Eduardo,
My last communication with you was back on 11/21/21 when I was trying to join an Ubuntu machine to a Zentyal server. Everything is working well there. It turned out there was a problem on my production server that is remedied now. Thanks for the help back then but now I'm trying to figure out another issue. Prior to now I've used passwordless sshfs for access to the server share but would like to try out samba instead. I know that I'm at a disadvantage because it is difficult to read posts in other languages. Here's the samba mount command I can use to access the share but my problem is I don't want the password in clear text in the mount command: "sudo mount -t cifs -o username=vance,password=7654321,uid=vance,gid="domain users",dir_mode=0755,file_mode=0755 //p5ld2/AyresData /home/vance/shares" Is it possible to pull the password out of CID & inject it into the mount command? Is this through kerberos?
Thanks Eduardo!
Vance
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You can use the pam_mount module to mount any file system, including CIFS, when opening a user session.
The CID provides a way to configure pam_mount on all your linux computers inserted into AD at once. Just edit the shares.xml file that the CID save in your AD's Netlogon share inside the scripts_cid folder.
See the pam_mount documentation to get an idea of the possibilities it offers. Just so you have a sample, you could assemble the share you mentioned with the simple tag:
So, Eduardo here's what I've done. I used the shares.xml file you have in /usr/share/cid/templates/scripts_cid/ & put the line you recommended in the file. I rebooted but the mount didn't work. What am I doing wrong? I have attached 2 files. The shares.xml file is attached as well as a screenshot of the location I put the file & the permissions on the file.
Eduardo,
Further information. The /var/log/cid/scripts.log file simply has a bunch of lines in it that say this: "May 07 22:00:43 E520dt CID Init Script >> start 0: Successfully registered hostn ame with DNS"
Thanks!!!
Vance
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Eduardo,
Thanks for the help. I think I did what you asked me to do. As you have time you can give me other thoughts. I'll continue to try changes. At this point I'm using a Debian derivative called Q4OS for the client & I'm still using Zentyal 6.2 on the server. I would assume either of these could be the problem. I think I'll try Debian Bullseye here pretty quick but if there's a log file or anything else that would help you figure this out I can provide that.
Thanks!!!
Vance
Good news Eduardo,
This is the 1st time I've used the pam_mount capability but as far as I can tell it worked just as it should with Debian Bullseye!!!!
This will give me the foundation to try getting other client OSs to work.
Thanks!!!
Vance
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In fact, I just did a test run with Q4OS to try to help you and it worked for me. I still can't say what happened in your test since its base is Debian itself. But what matters is that now you know the way. I wish you good luck!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Eduardo,
I have some interesting information I'd like to get your feedback on. I did some more testing on this & discovered that if I login with CID users at a TTY console in Q4OS the login script works!!! The shares folder is created & the drive resource from the server is available! Then I logged out of the TTY session & was able to login at the GUI with the CID user but the shares folder is NOT created but if I go back to a TTY session & login with the same CID user I've been using all along the shares folder is created & all the server drive info is there. What's your thoughts on what is going on here & do you know of a way to get it so only the GUI logon is required to cause the logon script to work?
Thanks Eduardo
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Maybe the share is being mounted in the GUI session, but depending on the mount point, this is not visible in the file manager. Generally you must use some subdirectory (non-hidden) within the user's own home directory for the share to be visible. Otherwise, you may not see it, but it is possible that it is mounted. You can check by using the mount or df command to list the volumes mounted on the system.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Here's the mount command in a terminal window in the GUI before I login to vance in a TTY:
vance@q4os-desktop:~$ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=966244k,nr_inodes=241561,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=198292k,mode=755)
/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
none on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=11943)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
sunrpc on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
tmpfs on /run/user/111108 type tmpfs (rw,nosuid,nodev,relatime,size=198292k,nr_inodes=49573,mode=700,uid=111108,gid=110513)
portal on /run/user/111108/doc type fuse.portal (rw,nosuid,nodev,relatime,user_id=111108,group_id=110513)
Here's the mount command when I stay in the GUI but I've gone & logged into a TTY as vance:
vance@q4os-desktop:~$ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=966244k,nr_inodes=241561,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=198292k,mode=755)
/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
none on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=11943)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
sunrpc on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
tmpfs on /run/user/111108 type tmpfs (rw,nosuid,nodev,relatime,size=198292k,nr_inodes=49573,mode=700,uid=111108,gid=110513)
portal on /run/user/111108/doc type fuse.portal (rw,nosuid,nodev,relatime,user_id=111108,group_id=110513)
//p5ld2/AyresData on /home/vance/shares type cifs (rw,relatime,vers=3.1.1,cache=strict,username=vance,uid=111108,forceuid,gid=110513,forcegid,addr=192.168.66.1,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1)
//p5ld2/vance on /home/vance/FTP type cifs (rw,relatime,vers=3.1.1,cache=strict,username=vance,uid=111108,forceuid,gid=110513,forcegid,addr=192.168.66.1,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You're right! It doesn't really mount, but I already have an idea of what could be happening. Which graphical login manager are you using on Q4OS? Tell me the following characteristics so that I can check:
Desktop environment (Trinity or Plasma);
Version or codename;
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Trinity & it's version 4.7. I did just notice that 4.8 has been released though. I did figure out a workaround. Using the command "sudo systemctl set-default multi-user" in a TTY then rebooting changes the OS so it comes up to a TTY login rather than the GUI. Then I simply use startx to start the GUI & the shares are intact.
Thanks for the help Eduardo. You are going above & beyond the standard support for your product CID!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I made the necessary adjustments in the new version of the CID that I just released (1.2.4). With it, you should already have access to the shares by logging in directly to the graphic terminal.
I also thank you for your reports that have contributed to the evolution of the project!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
That did it Eduardo!!! Do you think the change you made in 1.2.4 will a be necessary improvement for other Debian flavors? I would assume the change is only applicable to Debian & its derivatives.
It's been so good to work with you Eduardo & learn more about Linux. If I can be of assistance in the future let me know!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In fact, the change has nothing to do with Debian, but with the TDM login manager. This will be valid for any other distribution that is using this manager, whether based on Debian or not.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Eduardo,
My last communication with you was back on 11/21/21 when I was trying to join an Ubuntu machine to a Zentyal server. Everything is working well there. It turned out there was a problem on my production server that is remedied now. Thanks for the help back then but now I'm trying to figure out another issue. Prior to now I've used passwordless sshfs for access to the server share but would like to try out samba instead. I know that I'm at a disadvantage because it is difficult to read posts in other languages. Here's the samba mount command I can use to access the share but my problem is I don't want the password in clear text in the mount command: "sudo mount -t cifs -o username=vance,password=7654321,uid=vance,gid="domain users",dir_mode=0755,file_mode=0755 //p5ld2/AyresData /home/vance/shares" Is it possible to pull the password out of CID & inject it into the mount command? Is this through kerberos?
Thanks Eduardo!
Vance
Hi Vance!
You can use the pam_mount module to mount any file system, including CIFS, when opening a user session.
The CID provides a way to configure pam_mount on all your linux computers inserted into AD at once. Just edit the shares.xml file that the CID save in your AD's Netlogon share inside the scripts_cid folder.
See the pam_mount documentation to get an idea of the possibilities it offers. Just so you have a sample, you could assemble the share you mentioned with the simple tag:
<volume fstype="cifs" server="p5ld2" path="AyresData" mountpoint="~/shares" />So, Eduardo here's what I've done. I used the shares.xml file you have in /usr/share/cid/templates/scripts_cid/ & put the line you recommended in the file. I rebooted but the mount didn't work. What am I doing wrong? I have attached 2 files. The shares.xml file is attached as well as a screenshot of the location I put the file & the permissions on the file.
Create a folder named scripts_cid in the same location shown in the screenshot and place the file inside.
Here's the shares.xml file.
Eduardo,
Further information. The /var/log/cid/scripts.log file simply has a bunch of lines in it that say this: "May 07 22:00:43 E520dt CID Init Script >> start 0: Successfully registered hostn ame with DNS"
Thanks!!!
Vance
Eduardo,
Thanks for the help. I think I did what you asked me to do. As you have time you can give me other thoughts. I'll continue to try changes. At this point I'm using a Debian derivative called Q4OS for the client & I'm still using Zentyal 6.2 on the server. I would assume either of these could be the problem. I think I'll try Debian Bullseye here pretty quick but if there's a log file or anything else that would help you figure this out I can provide that.
Thanks!!!
Vance
Good news Eduardo,
This is the 1st time I've used the pam_mount capability but as far as I can tell it worked just as it should with Debian Bullseye!!!!
This will give me the foundation to try getting other client OSs to work.
Thanks!!!
Vance
Good, Vance! Thanks for the feedback!
In fact, I just did a test run with Q4OS to try to help you and it worked for me. I still can't say what happened in your test since its base is Debian itself. But what matters is that now you know the way. I wish you good luck!
Eduardo,
I have some interesting information I'd like to get your feedback on. I did some more testing on this & discovered that if I login with CID users at a TTY console in Q4OS the login script works!!! The shares folder is created & the drive resource from the server is available! Then I logged out of the TTY session & was able to login at the GUI with the CID user but the shares folder is NOT created but if I go back to a TTY session & login with the same CID user I've been using all along the shares folder is created & all the server drive info is there. What's your thoughts on what is going on here & do you know of a way to get it so only the GUI logon is required to cause the logon script to work?
Thanks Eduardo
Hi Vance!
What directory are you using to mount this share?
Maybe the share is being mounted in the GUI session, but depending on the mount point, this is not visible in the file manager. Generally you must use some subdirectory (non-hidden) within the user's own home directory for the share to be visible. Otherwise, you may not see it, but it is possible that it is mounted. You can check by using the
mountordfcommand to list the volumes mounted on the system.Here's the mount command in a terminal window in the GUI before I login to vance in a TTY:
vance@q4os-desktop:~$ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=966244k,nr_inodes=241561,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=198292k,mode=755)
/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
none on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=11943)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
sunrpc on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
tmpfs on /run/user/111108 type tmpfs (rw,nosuid,nodev,relatime,size=198292k,nr_inodes=49573,mode=700,uid=111108,gid=110513)
portal on /run/user/111108/doc type fuse.portal (rw,nosuid,nodev,relatime,user_id=111108,group_id=110513)
Here's the mount command when I stay in the GUI but I've gone & logged into a TTY as vance:
vance@q4os-desktop:~$ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=966244k,nr_inodes=241561,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,relatime,size=198292k,mode=755)
/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
cgroup2 on /sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
none on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=11943)
debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
tracefs on /sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
configfs on /sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
sunrpc on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
tmpfs on /run/user/111108 type tmpfs (rw,nosuid,nodev,relatime,size=198292k,nr_inodes=49573,mode=700,uid=111108,gid=110513)
portal on /run/user/111108/doc type fuse.portal (rw,nosuid,nodev,relatime,user_id=111108,group_id=110513)
//p5ld2/AyresData on /home/vance/shares type cifs (rw,relatime,vers=3.1.1,cache=strict,username=vance,uid=111108,forceuid,gid=110513,forcegid,addr=192.168.66.1,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1)
//p5ld2/vance on /home/vance/FTP type cifs (rw,relatime,vers=3.1.1,cache=strict,username=vance,uid=111108,forceuid,gid=110513,forcegid,addr=192.168.66.1,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1)
You're right! It doesn't really mount, but I already have an idea of what could be happening. Which graphical login manager are you using on Q4OS? Tell me the following characteristics so that I can check:
Desktop environment (Trinity or Plasma);
Version or codename;
Trinity & it's version 4.7. I did just notice that 4.8 has been released though. I did figure out a workaround. Using the command "sudo systemctl set-default multi-user" in a TTY then rebooting changes the OS so it comes up to a TTY login rather than the GUI. Then I simply use startx to start the GUI & the shares are intact.
Thanks for the help Eduardo. You are going above & beyond the standard support for your product CID!
I made the necessary adjustments in the new version of the CID that I just released (1.2.4). With it, you should already have access to the shares by logging in directly to the graphic terminal.
I also thank you for your reports that have contributed to the evolution of the project!
That did it Eduardo!!! Do you think the change you made in 1.2.4 will a be necessary improvement for other Debian flavors? I would assume the change is only applicable to Debian & its derivatives.
It's been so good to work with you Eduardo & learn more about Linux. If I can be of assistance in the future let me know!
In fact, the change has nothing to do with Debian, but with the TDM login manager. This will be valid for any other distribution that is using this manager, whether based on Debian or not.
Got it. Thanks Eduardo!