[Samba] pam_mount in 'newer samba'...

Marco Gaiarin gaio at sv.lnf.it
Sun Sep 6 20:23:26 UTC 2020 

Sorry for a rather 'unifornative' subject, but i've little o no clue on
this.


I'm using at work 'pam_mount' with a rather standard configuration
to mount via CIFS/SMB user's home directory, from a samba AD member
server.
This configuration is a bit 'old' (mint sonya, AKA Ubuntu 16.04 as a
client, so samba 4.3; debian and samba 4.8 as a server), but work
perfectly, probably i suppose because i'm still using SMB1.


Now i'm trying to redo the same thing, but in a rather 'modern' setup:
samba 4.10 or .11 as a server, ubuntu focal so samba 4.11 as a client.
But i'm not able to make it work. Client side i catch in log:

 Sep  5 12:38:10 pc1labinf17 kernel: [  321.951616] FS-Cache: Loaded
 Sep  5 12:38:11 pc1labinf17 kernel: [  321.968846] FS-Cache: Netfs 'cifs' registered for caching
 Sep  5 12:38:11 pc1labinf17 kernel: [  321.968963] Key type cifs.spnego registered
 Sep  5 12:38:11 pc1labinf17 kernel: [  321.968966] Key type cifs.idmap registered
 Sep  5 12:38:11 pc1labinf17 kernel: [  321.971289] CIFS: Attempting to mount //fileserver.ad.domain.test/Users/studente3.diprova
 Sep  5 12:38:11 pc1labinf17 kernel: [  321.971312] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
 Sep  5 12:38:11 pc1labinf17 kernel: [  322.015963] CIFS VFS:  BAD_NETWORK_NAME: \\fileserver.ad.domain.test\Users
 Sep  5 12:38:11 pc1labinf17 kernel: [  322.016188] CIFS VFS: \\fileserver.ad.domain.test\IPC$ ioctl error in smb2_get_dfs_refer rc=-22
 Sep  5 12:38:11 pc1labinf17 kernel: [  322.016522] CIFS VFS: cifs_mount failed w/return code = -2

clearly i've tried some vers= and sec= combination, with no clue.


If i use pam_mkhome (eg, i create the home instead of mountin it)
clearly i can login (so PAM, NSS/Winbind and kerberos are setup
correctly), and via nautilus i can mount the share, the system
does not ask the passord (so i suppose they use kerberos).


Some hint on how to debug this? Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

More information about the samba mailing list