[Samba] Ubuntu 18:04 not getting 'home' directory from DC
Bob Thomas
bthomas at cybernetics.com
Wed Jun 20 16:01:57 UTC 2018
Thank you for your reply.
First I am using 'ad' backend (DC config is in first post below) and
until I did a fresh install of a new DC Samba 4.8.2 on Ubuntu 18.04 the
user/group id, shell, and home directory paths were correctly obtained
from the RSAT UNIX Attribute Tab settings on the DC. It seems that is
still working for users already created with existing home directories
on the file server, it is new users or any user that needs to build a
home directory on the file server. This behavior is happening on both
Ubuntu 18.04 and 16.04 now, so I believe it is related to the new DC.
do I need 'winbind nss info = template' and if so what does it do?
Anyway, I tried Louis' suggestion and was able to get a better response
after adding this to the *file server smb.conf*:
template homedir = /mnt/home/%U ( also tried
/mnt/Filestore/user-folders/%U )
template shell = /bin/sh
both resulted in correct mount points and shell:
getent passwd 'rachelj'
rachelj:*:10161:10001::/mnt/home/rachelj:/bin/sh
but expected:
rachelj:*:10161:10001:Rachel Jones:/mnt/home/rachelj:/bin/sh
But when I tried to login, after a short pause it snaps back to a
login. The mount point (rachelj) was created but nothing is in the
directory. Note this is a new user and nothing exists on the file
server other than the folder created via RSAT during the user setup.
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (rdconf1.c:744): path to
luserconf set to /mnt/home/rachelj/.pam_mount.conf.xml
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:568): pam_mount
2.14: entering session stage
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:786): Could not get
realpath of /mnt/home/rachelj: No such file or directory
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:267): Mount info:
globalconf, user=rachelj <volume fstype="cifs" server="cy-vault"
path="home/rachelj" mountpoint="/mnt/home/rachelj" cipher="(null)"
fskeypath="(null)" fskeycipher="(n$
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:309): mkmountpoint:
checking /mnt
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:309): mkmountpoint:
checking /mnt/home
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:309): mkmountpoint:
checking /mnt/home/rachelj
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:349): mkdir[0]
/mnt/home/rachelj
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:357): chown
/mnt/home/rachelj -> 10161:10001
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:664): Password will be
sent to helper as-is.
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: command: 'mount' '-t' 'cifs'
'//cy-vault/home/rachelj' '/mnt/home/rachelj' '-o'
'username=rachelj,uid=10161,gid=10001,vers=2.1'
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 18 24 0:17 / /sys
rw,nosuid,nodev,noexec,relatime shared:7 - sysfs sysfs rw
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 19 24 0:4 / /proc
rw,nosuid,nodev,noexec,relatime shared:12 - proc proc rw
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 20 24 0:6 / /dev
rw,nosuid,relatime shared:2 - devtmpfs udev
rw,size=1965792k,nr_inodes=491448,mode=755
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 21 20 0:18 /
/dev/pts rw,nosuid,noexec,relatime shared:3 - devpts devpts
rw,gid=5,mode=620,ptmxmode=000
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 22 24 0:19 / /run
rw,nosuid,noexec,relatime shared:5 - tmpfs tmpfs rw,size=397688k,mode=755
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 24 0 8:1 / /
rw,relatime shared:1 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 25 18 0:13 /
/sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:8 -
securityfs securityfs rw
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 26 20 0:21 /
/dev/shm rw,nosuid,nodev shared:4 - tmpfs tmpfs rw
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 27 22 0:22 /
/run/lock rw,nosuid,nodev,noexec,relatime shared:6 - tmpfs tmpfs
rw,size=5120k
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 28 18 0:23 /
/sys/fs/cgroup rw shared:9 - tmpfs tmpfs rw,mode=755
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 29 28 0:24 /
/sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:10 -
cgroup cgroup
rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 30 18 0:25 /
/sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:11 - pstore pstore rw
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 31 28 0:26 /
/sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 - cgroup
cgroup rw,memory
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 32 28 0:27 /
/sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:14 -
cgroup cgroup rw,devices
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 33 28 0:28 /
/sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:15 -
cgroup cgroup
rw,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 34 28 0:29 /
/sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:16 -
cgroup cgroup rw,cpu,cpuacct
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 35 28 0:30 /
/sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:17 - cgroup
cgroup rw,cpuset,clone_children
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 36 28 0:31 /
/sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:18 - cgroup
cgroup rw,pids,release_agent=/run/cgmanager/agents/cgm-release-agent.pids
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 37 28 0:32 /
/sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:19 -
cgroup cgroup
rw,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 38 28 0:33 /
/sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime
shared:20 - cgroup cgroup rw,net_cls,net_prio
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 39 28 0:34 /
/sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:21 - cgroup
cgroup rw,blkio
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 40 28 0:35 /
/sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:22 -
cgroup cgroup rw,freezer
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 41 19 0:36 /
/proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1
rw,fd=31,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=12818
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 75 18 0:7 /
/sys/kernel/debug rw,relatime shared:56 - debugfs debugfs rw
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 77 20 0:37 /
/dev/hugepages rw,relatime shared:58 - hugetlbfs hugetlbfs rw
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 79 20 0:16 /
/dev/mqueue rw,relatime shared:60 - mqueue mqueue rw
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 81 18 0:38 /
/sys/fs/fuse/connections rw,relatime shared:62 - fusectl fusectl rw
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 42 41 0:39 /
/proc/sys/fs/binfmt_misc rw,relatime shared:24 - binfmt_misc binfmt_misc rw
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 44 22 0:40 /
/run/cgmanager/fs rw,relatime shared:25 - tmpfs cgmfs rw,size=100k,mode=755
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 155 22 0:43 /
/run/user/108 rw,nosuid,nodev,relatime shared:113 - tmpfs tmpfs
rw,size=397688k,mode=700,uid=108,gid=114
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 163 22 0:45 /
/run/user/0 rw,nosuid,nodev,relatime shared:121 - tmpfs tmpfs
rw,size=397688k,mode=700
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (mount.c:558): 109 24 0:42
/rachelj /mnt/home/rachelj rw,relatime shared:68 - cifs
//cy-vault/home/rachelj
rw,vers=2.1,sec=ntlmssp,cache=strict,username=rachelj,domain=CY,uid=10161,forceuid,gid$
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: command: 'pmvarrun' '-u'
'rachelj' '-o' '1'
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pmvarrun.c:258): parsed count
value 0
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:441): pmvarrun says
login count is 1
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:660): done opening
session (ret=0)
Jun 20 10:29:35 CY-MKT-10 systemd[1]: Created slice User Slice of rachelj.
Jun 20 10:29:35 CY-MKT-10 systemd[1]: Starting User Manager for UID
10161...Jun 20 10:29:35 CY-MKT-10 systemd[1437]: Reached target Paths.
Jun 20 10:29:35 CY-MKT-10 systemd[1437]: Reached target Sockets.
Jun 20 10:29:35 CY-MKT-10 systemd[1437]: Reached target Timers.
Jun 20 10:29:35 CY-MKT-10 systemd[1437]: Reached target Basic System.
Jun 20 10:29:35 CY-MKT-10 systemd[1437]: Reached target Default.
Jun 20 10:29:35 CY-MKT-10 systemd[1437]: Startup finished in 22ms.
Jun 20 10:29:35 CY-MKT-10 systemd[1]: Started User Manager for UID 10161.
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: ** (process:1419): WARNING **:
Error reading existing Xauthority: Failed to open file
'/mnt/home/rachelj/.Xauthority': Permission denied
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: Error writing X authority:
Failed to open X authority /mnt/home/rachelj/.Xauthority: Permission denied
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:116): Clean global
config (0)
Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:133): clean system
authtok=0x1a22910 (0)
Jun 20 10:29:36 CY-MKT-10 acpid: client 880[0:0] has disconnected
Jun 20 10:29:36 CY-MKT-10 acpid: client connected from 1463[0:0]
Jun 20 10:29:36 CY-MKT-10 acpid: 1 client rule loaded
Jun 20 10:29:36 CY-MKT-10 kernel: [ 97.169343] Status code returned
0xc000006d STATUS_LOGON_FAILURE
Jun 20 10:29:36 CY-MKT-10 kernel: [ 97.169355] CIFS VFS: Send error in
SessSetup = -13
Jun 20 10:29:36 CY-MKT-10 kernel: [ 97.169436] CIFS VFS: cifs_mount
failed w/return code = -13
Bob Thomas
On Wed, 20 Jun 2018 11:36:06 +0200
"L.P.H. van Belle via samba"<samba at lists.samba.org> wrote:
> Hai Bob,
>
> And what does the wiki tell you about RID/AD backend AND .....
> Well even i had troubles finding the page again. So.. .its not you..
>
> The wiki, is getting to complex and is having to much side links to
> other pages. You need to set one or more of the following settings.
>
> template homedir =/home/%D/%U
> template shell = /bin/false
> usershare template share =
> winbind nss info = template
>
>
> Rowland can you follow this path.
> ( think in, install a member )
> 1)
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> Look for any reference for the template settings, if you use RID.
>
> Maybe its an option to link some specific settings to these on the
> page. ad idmap config ad idmap_ad(8)
> rid idmap config rid idmap_rid(8)
>
> Anyhow, for you i suggest the folling.
>
> Member : home path in the share.
> /mnt/Filestore/user-folders
>
> And this is the default:
> template homedir =/home/%D/%U
>
> Change/add this
> template homedir =/mnt/Filestore/%U
>
>
>
> Greetz,
>
> Louis
>
>
The problem with the wikipage is, just what Louis said, it is too
complex and all over the place. Until somebody said something, I wasn't
going to alter it, mainly because when I pointed this out, I upset the
person that wrote it.
In my opinion, the wiki should be easy to understand and follow, even
if this means the same information being on several pages. To me, the
whole idea of a wiki, is to get the information across to users, not to
make it easy to maintain.
As is, it is very easy to miss that you must add various options to
smb.conf to get a fully working Unix domain member.
I am open to ideas on how to update the Unix domain member wikipage, my
first thought is to put everything on one page, but as I say, I am open
to suggestions.
Rowland
On Wed, 20 Jun 2018 11:36:06 +0200
"L.P.H. van Belle via samba"<samba at lists.samba.org> wrote:
> Hai Bob,
>
> And what does the wiki tell you about RID/AD backend AND .....
> Well even i had troubles finding the page again. So.. .its not you..
>
> The wiki, is getting to complex and is having to much side links to
> other pages. You need to set one or more of the following settings.
>
> template homedir =/home/%D/%U
> template shell = /bin/false
> usershare template share =
> winbind nss info = template
>
>
> Rowland can you follow this path.
> ( think in, install a member )
> 1)
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> Look for any reference for the template settings, if you use RID.
>
> Maybe its an option to link some specific settings to these on the
> page. ad idmap config ad idmap_ad(8)
> rid idmap config rid idmap_rid(8)
>
> Anyhow, for you i suggest the folling.
>
> Member : home path in the share.
> /mnt/Filestore/user-folders
>
> And this is the default:
> template homedir =/home/%D/%U
>
> Change/add this
> template homedir =/mnt/Filestore/%U
>
>
>
> Greetz,
>
> Louis
>
>
The problem with the wikipage is, just what Louis said, it is too
complex and all over the place. Until somebody said something, I wasn't
going to alter it, mainly because when I pointed this out, I upset the
person that wrote it.
In my opinion, the wiki should be easy to understand and follow, even
if this means the same information being on several pages. To me, the
whole idea of a wiki, is to get the information across to users, not to
make it easy to maintain.
As is, it is very easy to miss that you must add various options to
smb.conf to get a fully working Unix domain member.
I am open to ideas on how to update the Unix domain member wikipage, my
first thought is to put everything on one page, but as I say, I am open
to suggestions.
Rowland
recommendation
On 6/19/2018 2:57 PM, Bob Thomas wrote:
>
> Hello,
>
> I've been trying to get Ubuntu 18.04 to work with Samba AD, seems I am
> almost there but am unable to get home directories to mount properly.
> The domain join went without a problem but because the default cifs
> ver changed in Ubuntu to get other Samba shares on a samba file server
> to mount I had to add to it's smb.conf:
>
> client min protocol = SMB2
> client min protocol = SMB3
>
> So I can now mount shares, but home directory will not mount and build
> on the Ubuntu 18.04 client. I believe the the issue is this:
>
> On Ubuntu 16.04 client getent passwd kiarar properly gives the DC's
> home directory setting of:
> root at CY-SALES-JM:~# getent passwd 'kiarar'
> kiarar:*:10155:10001:Kiara Ratcliff:/mnt/home/kiarar:/bin/sh
>
> On Ubuntu 18.04 client getent passwd kiarar gives:
> root at CY-SALE:~# getent passwd 'kiarar'
> kiarar:*:10155:10001::/home/CY/kiarar:/bin/false
>
> So it gets the correct UID and GID but not the login shell or home
> directory set in the UNIX Attributes tab.
>
> Samba DC version 4.8.2 on Ubuntu 18.04 config:
>
> [global]
> netbios name = CY-DC
> realm = CY.MYDOMAIN.COM
> workgroup = CY
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
> idmap config CY:unix_nss_info = yes
> ldap server require strong auth = no
> allow dns updates = nonsecure and secure
> log level = 2
> ntlm auth = yes
>
> # stops cups errors in log file
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/cy.cybernetics.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> Samba File server version 4.7.4 on Ubuntu 16.04 config:
>
> [global]
> realm = CY.CYBERNETICS.COM
> workgroup = CY
> netbios name = cy-vault
> security = ADS
> server role = member server
> encrypt passwords = yes
> client min protocol = SMB2
> client max protocol = SMB3
>
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
>
> idmap config CY:backend = ad
> idmap config CY:schema_mode = rfc2307
> idmap config CY:range = 10000-99999
> idmap config CY : unix_nss_info = yes
>
> winbind trusted domains only = no
> winbind use default domain = yes
>
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> username map = /etc/samba/user.map
>
> log level=3
> log file = /var/log/samba/log.%m
> max log size = 500
>
> # Stops cups errors in log file
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> ####### User folder for Ubuntu ##########
>
> [home]
> comment = UNIX Home Directories
> path = /mnt/Filestore/user-folders
> read only = no
> level2 oplocks =no
> oplocks = no
> locking = no
> strict locking = no
>
> Any help?
>
> Bob Thomas
>
>
On Wed, 20 Jun 2018 11:36:06 +0200
"L.P.H. van Belle via samba"<samba at lists.samba.org> wrote:
> Hai Bob,
>
> And what does the wiki tell you about RID/AD backend AND .....
> Well even i had troubles finding the page again. So.. .its not you..
>
> The wiki, is getting to complex and is having to much side links to
> other pages. You need to set one or more of the following settings.
>
> template homedir =/home/%D/%U
> template shell = /bin/false
> usershare template share =
> winbind nss info = template
>
>
> Rowland can you follow this path.
> ( think in, install a member )
> 1)
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> Look for any reference for the template settings, if you use RID.
>
> Maybe its an option to link some specific settings to these on the
> page. ad idmap config ad idmap_ad(8)
> rid idmap config rid idmap_rid(8)
>
> Anyhow, for you i suggest the folling.
>
> Member : home path in the share.
> /mnt/Filestore/user-folders
>
> And this is the default:
> template homedir =/home/%D/%U
>
> Change/add this
> template homedir =/mnt/Filestore/%U
>
>
>
> Greetz,
>
> Louis
>
>
The problem with the wikipage is, just what Louis said, it is too
complex and all over the place. Until somebody said something, I wasn't
going to alter it, mainly because when I pointed this out, I upset the
person that wrote it.
In my opinion, the wiki should be easy to understand and follow, even
if this means the same information being on several pages. To me, the
whole idea of a wiki, is to get the information across to users, not to
make it easy to maintain.
As is, it is very easy to miss that you must add various options to
smb.conf to get a fully working Unix domain member.
I am open to ideas on how to update the Unix domain member wikipage, my
first thought is to put everything on one page, but as I say, I am open
to suggestions.
Rowland
More information about the samba
mailing list