Ubuntu
libpam-mount package

mkhomedir and pam_mount incompatibility

Bug #2040281 reported by Virginie Trinite
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libpam-mount (Ubuntu)
Triaged
Undecided
Unassigned
pam (Ubuntu)
Triaged
Undecided
Unassigned

Bug Description

Hello
I have use realm to join a domain without difficulty and use
pam-auth-update --enable mkhomedir, as suggest by the documentation
The problem is, when a new user log into the system, the content of /etc/skel is not copy into the new home directory, even if Download Desktop.... are created.
Adduser work normally and the homedirectory is created fine.
The problem come from the additional pam module pam_mount, in my case this one try to mount a shared ressource in the homedir of the user.
By default in /etc/pam.d/common.session pam_mount is called before pam_mkhomedir.so.
If I deplace the pam_mkhomedir line before the pam_mount everything is working fine

Thanks for your attention

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Hi Virgine,

Thanks for taking the time to report this bug.

Would you mind describing in which Ubuntu version you are having the issues? Could you also confirm the versions of the packages in question?

Moreover, could you point us to the documentation you are referring to?

Finally, would you be able to write a short reproducer so we can better assist with this bug here?

Thanks.

I am marking this bug as incomplete until we get more information. Please, set it back to new once the information is provided.

Changed in libpam-mount (Ubuntu):
status: New → Incomplete
Changed in pam (Ubuntu):
status: New → Incomplete
Revision history for this message
Virginie Trinite (vitrini) wrote :

Hi
I use Ubuntu 22.04.3 LTS

libpam-systemd/jammy-updates 249.11-0ubuntu3.11 amd64
libpam-modules/jammy-updates,jammy-security,now 1.4.0-11ubuntu2.3 amd64
libpam-mount/jammy,now 2.18-2build2 amd64

The documentation is the whitepaper from https://ubuntu.com/engage/microsoft-active-directory

Step to reproduce the bug
*install realmd: sudo apt install sssd-ad sssd-tools realmd adcli
*join a domain: sudo realm join domaine.local -U adminuser
*enable mkhomedir: sudo pam-auth-update --enable mkhomedir
*install pam_mount: sudo apt install lib_pam_mount
*create a directory for the user to link the share: sudo mkdir /etc/skel/Shared/
*configure pam_mount to automount the shared directory into /home/$USER/Shared, this part depend of the configuration of the shared directory:
add in /etc/security/pam_mount.conf.xml after <!-- Volume definitions -->
<volume fstype="cifs" server="fileserver" path="path_to_shared" mountpoint="/home/%(DOMAIN_USER)/Shared" user="*" options="username=%(USER),user=%(USER),domain=domaine.local,iocharset=utf8" />
*have a new user log into the machine: the new homedirectory is missing part of the /etc/skel

Virginie Trinite (vitrini)
Changed in libpam-mount (Ubuntu):
status: Incomplete → New
Changed in pam (Ubuntu):
status: Incomplete → New
Revision history for this message
Mitchell Dzurick (mitchdz) wrote :

Hi Virginie, I tried to reproduce this in an LXD vm

$ lxc launch ubuntu:jammy j --vm
$ lxc shell j
# apt install -y sssd-ad sssd-tools realmd adcli
# pam-auth-update --enable mkhomedir
# sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main universe restricted multiverse"
# apt install -y lib_pam_mount

Now add
<volume fstype="cifs" server="fileserver" path="path_to_shared" mountpoint="/home/%(DOMAIN_USER)/Shared" user="*" options="username=%(USER),user=%(USER),domain=domaine.local,iocharset=utf8" />

Under <!-- Volume definitions --> in /etc/security/pam_mount.conf.xml

# adduser mitch
# su mitch
$ ls ~/
shared

I see the shared folder in my test, is your issue that you don't see the shared folder?

Changed in libpam-mount (Ubuntu):
status: New → Incomplete
Changed in pam (Ubuntu):
status: New → Incomplete
Revision history for this message
Virginie Trinite (vitrini) wrote : Re: [Bug 2040281] Re: mkhomedir and pam_mount incompatibility

Hi

No the bug is not that the shared is not accessible, it is that the
homedir is incomplete. For example .bashrc will not be in the homedir of
the new user (and any other files in /etc/skel), but the directories in
/etc/skel will be correctly copied.

Thanks for your attention.

Virginie

Le 27/10/2023 à 19:33, Mitchell Dzurick a écrit :
> Hi Virginie, I tried to reproduce this in an LXD vm
>
> $ lxc launch ubuntu:jammy j --vm
> $ lxc shell j
> # apt install -y sssd-ad sssd-tools realmd adcli
> # pam-auth-update --enable mkhomedir
> # sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main universe restricted multiverse"
> # apt install -y lib_pam_mount
>
> Now add
> <volume fstype="cifs" server="fileserver" path="path_to_shared" mountpoint="/home/%(DOMAIN_USER)/Shared" user="*" options="username=%(USER),user=%(USER),domain=domaine.local,iocharset=utf8" />
>
> Under <!-- Volume definitions --> in /etc/security/pam_mount.conf.xml
>
> # adduser mitch
> # su mitch
> $ ls ~/
> shared
>
>
> I see the shared folder in my test, is your issue that you don't see the shared folder?
>
> ** Changed in: libpam-mount (Ubuntu)
> Status: New => Incomplete
>
> ** Changed in: pam (Ubuntu)
> Status: New => Incomplete
>

Revision history for this message
Virginie Trinite (vitrini) wrote :

And the user should be a user of the domain, not a one you add with adduser

Le 27/10/2023 à 19:33, Mitchell Dzurick a écrit :
> Hi Virginie, I tried to reproduce this in an LXD vm
>
> $ lxc launch ubuntu:jammy j --vm
> $ lxc shell j
> # apt install -y sssd-ad sssd-tools realmd adcli
> # pam-auth-update --enable mkhomedir
> # sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -sc) main universe restricted multiverse"
> # apt install -y lib_pam_mount
>
> Now add
> <volume fstype="cifs" server="fileserver" path="path_to_shared" mountpoint="/home/%(DOMAIN_USER)/Shared" user="*" options="username=%(USER),user=%(USER),domain=domaine.local,iocharset=utf8" />
>
> Under <!-- Volume definitions --> in /etc/security/pam_mount.conf.xml
>
> # adduser mitch
> # su mitch
> $ ls ~/
> shared
>
>
> I see the shared folder in my test, is your issue that you don't see the shared folder?
>
> ** Changed in: libpam-mount (Ubuntu)
> Status: New => Incomplete
>
> ** Changed in: pam (Ubuntu)
> Status: New => Incomplete
>

Steve Langasek (vorlon)
Changed in libpam-mount (Ubuntu):
status: Incomplete → Triaged
Changed in pam (Ubuntu):
status: Incomplete → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.