Logon data for CIFS mount

Linux Clients
#1

Hi@all,

I have integrated Ubuntu 19.10 into the UCS domain (ubuntu-domain-join).

Now I want to include the Windows shares of the master on the Ubuntu client. When I mount the share I have to enter the password every time:

root@pc001:/data# mount -t cifs //tux.gehr.lan/Downloads /data/Downloads/
Password for s.gehr@//tux.gehr.lan/Downloads

then it works . Sure, I could store the credentials (credentials=~/.smbcredentials) but that’s not the purpose of ADS. How do I get the client to take the login data of the logged in user?

with best
sven

#2

Maybe this 2 posts helps:

HTH, Robert

#3


That’s how I did it. Many thanks

1 Like
#4

I have included the shares as follows:

<volume fstype="cifs" server="tux.gehr.lan" options="vers=3.0" path="Downloads" mountpoint="~/Downloads"> <not><user>root</user></not> <not><user>sddm</user></not> </volume>
<volume fstype="cifs" server="tux.gehr.lan" options="vers=3.0" path="Texte" mountpoint="~/Texte"> <not><user>root</user></not> <not><user>sddm</user></not> </volume>
<volume fstype="cifs" server="tux.gehr.lan" options="vers=3.0" path="Sicherheit" mountpoint="~/Sicherheit"> <not><user>root</user></not> <not><user>sddm</user></not> </volume>
<volume fstype="cifs" server="tux.gehr.lan" options="vers=3.0" path="Projekte" mountpoint="~/Projekte"> <not><user>root</user></not> <not><user>sddm</user></not> </volume>
<volume fstype="cifs" server="tux.gehr.lan" options="vers=3.0" path="Multimedia" mountpoint="~/Multimedia"> <not><user>root</user></not> <not><user>sddm</user></not> </volume>
<volume fstype="cifs" server="tux.gehr.lan" options="vers=3.0" path="Bilder" mountpoint="~/Bilder"> <not><user>root</user></not> <not><user>sddm</user></not> </volume>
<volume fstype="cifs" server="tux.gehr.lan" options="vers=3.0" path="Buchhaltung" mountpoint="~/Buchhaltung"> <not><user>root</user></not> <not><user>sddm</user></not> </volume>
<volume fstype="cifs" server="tux.gehr.lan" options="vers=3.0" path="Bibliothek" mountpoint="~/Bibliothek"> <not><user>root</user></not> <not><user>sddm</user></not> </volume>

but the access is extremely slow. Only 8-10 MB/Sec :frowning:

The same shares are also released via NFS and I can write on them with 90-1110 MB/Sec

#5

Yes, i had here similar at the beginning. The thing is Kernel Oplocks. So we here have only Sambashares. No mixed with NFS. So we did disable Kernel Oplocks in UCR. After restarting Samba and remouting the share. We will copy about 90/95MB/s.

But 8-10MB is really slow. Normal with Kernel Oplocks and default options are about 45-50MB/s.

Richtige Fehleranalyse bei extrem langsamen Zugriff auf SMB-Freigabe von UCS
#6

which one of them:
grafik

#7

I am using ZorinOS, based on ubuntu 18.04.
Remove the client and do step by step as here https://docs.vmware.com/en/VMware-Horizon-7/7.8/linux-desktops-setup/GUID-B4111821-34F2-465B-B290-FC2070EFCB5A.html

It definitely works

#8

do you know if this also works with Ubuntu 20.04?

#9

I have been using NFS the whole time but the group access to the shares is not really good because unlike Samba “force user” and “force grou” are missing :slight_smile:

Now I am trying to test this solution. It has worked before.

The package “libpam-mount” is installed. The original /etc/security/pam_mount.conf.xml looks:

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
        See pam_mount.conf(5) for a description.
-->

<pam_mount>

                <!-- debug should come before everything else,
                since this file is still processed in a single pass
                from top-to-bottom -->

<debug enable="0" />

                <!-- Volume definitions -->


                <!-- pam_mount parameters: General tunables -->

<!--
<luserconf name=".pam_mount.conf.xml" />
-->

<!-- Note that commenting out mntoptions will give you the defaults.
     You will need to explicitly initialize it with the empty string
     to reset the defaults to nothing. -->
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<!--
<mntoptions deny="suid,dev" />
<mntoptions allow="*" />
<mntoptions deny="*" />
-->
<mntoptions require="nosuid,nodev" />

<!-- requires ofl from hxtools to be present -->
<logout wait="0" hup="no" term="no" kill="no" />


                <!-- pam_mount parameters: Volume-related -->

<mkmountpoint enable="1" remove="true" />


</pam_mount>

I insert the line

<volume fstype="cifs" server="srv01.gehr.local" options="vers=3.0" path="Test" mountpoint="/data01/Test"> <not><user>root</user></not> <not><user>sddm</user></not> </volume>

above the line

</pam_mount>

Server-Host (UCS-Master) = srv01.gehr.local
Samba-Share = Test
local Mountpoint on Client = /data01/Test

But the directory is not mounted after I restart the client. What’s wrong?

with best
sven

#10

Haven’t time that i update the howto. Maybe the Update on my wiki can help you:

https://deepdoc.at/dokuwiki/doku.php?id=rund_um_den_desktop:automatische_mounts_von_laufwerken_mit_libpam-mount_beim_login

https://deepdoc.at/dokuwiki/doku.php?id=prebuilt_systems:ucs:automatische_mounts_von_laufwerken_mit_ucs_auf_ubuntu

Ubuntu 20.04 AD-Join (SSSD&Kerberos) with pam_mount (CIFS)
#11

I followed the steps exactly.

apt install libpam-mount keyutils -y

[/etc/security/pam_mount.conf.xml]

<?xml version="1.0" encoding="utf-8" ?>
<pam_mount>
<debug enable="0" />
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<mntoptions require="nosuid,nodev" />
<logout wait="0" hup="no" term="no" kill="no" />
<mkmountpoint enable="1" remove="true" />
<volume fstype="cifs" server="srv01.gehr.local" options="vers=3.0" path="Test" mountpoint="/data01/Test" />
</pam_mount>

[`/etc/pam.d/common-auth]

auth    required    pam_group.so use_first_pass
auth    [success=2 default=ignore]      pam_unix.so nullok_secure try_first_pass
auth    [success=1 default=ignore]      pam_sss.so use_first_pass
auth    requisite                       pam_deny.so
auth    required                        pam_permit.so
auth    optional        pam_mount.so
auth    optional                        pam_cap.so

[/etc/pam.d/common-password]

password        requisite                       pam_pwquality.so retry=3
password        [success=2 default=ignore]      pam_unix.so obscure use_authtok try_first_pass sha512
password        sufficient                      pam_sss.so use_authtok
password        requisite                       pam_deny.so
password        required                        pam_permit.so
password        optional        pam_mount.so disable_interactive
password        optional        pam_gnome_keyring.so

[/etc/pam.d/common-session]

session [default=1]                     pam_permit.so
session requisite                       pam_deny.so
session required                        pam_permit.so
session optional                        pam_umask.so
session required    pam_mkhomedir.so umask=0022 skel=/etc/skel
session required        pam_unix.so
session optional                        pam_sss.so
session optional        pam_mount.so
session optional        pam_systemd.so

then restart the client but the release “Test” is not mounted in /data01/Test

#12

if I temporarily insert the line:

//srv01.gehr.local/Test         /data01/Test    cifs    auto    0       0

in the /etc/fstab file and then:

root@pc001:/home/s.gehr# mount /data01/Test/
Password for s.gehr@//srv01.gehr.local/Test:  *********

the mount will work.

Mastodon