adsys icon indicating copy to clipboard operation
adsys copied to clipboard
verified publisher icon ubuntu

SMB drive not mounted with GPO

Open selcem-artan opened this issue 1 year ago • 1 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues and found none that matched mine

Describe the issue

In Ubuntu v22.04.05 desktop we updated machine policy GPOs through adsys update. We can also see that policy is update in Ubuntu desktop as seen below;

$ adsysctl policy applied --all
Policies from machine configuration:
- Ubuntu_OS_GPO ({XXXXXXXX})
    - dconf:
        - org/gnome/settings-daemon/plugins/power/sleep-inactive-battery-timeout: 0
    - gdm:
        - dconf/org/gnome/login-screen/banner-message-enable: true
        - dconf/org/gnome/login-screen/banner-message-text: 'Test Ubuntu Banner'
    - mount:
        - system-mounts: smb://<smb_driver>/drivers

Unfortunately, GPO is not applied correctly and SMB drive can not be mounted. Error is logged in syslog.

Oct 29 15:57:02 AEL-U4JW00XW6A kernel: [   11.541987] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
Oct 29 15:57:02 AEL-U4JW00XW6A systemd[1]: Failed to mount ADSys mount for smb://<smb_server>/DeptFolder.
Oct 29 15:59:52 AEL-U4JW00XW6A adsysd[4322]: level=error msg="failed to mount \"smb://<smd_server>/deptshares/\": Failed to mount Windows share: Permission denied"
Oct 29 16:15:44 AEL-U4JW00XW6A systemd[1]: Mounting ADSys mount for [krb5]smb://<smb_server>/DeptFolder...
Oct 29 16:15:44 AEL-U4JW00XW6A systemd[1]: Failed to mount ADSys mount for [krb5]smb://<smb_server>DeptFolder.

Steps to reproduce it

  1. In Ubuntu v22.04, install adsysctl
  2. Configure SMB machine GPO in MS AD
  3. Update adsysctl for machine policy updates

Ubuntu users: System information

I will share this file later

Non Ubuntu users: System information

Environment

  • adsys version: please run adsysctl version
  • Distribution: (NAME in /etc/os-release)
  • Distribution version: (VERSION_ID on /etc/os-release):

Log files

Please redact/remove sensitive information:

adsys service logs can be acquired by running `adsysctl service cat -v`.
You can increase the amount of information displayed by increasing the verbosity level (-v) to -vv or -vvv.

Application settings

Please redact/remove sensitive information:

Paste the contents of your adsys.yaml file here, if you created one.

Additional information

No response

Double check your logs

  • [X] I have redacted any sensitive information from the logs

selcem-artan avatar Nov 06 '24 13:11 selcem-artan

Any updates to this?

dnade avatar Apr 03 '25 17:04 dnade