I got this partly working on ubuntu 16.04 according to https://wiki.contribs.org/Client_Authentication:Ubuntu_via_sssd/ldap.
Login works well but the volumes defined in pam_mount.conf.xml are not mounted. I don't get any messages about this in any logfile so I suppose pam-mount is maybe ignored? Is there a way to debug this?
pam_mount needs to be configured in the pam stack. I'm not an Ubuntu expert, but on fedora, it's in /etc/pam.d/password-auth. The pam_mount module must be set as optional, and placed before any sufficient module, eg:
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth optional pam_mount.so
auth requisite pam_succeed_if.so uid >= 1000 quiet_success
auth sufficient pam_sss.so use_first_pass
auth required pam_deny.so
[...]
session optional pam_keyinit.so revoke
session required pam_limits.so
-session optional pam_systemd.so
session optional pam_oddjob_mkhomedir.so umask=0077
session optional pam_mount.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
session optional pam_sss.so
(Note that in this case I've placed the pam_mount after a sufficient module, because I don't want it to be triggered for local users, I only want it for domain users, so it's placed before the pam_sss)
Also, is there a way to change the clients home directory from /home/e-smith/files/users/manuel
to something shorter?
Yes, you need to set something like
override_homedir = /home/%u
in your /etc/sssd/sssd.conf file, in the [nss] section. See man sssd.conf for more details
Cheers,
Daniel