Web lists-archives.com

Re: [Samba] Ubuntu 18:04 not getting 'home' directory from DC




Hai,

Now i dont use GUI on my servers, but i would check the following if i had your problem.
Ubuntu 16 and 18 its samba versions are very different keep that in mind. 

This must be checked: smbmount/smblcient and protocol mismatches. 
Lookup where the mount command is done and add -m SMB2
Probely /etc/security/pam_mount.conf.xml

Last, smbclient/mount are also using krb5.conf settings. 
Adding this to libdefaults might help also a bit so the cyphers are more aligned.
; for Windows 2003
;    default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
;    default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
;    permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5

; for Windows 2008 with AES
    default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
    default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
    permitted_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 

If im correct above would fix a possible right problem on /home/username/.Xauthority but you only know that if you mount works.
If the mount works but login fails: check this one out. https://blog.laczik.org/xauth-and-xauthority/ 


This looks a bit the same as a problem, i had when mounting the user homedir with kerberos nfsv4 mounts. 
I needed to add :     ignore_k5login = true  
Because even root and Administrator are locked out of my user home dirs. ( ! Note, as it should imo. Its my default setting) 



Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Rowland Penny via samba
> Verzonden: woensdag 20 juni 2018 20:15
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Ubuntu 18:04 not getting 'home' 
> directory from DC
> 
> On Wed, 20 Jun 2018 12:01:57 -0400
> Bob Thomas via samba <samba@xxxxxxxxxxxxxxx> wrote:
> 
> > Thank you for your reply.
> > 
> > First I am using 'ad' backend (DC config is in first post 
> below) and 
> > until I did a fresh install of a new DC Samba 4.8.2 on Ubuntu 18.04
> > the user/group id, shell, and home directory paths were correctly
> > obtained from the RSAT UNIX Attribute Tab settings on the DC.  It
> > seems that is still working for users already created with existing
> > home directories on the file server, it is new users or any 
> user that
> > needs to build a home directory on the file server.  This 
> behavior is
> > happening on both Ubuntu 18.04 and 16.04 now, so I believe it is
> > related to the new DC.
> > 
> > do I need 'winbind nss info = template' and if so what does it do?
> 
> No, because it is the default setting and it tells winbind to only
> obtain the users ID amd primary group from AD.
>   
> > 
> > Anyway, I tried Louis' suggestion and was able to get a better
> > response after adding this to the *file server smb.conf*:
> > 
> >        template homedir = /mnt/home/%U    ( also tried 
> > /mnt/Filestore/user-folders/%U )
> >        template shell = /bin/sh
> > 
> > both resulted in correct mount points and shell:
> > 
> > getent passwd 'rachelj'
> > rachelj:*:10161:10001::/mnt/home/rachelj:/bin/sh
> > 
> > but expected:
> > rachelj:*:10161:10001:Rachel Jones:/mnt/home/rachelj:/bin/sh
> 
> Check if 'Rachel Jones' has a 'gecos' attribute in AD.
>  
> > But when I tried to login, after a short pause it snaps back to a 
> > login.  The mount point (rachelj) was created but nothing is in the 
> > directory.  Note this is a new user and nothing exists on the file 
> > server other than the folder created via RSAT during the user setup.
> > 
> > Jun 20 10:29:35 CY-MKT-10 systemd[1]: Started User Manager for
> > UID 10161. Jun 20 10:29:35 CY-MKT-10 lightdm[823]: ** 
> (process:1419):
> > WARNING **: Error reading existing Xauthority: Failed to open file 
> > '/mnt/home/rachelj/.Xauthority': Permission denied
> > Jun 20 10:29:35 CY-MKT-10 lightdm[823]: Error writing X authority: 
> > Failed to open X authority /mnt/home/rachelj/.Xauthority: Permission
> > denied Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:116):
> > Clean global config (0)
> > Jun 20 10:29:35 CY-MKT-10 lightdm[823]: (pam_mount.c:133): clean
> > system authtok=0x1a22910 (0)
> > Jun 20 10:29:36 CY-MKT-10 acpid: client 880[0:0] has disconnected
> > Jun 20 10:29:36 CY-MKT-10 acpid: client connected from 1463[0:0]
> > Jun 20 10:29:36 CY-MKT-10 acpid: 1 client rule loaded
> > Jun 20 10:29:36 CY-MKT-10 kernel: [   97.169343] Status 
> code returned 
> > 0xc000006d STATUS_LOGON_FAILURE
> > Jun 20 10:29:36 CY-MKT-10 kernel: [   97.169355] CIFS VFS: 
> Send error
> > in SessSetup = -13
> > Jun 20 10:29:36 CY-MKT-10 kernel: [   97.169436] CIFS VFS: 
> cifs_mount 
> > failed w/return code = -13
>  
> You seem to be being denied access to '.Xauthority', was it created on
> another machine ?
> However, I am sure '-13' usually means incorrect password.
> 
> Rowland 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba