Users/account/posix section unclear/not working

UCS - Univention Corporate Server
1

I am hosting a home share for NFS and SAMBA use on a member server, so users can work on their most important files with both Windows and Linux clients (Windows 10 support coming to an end…)

It’s working fine enough for Samba and the NFS export seems ok, too, it’s visible everywhere via autofs.

But I’m a bit confused as to how to make it work for Linux clients.

The users/account/posix section lists

  1. Unix home directory, which requires an absolute path
  2. Home share, which lets me select the NFS share created on the member server
  3. Home share path, which is relative to the share from 2

If I leave #2 and #3 empty, #1 refers to an absolute path on whichever server of the domain you happen to log into. Fine for admin users on those Linux machines, but here I want a follow-me-home.

I’d then assume that something in Univention will then map the NFS share specified by #2, create the directory expressed in #3 and mount that on #1.

But that’s not happening, instead #2 and #3 are seemingly ignored and on any member server #1 is created on login.

The 5.* documentation doesn’t even explain the “account” section, the older 4.* documentation offers no information as to what is going on behind the scene, either.

Now I guess I could just use the automounter to get things where I want them via #1, but I am assuming that #2 and #3 exist for a reason… which isn’t well documented I’m afraid.

P.S.
What’s a little unexpected is that in the Windows section above, variable substitution for things like %USERNAME% are accepted and working for the Windows profile directory, but not for the Windows home path: any reason for that?

2

Lots of extra testing reveals the following:

I am basically following the procedure described here: How-to: Samba Homes and Shares - Basics

I have an NFS share on a member server created via domain/shares, exporting for both Samba and NFS. Both are also visible and usable manually, for read and write access.

I then put /home/[username] (/home/testuser in this case) into the /user/account/posix section of the user account data (#1 from the top post), select the NFS share created above from the drop-down menu for the home share (#2) and add testuser into the (relative) home-share path (#3).

But it just doesn’t work as expected.

When I log in (putty session or just a plain su - testuser from a member server), a matching (name and ownership) directory is created on the NFS share for a new user added and the home directory is created and filled with some basic config data, while the NFS directory remains empty.

Evidently the two simply aren’t tied together, the NFS isn’t mounted where #1 is pointing. I can (as root) manually mount the NFS share to that home directory, effectivaly hiding the auto-created profile data within it, but it’s not happening at login.

I have no idea if it’s some race condition (NFS export is synchronous, if anyone should wonder), or a logic issue in the /usr/sbin/univention-mount-homedir which seems to be responsible for the magic under the roof.

I have a CS master, but I started IT 45 years ago and never got around programming in Python: I’d have to see full traces or debug to understand what’s going wrong, the code and logs alone aren’t geving me enough information and I can’t see any trace of any outright failure.

But I did notice, that while #1 (the home directory) isn’t allowed to be empty when home share and home path are used, its actual content seems to be ignored or overrriden elsewhere.

I had mounted the NFS share on /roam and then put /roam/jdoe into home directory (#1) to see if it made any difference, only to have /home/jdoe created on the member server…

At this point I no longer think I am doing anything wrong, but that there is either an outride bug or same odd side effect at play.

Testing is made a bit more confusing by (unconfirmed) fact that just changing the various paths in user configuration and deleting the created directories doesn’t seem to trigger their recreation. Some data seems to be cached somewhere which means I really have to create a new user for very debugging attempt…

What’s really needed is some theory of operation documentation, which explains how those fields correlate and what is supposed to happen there in the background. Or a bug fix…

3

I found the source of the issue: this only works with Univention servers, which have the matching login script plumbing.

It’s logical, I’ll admit, but it points to the underlying issue that domain join scripts for Linux distributions do not exist, while Univention member servers can’t really serve as generic client desktops: they just have too much Univention specific plumbing inside.

My understanding has always been that Univention is the go-to solution, when you want to support a mix of Windows and Linux (even the Fruity Cult) clients with a unified IAS and file share solution.

That requires integration of Linux clients, at least some of the major ones.