change the server address and the domain name of course)

[adhidash]

Tried as your suggestion,

but not working still

Are you positive this SSSD technique works in Zentyal 4.1 ?

[Sand_man]

Actually, I introduced one machine to the domain, and then copied the files from it (see the attachment). Then, at the next machine:

Code: [Select]

sudo apt-get install sssd heimdal-clients msktutil
Copy files on it in the appropriate directory (and change permissions), edit the file /etc/hosts, then

Code: [Select]

sudo kinit youdomainadmin

sudo msktutil -N -c -b 'CN=COMPUTERS' -s HOST/hostname.youdomain.lan -k test.keytab --computer-name HOSTNAME --upn HOSTNAME$ --server zen4.youdomain.lan --user-creds-only --verbose

sudo msktutil -N -c -b 'CN=COMPUTERS' -s HOST/hostname -k test.keytab --computer-name HOSTNAME --upn HOSTNAME$ --server zen4.youdomain.lan --user-creds-only --verbose

sudo kdestroy

sudo cp test.keytab /etc/sssd/
Reboot and go under the domain user
(change youdomainadmin, hostname, youdomain.lan, zen4.youdomain.lan for you. and also in the files)

I do not think that the 4.1 is not working.

Yes, and of course, change the file pam_mount.conf.xml to fit your shares.

[adhidash]

Thanks for the attachment,

can i ask you a question ?

In file sssd.conf, you put

ldap_sasl_authid = ROOT$

so is the hostname of your client is ROOT ? because everything else seems the same,
only this part different, because i use my hostname CLIENT1

[Sand_man]

Oh, right, this is my host))

[adhidash]

Yep, tried and change all,
still ...

Login incorrect

Maybe i should try others technique, this SSSD don't work with Zentyal 4.1,

So far what i did is using Winbind to connect to AD (it works),
 but can't mount cifs (because UID of client and server machine different)
then using Centrify Express (it works),
 only trouble within setfacl (the user with administrator/rwx right can't write !)

last is this technique...
guess this need to update in next version of Zentyal...

[Sand_man]

May file permissions, throw in /etc wrong? check, all should be rw-r--r-- root root
and sssd.conf rw------- root root

[adhidash]

File permission correct, no problem.

[Sand_man]

Host appears in a Zentyal-Users and Computers-Manage?