Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: jandoe on July 28, 2016, 06:18:26 pm
-
dear zentyal user
i run zentyal 4.0 on an ubuntu 14.04lts server.
i also managed that a test user (jodo) created in zentyal 4 can login from a xubuntu 14.04lts client.
i followed this tutorial:
https://wiki.zentyal.org/wiki/Authenticating_Linux_client_against_Samba
but when the user logs in, a local home folder gets created. the home folder on the zentyal server exists:
/home/jodo
ls -l /home
drwx------ 2 jodo domain users 4096 Jul 27 04:29 jodo
but dosen't get mounted.
the samba configuration file /etc/samba/shares.conf looks like
[homes]
comment = Home Directories
path = /home/%S
read only = no
browseable = no
create mask = 0611
directory mask = 0711
vfs objects = acl_xattr full_audit scannedonly recycle
full_audit:success = connect opendir disconnect unlink mkdir rmdir open rename
full_audit:failure = connect opendir disconnect unlink mkdir rmdir open rename
scannedonly: quarantine_dir = /var/lib/zentyal/quarantine
scannedonly: rm_hidden_files_on_rmdir = True
scannedonly: socketname = /var/lib/zentyal/zavs
scannedonly: domain_socket = True
scannedonly: recheck_time_open = 50
scannedonly: allow_nonscanned_files = True
scannedonly: show_special_files = True
scannedonly: recheck_tries_open = 100
recycle: inherit_nt_acl = Yes
recycle: versions = Yes
recycle: excludedir = /tmp|/var/tmp
recycle: directory_mode = 0700
recycle: repository = RecycleBin
recycle: keeptree = Yes
why set zentyal user homes at
read only = no
browseable = no
where can i make user homes in zentyal readable and browseable?
i also installed libpam-mount and edit /etc/security/pam_mount.conf.xml
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
See pam_mount.conf(5) for a description.
-->
<pam_mount>
<!-- debug should come before everything else,
since this file is still processed in a single pass
from top-to-bottom -->
<debug enable="0" />
<!-- Volume definitions -->
<volume user="*" fstype="cifs" server="192.168.156.120" path="%(DOMAIN_USER)" mountpoint="/home/%(DOMAIN_USER)" options="sec=ntlm,nodev,nosuid" />
<!-- pam_mount parameters: General tunables -->
<!--
<luserconf name=".pam_mount.conf.xml" />
-->
<!-- Note that commenting out mntoptions will give you the defaults.
You will need to explicitly initialize it with the empty string
to reset the defaults to nothing. -->
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<!--
<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
-->
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="0" term="0" kill="0" />
<!-- pam_mount parameters: Volume-related -->
<mkmountpoint enable="1" remove="true" />
</pam_mount>
but this dosen't help.
how can i mount server user homes on a client in zentyal 4.0
-
Hej,
This is just to give a quick feedback on your post. I need a few days to check on the server, but as soon as I get back, I will send you my solution.
Without having the detailed config files in front, I don't see any obvious problem with your configuration.
I have made the same approach and it works... somehow. (using pbis for the AD connection)
What happens here is that the first login does result in the same situation. Auth works, so you can login with your credentials, but the client does not mounting the net home folder. When I logoff and then log back in, it usually works 100%.
So, you may want to try to check this "workaround" and see it you succeed as well?
I haven't understood yet what's causing this, but it's good to know I'm not the only one ;-)
update:Have you checked if you can generally/manually mount the home folder? Pls keep in mind that the zentyal server will not show up in the network automatically. You need to use the "connect to server" command from the menus to make it appear!
update2: This phenomenon appears for me only for the first client login. once this has successfully started (incl. home folders), following clients seem to work fine with the first attempt.
-
Found the client config on a USD stick.
So, here's my pam_mount.conf.xml
"FRITZ" should be replaced with your workgroup, i.e. the domain name! Usually, it's kind of a prefix used in the home directory path.
"FRITZ.BOX" should be replaced with your realm, i.e. the complete AD domain
<pam_mount>
<debug enable="0" />
<volume
fstype="cifs"
server="zentyal"
path="%(USER)"
mountpoint="/home/local/FRITZ/%(USER)"
user="*"
options="sec=krb5,cruid=%(USERUID),domain=FRITZ.BOX,uid=%(USERUID),gid=%(USERGID),rw"
/>
<umount>umount -l %(MNTPT)</umount>
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />
Hope this helps.