Re: [Samba] Ubuntu 18:04 not getting 'home' directory from DC
- Date: Thu, 21 Jun 2018 09:15:01 +0200
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Ubuntu 18:04 not getting 'home' directory from DC
Now i dont use GUI on my servers, but i would check the following if i had your problem.
Ubuntu 16 and 18 its samba versions are very different keep that in mind.
This must be checked: smbmount/smblcient and protocol mismatches.
Lookup where the mount command is done and add -m SMB2
Last, smbclient/mount are also using krb5.conf settings.
Adding this to libdefaults might help also a bit so the cyphers are more aligned.
; for Windows 2003
; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; for Windows 2008 with AES
default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
If im correct above would fix a possible right problem on /home/username/.Xauthority but you only know that if you mount works.
If the mount works but login fails: check this one out. https://blog.laczik.org/xauth-and-xauthority/
This looks a bit the same as a problem, i had when mounting the user homedir with kerberos nfsv4 mounts.
I needed to add : ignore_k5login = true
Because even root and Administrator are locked out of my user home dirs. ( ! Note, as it should imo. Its my default setting)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> Rowland Penny via samba
> Verzonden: woensdag 20 juni 2018 20:15
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Ubuntu 18:04 not getting 'home'
> directory from DC
> On Wed, 20 Jun 2018 12:01:57 -0400
> Bob Thomas via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > Thank you for your reply.
> > First I am using 'ad' backend (DC config is in first post
> below) and
> > until I did a fresh install of a new DC Samba 4.8.2 on Ubuntu 18.04
> > the user/group id, shell, and home directory paths were correctly
> > obtained from the RSAT UNIX Attribute Tab settings on the DC. It
> > seems that is still working for users already created with existing
> > home directories on the file server, it is new users or any
> user that
> > needs to build a home directory on the file server. This
> behavior is
> > happening on both Ubuntu 18.04 and 16.04 now, so I believe it is
> > related to the new DC.
> > do I need 'winbind nss info = template' and if so what does it do?
> No, because it is the default setting and it tells winbind to only
> obtain the users ID amd primary group from AD.
> > Anyway, I tried Louis' suggestion and was able to get a better
> > response after adding this to the *file server smb.conf*:
> > template homedir = /mnt/home/%U ( also tried
> > /mnt/Filestore/user-folders/%U )
> > template shell = /bin/sh
> > both resulted in correct mount points and shell:
> > getent passwd 'rachelj'
> > rachelj:*:10161:10001::/mnt/home/rachelj:/bin/sh
> > but expected:
> > rachelj:*:10161:10001:Rachel Jones:/mnt/home/rachelj:/bin/sh
> Check if 'Rachel Jones' has a 'gecos' attribute in AD.
> > But when I tried to login, after a short pause it snaps back to a
> > login. The mount point (rachelj) was created but nothing is in the
> > directory. Note this is a new user and nothing exists on the file
> > server other than the folder created via RSAT during the user setup.
> > Jun 20 10:29:35 CY-MKT-10 systemd: Started User Manager for
> > UID 10161. Jun 20 10:29:35 CY-MKT-10 lightdm: **
> > WARNING **: Error reading existing Xauthority: Failed to open file
> > '/mnt/home/rachelj/.Xauthority': Permission denied
> > Jun 20 10:29:35 CY-MKT-10 lightdm: Error writing X authority:
> > Failed to open X authority /mnt/home/rachelj/.Xauthority: Permission
> > denied Jun 20 10:29:35 CY-MKT-10 lightdm: (pam_mount.c:116):
> > Clean global config (0)
> > Jun 20 10:29:35 CY-MKT-10 lightdm: (pam_mount.c:133): clean
> > system authtok=0x1a22910 (0)
> > Jun 20 10:29:36 CY-MKT-10 acpid: client 880[0:0] has disconnected
> > Jun 20 10:29:36 CY-MKT-10 acpid: client connected from 1463[0:0]
> > Jun 20 10:29:36 CY-MKT-10 acpid: 1 client rule loaded
> > Jun 20 10:29:36 CY-MKT-10 kernel: [ 97.169343] Status
> code returned
> > 0xc000006d STATUS_LOGON_FAILURE
> > Jun 20 10:29:36 CY-MKT-10 kernel: [ 97.169355] CIFS VFS:
> Send error
> > in SessSetup = -13
> > Jun 20 10:29:36 CY-MKT-10 kernel: [ 97.169436] CIFS VFS:
> > failed w/return code = -13
> You seem to be being denied access to '.Xauthority', was it created on
> another machine ?
> However, I am sure '-13' usually means incorrect password.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the