Roaming profiles across devices (Bonus: Web access)

Hi,

just started with UCS. But i struggle to get tutorials on how to set up “common use cases”. The manual is nice but seems to address users with some experience in UCS.

Back to topic:
I have ubuntu machines and joined them (finally) via the domain join.
I have users which can log in to the machines.

What I want:
Users shall log in to the machine, save files into their home dir (or worst case into any specific dir) and when they return the other day and login to another machine with their account their files shall be available there as well.

Bonus stage:
I want the dir to be accessible from “the outside” via browser. For example via nextcloud.

Could someone provide me with some guidance?

Best regards

Edit:

Says "By default there’s a Samba share for the home directories of each user. "
So i assume be default a vanilla installation shall have my desired option ? Or do i miss some point?

I like to push this up and hope for some help.

It’s tough to find “write-ups” as a UCS newbie

Yes it has and for web access see → Q&A: Can I use my Samba Home Folder for Nextcloud?

Roaming Profiles

Thank you a lot.

I already came across the “Roaming Profiles” link, but it only describes the process for Windows clients not for Linux.
But maybe you can help me to clarify this:
As far as i understood:
Whenever a user is created on the UCS a samba share is created for them at \UCSSERVERIP%USERNAME% but is not visible in the admin panel?

If so, how do i enable it for a user?
I’ve already tried to go to User->Account->POSIX
And write the servers IP into “homeshare”, but that not worked out. It shall be invalid.

Best regards and BIG thank you for your help

I think with the default settings it gets created automatic and yes it doesnt show up under shares. But there is a minor difference beetween roaming profiles and home share.

If you want to controll the “create home shares” there is an univention configuration variable (nfs/create/homesharepath) but i think in the default settings it is turned on (yes).

The roaming profiles are typically stored on the ad (samba) server. But i think on linux clients u dont need the roaming profiles folder from windows. You should be fine with the (windows) home share.

Thats the reason there exists the windows-home share and profile variable. You should only need the windows-homeshare path and not the profile variable for linux.

You can try to mount it via nfs or samba if u have a computer in you environment. We dont use linux clients but i have seen some post here in the forum about the linux client usage.

You shouldtn use \ucsserverip\username in the profile settings. UCS brings its own dns service so just use the name und not the ip of your ucs server.

Thank you again!

All user machines are in fact ubuntu clients.
Maybe in the far future, there will be some windows clients but for the near future windows is out of scope.

Okay, so i checked the “DNS” option in the management console, it has a forward and a backward one. Both have different subnets/zone names, but they share the same name server “UCS-XXX.myName.intranet.”.

However, when i try to put this value into the user profile POSIX homeshare field it still tells me that’s not a valid value.
i also tried to add the actual ip at the end but thill not working. The same happens when i add a “\username” at the end.

Try this:

Windows Home Share: \\ucs-xxx\username (use the actual username and your ucs server name not the whole fqdn)

profile dir: %LOGONSERVER%\%USERNAME%\windows-profiles\default

Posix unix Home :

/home/username   (change username with the actual username)

We are using ucs@school so our says:

/home/schoolame/GROUPNAME/username

groupname ist teacher, staff or student

Its just the place on your fileserver. So where the date gets storend (serverside).

For unix home i already have

/home/alice on default (in case of user alice)

But what is the actual POSIX->home share value?
ucs-4242 does not work (with 4242 = my number).

What do you have there?

I checked that link and it also says the home dir is auto-created for every user (section 1,).

I know i can make shared dirs for users or for a group of users, but no clue how to mount the home dir

I left it empty. Homeshare (dropdown menue → is empty, Path to homeshare → username)

To mount the share → just use the default tools of your client to mount nfs share.

Linux should be :

mount ucs-4242:/username

of if your client doesnt use the ucs dns

mount ServerIP:/username

thank you so much for your constant support, i really appreciate this!

I tried both (with my ucs numer and the actual user name ofc) + different other combinations i could imagine. But it still says “not found”.

What i did next was to make a share on the management web interface.
But just gave rwa rights to user and on one else.

After this, i was able to choose the according dir under “home share”.
However it ain’t worked.

I did some more testing.

I wasn’t able to mount the shared device i did on any machine (windows 10 or ubuntu 20.04)

I tried this video till minute 2 on a windows 10 machine

and than i tried to use the file explorer and “add network share” with
\IP\shares\feedback

and the username pw of a user within the domain user group.
I also tried the ucs-4242.domain.intranet one with no success either.

As next step i tried the ubuntu machine with

smbclient -U alice -L //IP/shares/feedback

And other combinations of the path parameter.
All of them returned Error NT_STATUS_UNSUCCESSFUL

So i went to the server and checked port and services.
It seems like no smb service is running (and therefore the server does not listen on port 445).

So i checked more docs and came across this:

And i noticed that i did not installed the “active directory compatible domaincontroller”.
So i installed that one as well (its pretty odd that this is not installed on default, maybe there should be a walk through like "do you want feature x, y or z? Follow the guide a, b, or c. )

After the installation succeeded at least something happened:

smbclient -U alice -L //IP/shares/feedback
Enter WORKGROUP\alice's password: 

	Sharename       Type      Comment
	---------       ----      -------
	netlogon        Disk      Domain logon service
	sysvol          Disk      
	print$          Disk      Printer Drivers
	feedback        Disk      
	home directories Disk      
	IPC$            IPC       IPC Service (Univention Corporate Server)
SMB1 disabled -- no workgroup available

So i probably missed somekind of group.
I checked this link.

and watched the univention registery for “samba4/ldap/base” as well as “ldap/base”, which both have the value dc=MYDOMAIN, dc=INTRANET (one in upper case one in lower case)

therefore i tried:

smbclient -U alice@mydomain.intranet //IP/shares/feedback

as well as different other pates i could imagine, like /home or /home/alice.
They all as for my password and then return

tree connect failed: NT_STATUS_BAD_NETWORK_NAME

Well, that was a bit of a journey so far, but still I am not able to mount any kind of share.
Maybe @crunch or someone else could make use of that informations.

Okay a little update.

I tried to tackle this problem again, but today the commands like

smbclient -U alice -L //IP/shares/feedback
as well as others stoped working. I simply get an NT_STATUS_IO_TIMEOUT

Edit:

i checked dpkg -l | grep univention-samba

which returns 3 entries samba4, samba4-sysvol-sync and samba-local-config.

However it seems like port 445 is not listing ?

sudo ss -tulw | grep 445

returns nothing.

I came across this post and therefore tried to check the service.

My service was dead as well.
However, restarting the service didnt helped.

Okay i played around and restarted the samba service.
I also checked nmbd and smbd both are running as well.

The good:
i can run

smbclient -U alice  //IP/feedback

when iam loged on the server.

The bad
But from the clients i still get the timeout error for the same command. thats crap.

EDIT:
I updated packages, restarted univention and also power cycled the server.
Now the samba daemon is dead again… is this a correct behavior?
nmbd and smbd are active.

Restarted samba service but i still get the TIMEOUT.

EDIT 2:

i tried

netstat -tapn | grep smbd

that one returned a bunch of entries. Including tcp connections on port 445

Dear diary,

today ive tested the same command again.
Suddenly it worked

smbclient -U alice@mydomain.intranet  //IP/feedback

brings me to the smb command line … huuurrraayyy

But i still wonder whats the problem?
I gonna retry this on different networks, maybe they block ports (which the network admin claims they won’t)
My current working wifi connection does use a local router as DNS, maybe that might be a difference?
However, in that case, nextcloud should be able to connect to the smb as well. Lets check that out!

EDIT:

Another good news, i could mount the “home” dir into nextcloud as described here:

But the home dir is empty and is not matching the home dir when alice logs into an ubuntu machine (which wast my tagert).

PS
However, i skipped the workgroup and classes part from the tutorial for now, as my first and foremost step is to ensure (web) access on the home dir. Classes might be a nice bonus in a somewhat future.

I could narrow the TIMEOUT problem. In fact the network did blocked the port 445 (regardless, that the network admin told me, the net work does not block any ports…).

To summarize the situation:

• I made a shared group dir feedback and Alice can connect to it via `smbclient -U Alice@MYDOMAIN.INTRANET //IP/feedback

• I made a shared dir home_directories with path /home and Alice can connect to it via `smbclient -U Alice@MYDOMAIN.INTRANET //IP/home_directories

• Alice can connect to it via `smbclient -U Alice@MYDOMAIN.INTRANET //IP/alice

• i installed nextcloud and added the home folder for the users

• Alice can log on ubuntu machines with her UCS password

open problems

• Data in Alices home dir on the ubuntu machines are not saved into any of the above-listed shares

This topic is still open for me.
Maybe someone can give me some.other ideas how to fix this.