SOLVED CIFS/Samba Shares with pam_mount in Linux

[JR Gonzalez]

I'm having a problem and hoping someone could point me in the right direction. I use pam_mount to mount user home directories on Linux boxes but for whatever reason mount.cifs is forcing forceuid/forcegid when mounting:

# mount
//server/directory on /mnt/directory type cifs (rw,nosuid,nodev,relatime,vers=1.0,cache=strict,username=jrg,domain=domain,uid=2000,forceuid,gid=2004,forcegid,addr=xxx.xxx.xxx.xxx,unix,posixpaths,mapposix,acl,rsize=61440,wsize=65536,actimeo=1)

Am I missing something here? I use FreeNAS as the AD DC and authenticate against it. I can see domain users and groups with getent. The mounts have the uid and the user's default domain group as ownership. Not really sure how to make it so I can chgrp dirs./files on the Linux boxes. Any help is appreciated. Thanks.

 

[Mirfster]

Can you please let us know how you currently have your Dataset(s) and Share(s) setup? Also, out of curiosity, did you create a Dataset and choose the option to "Use as Home Share"?

 

[JR Gonzalez]

So far I've been testing it with one of the a shares that isn't assigned as home directories. The dataset is set to Windows. The permissions are set to a domain user and a domain group. The permission type is set to Windows. Whenever I use pam_mount to mount it with mount.cifs it gives me forcegid/forceuid as options for any share it mounts. Not sure if the problem is on the Linux side or if the FreeNAS box is reporting it doesn't support proper Windows permissions / ACLs.

 

[JR Gonzalez]

Is there possibly a VFS module I need to load in order to get this to function properly?

 

[Mirfster]

The dataset is set to Windows

Try setting it to "Unix" and see what happens. This should not really affect Windows Users trying to map to the drive I believe.

 

[JR Gonzalez]

It was already set as unix. I changed it to Windows because I am trying to use strictly ACLs and domain users/groups and come completely off the dilapidated unix permissions. They are not very flexible. The problem I'm having is with the forcegid and forceuid which mount.cifs seems to force on the share when mounting. I can't find anywhere that it is set or any means to turn it off. This prevents me from using chown chgrp on anything.

 

[JR Gonzalez]

//server.server.tld/directory on /mnt/directory type cifs (rw,nosuid,nodev,relatime,vers=1.0,cache=strict,username=jrg,domain=domain,uid=2000,forceuid,gid=2021,forcegid,addr=xxx.xxx.xxx.xxx,unix,posixpaths,mapposix,acl,rsize=61440,wsize=65536,actimeo=1)

The uid= and gid= flags work fine in pam_mount. I changed the default gid (which is the actual gid of the share) using gid=2021. But as you can see above... the forcegid and forceuid prevent chown or chgrp from functioning properly. I can't seem to find anywhere to stop those options from being used during mount.

 

[JR Gonzalez]

Never did find a solution for this. There seems to be a problem with either FreeNAS samba or maybe mount.cifs. Gave up and used NFS for the Linux boxes.

 

[JR Gonzalez]

vfs_streams_xattr is activated by default. Removing the vfs module allowed it to function as normal. Go to advanced share settings and removed it from the list.