samba - Dec 2024 - Linux desktop setup with authentication against Samba AD DC

On 23.12.2024 11:49, Rowland Penny via samba wrote:
> On Mon, 16 Dec 2024 13:23:54 +0100
> Marco Gaiarin via samba <samba at lists.samba.org> wrote:
>
>> Mandi! Rowland Penny via samba
>>    In chel di` si favelave...
>>
>>> I tested on Gnome, MATE and XFCE on Debian 12, Cinnamon on Lmde6
>>> and on Rocky Linux 9 and the only one that gave any problem was
>>> MATE and that is a problem in its code (somewhere), it mounts but
>>> is unusable.
>> Surely more then me. ;-)
>>
>>
>> You've also setup a wiki page for that? Can i help?
>>
> Okay, I have finally documented my version of this, the delay was
> caused by:
> A) it is Xmas
> B) While I could get the desktop to mount, I found that GNOME &
> Cinnamon wouldn't unmount it at logout.
>
> I finally traced this to a timing problem, XCFE is quite happy with '
> logout wait="200000"', Gnome & Cinnamon require
'logout wait="2000000"'
>
> I also wrote a small bash script to create the users home directory on
> the 'fileserver' on the fly.
>
> You can find my notes here:
>
>
https://github.com/hortimech/Samba/blob/main/Mounting%20a%20domain%20users%20home%20directory%20at%20logon
>
> Rowland
>
>
Hi Rowland,

Great write up.

But I don't understand the purpose of the homes share in smb.conf in 
this context. It's really not necessary. The user's home directory gets 
created on logon, and is removed (hopefully) at? logoff by pam-mount. My 
specific aim was to make sure any files or directories on the client are 
removed after logoff.

Anyway, I replicated 10 PCs (identical hardware) from my master image. 
Each PC took less than 10 minutes to configure. This included copying 
the .xsessionrc to each user home directory on the server. Copying the 
master image over the network took some time, however. That of course 
depends on the disk size and network speed. But one can do other tasks 
while the copy process is running.

Best regards,

Peter

On Wed, 25 Dec 2024 12:25:01 +0100
Peter Milesson via samba <samba at lists.samba.org> wrote:
> 
> 
> 
> On 23.12.2024 11:49, Rowland Penny via samba wrote:
> > On Mon, 16 Dec 2024 13:23:54 +0100
> > Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> >
> >> Mandi! Rowland Penny via samba
> >>    In chel di` si favelave...
> >>
> >>> I tested on Gnome, MATE and XFCE on Debian 12, Cinnamon on
Lmde6
> >>> and on Rocky Linux 9 and the only one that gave any problem
was
> >>> MATE and that is a problem in its code (somewhere), it mounts
but
> >>> is unusable.
> >> Surely more then me. ;-)
> >>
> >>
> >> You've also setup a wiki page for that? Can i help?
> >>
> > Okay, I have finally documented my version of this, the delay was
> > caused by:
> > A) it is Xmas
> > B) While I could get the desktop to mount, I found that GNOME &
> > Cinnamon wouldn't unmount it at logout.
> >
> > I finally traced this to a timing problem, XCFE is quite happy with
> > ' logout wait="200000"', Gnome & Cinnamon
require 'logout
> > wait="2000000"'
> >
> > I also wrote a small bash script to create the users home directory
> > on the 'fileserver' on the fly.
> >
> > You can find my notes here:
> >
> >
https://github.com/hortimech/Samba/blob/main/Mounting%20a%20domain%20users%20home%20directory%20at%20logon
> >
> > Rowland
> >
> >
> Hi Rowland,
> 
> Great write up.
> 
> But I don't understand the purpose of the homes share in smb.conf in 
> this context. It's really not necessary. The user's home directory
> gets created on logon, and is removed (hopefully) at? logoff by
> pam-mount. My specific aim was to make sure any files or directories
> on the client are removed after logoff.
As I said in my tutorial, you need a minimum of 3 'computers':
A DC to create the users on
A fileserver to store the users home directory on
A client.

In my setup, pam mount on the client mounts a share from the
fileserver. This share must exist, but it must be initially empty, this
is where the 'homes' share and the 'root preexec' script comes
in. The
client authenticates the user from the DC, then pam_mount attempts to
mount the users home directory from the fileserver and, if this is the
first logon ever for the user, the 'root preexec' script creates the
empty users share. Once pam_mount has mounted the share, The users home
directory is initially populated on the client and because it is a
mount, it is also populated on the fileserver, when the user logs out,
all traces of that user are removed from the computer, but remain on
the fileserver, ready for next logon, a bit like roaming profiles, but
without the wait.
> 
> Anyway, I replicated 10 PCs (identical hardware) from my master
> image. Each PC took less than 10 minutes to configure. This included
> copying the .xsessionrc to each user home directory on the server.
> Copying the master image over the network took some time, however.
> That of course depends on the disk size and network speed. But one
> can do other tasks while the copy process is running.
I am not entirely sure just what you are doing, but it sounds similar
to installing a distro and then configuring pam_mount.