Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: jandoe on August 29, 2016, 04:21:14 pm
-
Hello
I'm able to "mount" the user folder form the zentyal 4.0 server from on a ubuntu client.
But this creates an exact copy on the client. When the $(DOMAIN_USER) logs out, the copied home folder of the $(DOMAIN_USER) remain on the client.
I can login as a local user, get root access using sudo and delete the localy new created home folder of $(DOMAIN_USER). $(DOMAIN_USER) can login again and its home folder get's copied again (needs some time).
On the Ubuntu 16.04 client, I additionally install cifs-utils and libpam-mount in order to mount $(DOMAIN_USER) home folders and the only config file I adapt is pam_mount.conf.xml. I add at line 17
<volume user="*" fstype="cifs" server="192.168.156.120" path="%(DOMAIN_USER)" mountpoint="/home/SCHOOL/%(DOMAIN_USER)" options="sec=ntlm,nodev,nosuid" />
All other entries in pam_mount.conf.xml stay untouched.
Is it normal, that this way the home folders from the zentyal 4.0 server get's copied to the ubuntu client?
Kind regards, Roland
-
It shouldn't get copied, but simply is mounted into the local file system. the issue you may have is that you do not unmount after logoff.
So check this out:
<pam_mount>
<debug enable="0" />
<volume
fstype="cifs"
server="{server}"
path="%(USER)"
mountpoint="/home/local/{domain}/%(USER)"
user="*"
options="sec=krb5,cruid=%(USERUID),domain={full domain},uid=%(USERUID),gid=%(USERGID),rw"
/>
<umount>umount -l %(MNTPT)</umount>
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />
</pam_mount>
(replace {server}, {domain} and {full domain} with your individual real entries)
Works for me, however, from time to time, the very first login may fail to mount the home directory. Leaves you with a fresh desktop. Logo and login will then mount correctly. Not sure where this comes from, though.
Maybe also another tip:
If you want to keep the audio working, you also need to set a local variable for each client.
It must be done for each user, so it makes sense to put this as a template to the zentyal/samba server into /etc/skel/.profile
# move pulse directory out of home
PULSE_DIR="/tmp/$( whoami )-pulse
mkdir -p $PULSE_DIR && chmod 700 $PULSE_DIR
export PULSE_CONFIG_PATH=$PULSE_DIR
export PULSE_STATE_PATH=$PULSE_DIR
export PULSE_RUNTIME_PATH=$PULSE_DIR
Found this tip somewhere, but sadly do not remember the exact source, so credits go to the unknown hero 8)
When a new user is created, the files in skel are copied to the new profile and when it's mounted by the client, you have full functional pulse audio.
-
hello segelfreak
I have to say thank you. I tried your pam_mount.conf.xml entries <volume .... /> and <umount> ... </umount> and they work. I can login as DOMAIN_USER and the home folder gets mounted; create directories or files during the login and they get stored on the server. After logout there isn't a DOMAIN_USER home folder anymore.
What I haven't tested yet, is if a DOMAIN_USER can listen or play audio or video files. Also using a printer as DOMAIN_USER isn't configured yet.
thanks a lot and kind regards
-
Hi, I have a similar problem.
I can authenticate my clients(ubuntu 16.04 and ubuntu 14.04), so I would mount home directory, but the variables USERUID, USERGID, DOMAIN_USER are null.
USER is correct.
Can I read DOMAIN_USER? Must I write {domain}? Thanks.
-
you have to replace {server} and {domain} with your individual real entries
p.s. same of course for {full domain}. they are just place holders
-
Thanks,
I have re-installated libnss-ldap libpam-mount winbind smbclient cifs-utils ldap-utils and it's worked.
In the documentation of pam_mount.conf I read:"..Note that you do not need to specify uid=%(USERUID) for smbfs or cifs mounts because this is already done automatically by pam_mount.", so if I use :
<volume user="*" fstype="cifs" server="server" path="%(DOMAIN_USER)"
mountpoint="/home/local/%(DOMAIN_NAME)/%(DOMAIN_USER)"
options="iocharset=utf8" />
it's worked.
But if I try to mount another directory (for example in the Desktop), sometimes lightdm passes lightdm as username and not the given username of logon.
Can I resolve it? Thanks.