pam_mount home directories over cifs, sssd and Bionic Beaver
I've configured a Ubuntu Bionic Beaver client to authenticate against a Samba ADS (Zentyal), using sssd. This guide was more or less all it took to get there. EDIT: see my answer to get a quote of the meaning of that "more or less". EDIT2: mentioned guide has been (re?)moved, but it couldn't work on Ubuntu 20.04 and newer anyway.
Then I configured pam_mount so that home directories are kept on the server, and my client mounts those for logging in users. It seems to work, with a few issues that show up only when logging in with an AD account. When logging in with a local account, all works as expected (but no pam_mount is involved in that case).
The issues are:
- keyboard layout is english even if the system is all italian, and the input method is configured as italian.
- I can't add launchers to the Ubuntu Dock (it says it has been added, but it does not show up)
- (which seems to be 1+2) I can't add any new languages, much like I can't add launchers to the Dock
Here is my /etc/security/pam_mount.conf.xml
:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<debug enable="0" />
<volume user="*" fstype="cifs" server="zentyal" path="%(DOMAIN_USER)" mountpoint="/home/%(DOMAIN_USER)" options="sec=ntlmssp,nodev,nosuid,mfsymlinks,nobrl" />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="no" term="no" kill="no" />
<mkmountpoint enable="1" remove="true" />
</pam_mount>
Any clues?
For anyone with newer Versions, there are three things you have to do to mount Home-Directories in a working way with SMB v3.0.
- Use the nobrl-Option
- Use the mfsymlinks-Option
With these two Options Software like Chrome will work. However, gnome-settings won't work, which means e.g. no changing of the Items in the Sidebar. For that, you also have to add
- "service-db:keyfile/user" to /etc/dconf/profile/user
(see https://help.gnome.org/admin/system-admin-guide/stable/dconf-nfs-home.html.en , completely intuitive)
Hope that helps!