Failure mounting cifs volumes pam_mount

Bug #1586707 reported by Eduardo Santos de Moraes on 2016-05-28
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Undecided
Unassigned

Bug Description

Since version " 2: 4.3.8 + dfsg - 0ubuntu0.14.04.2 " current " 2: 4.3.9 + dfsg - 0ubuntu1 " that cifs volumes with " SGRP " attribute in pam_mount are not mounted .

In fact the volume is only mounted when the volume access permission group is the primary group that is logged in, otherwise the volume is not mounted.

For example:

<volume sgrp="administrators" fstype="cifs" server="Fileserver" path="share" mountpoint="/home/%(user)/share" />

If the share has only limited access to " administrators " and the user's primary group for this , so the volume is mounted . But even if the user belongs to the Administrators group , just not being the primary user group ( in Active Directory usually the primary group by default is " Domain Users " ) , the same share is not mounted.

Distros : Ubuntu 14.04 or higher.

description: updated
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in samba (Ubuntu):
status: New → Confirmed
Aleksi (aleksi-vartiainen) wrote :

I confirm that this bug occurs on Ubuntu 16.04 as well. A workaround is to omit the "sgrp" attribute which sometimes causes a 10-second hang per mount for local users (with no permission for volume) when logging in. With 10 volumes to mount... yikes!

My configuration:

<volume user="*" sgrp="residents" fstype="cifs" server="domain.example.com" path="data/users/%(USER)/documents" mountpoint="~/Documents" options="uid=%(USER),gid=100,dir_mode=0700,file_mode=0700,nounix,iocharset=utf8,rw,sec=ntlmsspi" />

Changed in samba (Ubuntu):
status: Confirmed → Invalid

In fact the problem is solved using the "winbind expand groups" parameter in /etc/samba/smb.conf with the value of 1 (winbind expand groups = 1) .

This was the default in earlier versions of samba, and was changed to 0 (winbind expand groups = 0) from version 4.2.x.

I appreciate the contribution !

Aleksi (aleksi-vartiainen) wrote :

The value of "winbind expand groups" is 1 for me. However, PAM still refuses to mount. I resolved this by changing the primary group of each user in Active Directory to match the value of "sgrp", so apparently the attribute still only works if it's the primary group of the user.

silicium02 (silicium02) wrote :

Changing the value of "winbind expand groups" to 1 works for me (on Kubuntu 16.04).

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers