Cool Solution - Mount Samba shares in Nextcloud
From Univention Wiki
Note: Cool Solutions are articles documenting additional functionality based on Univention products. Packages provided by a Cool Solutions Repository are built by Univention, but will not be maintained.
Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.
Nextcloud is a free and open source file hosting service and available in the Univention App Center to easily install it on UCS. Nextcloud is capable of mounting external storages from different backends, including Samba shares. A few packages made by Univention enable you to automatically mount your UCS@school shares such as class or workgroup shares. To install these, the Cool Solutions Repository must be enabled.
Prerequisites
The Nextcloud server must be able to access the SMB shares you intend to mount. To accomplish this, make sure that Port 445 on the Samba server(s) is reachable from the Nextcloud server.
A good way to test whether access works is smbclient. In a domain with the LDAP base dc=ucs,dc=local and a Samba server called fileserver a command could look as follows:
smbclient -U user@ucs.local //fileserver/share
smbclient will ask for the user's password and try to connect. If it connects successfully, you will be prompted with an interactive shell on the Samba share.
Enabling Nextcloud for users and groups
Nextcloud access can be enabled manually via the web interface UMC using the Users or Groups module. In the Users module, open a specific user, switch to Advanced settings and tick the checkbox in the Nextcloud dropdown. In the Groups module, open a specific group, switch to Nextcloud and tick the checkbox. After Nextcloud is installed, newly created users are automatically enabled in Nextcloud.
The package univention-nextcloud-enable-for-classes-and-workgroups from the Cool Solutions Repository enables all classes, workgroups and Domain Users <OU> groups for Nextcloud. This is required for the groups to show up in Nextcloud and be used there to limit access to shares to their respective groups. The package must be installed on the domaincontroller master of your domain!
univention-install univention-nextcloud-enable-for-classes-and-workgroups
To mount Samba shares in Nextcloud the files_external Nextcloud app must be enabled. To enable the app, login to Nextcloud with an admin user (e.g. Administrator) and switch to Settings -> Apps. Look for External Storage support and click Enable. Once the files_external app is enabled, external storage mounts can be configured via Settings -> Administration -> External Storages. To configure external storages the share's windows domain must be set in Nextcloud. Note that the windows domain might change between Samba updates. The windows domain can be obtained via UCR:
ucr get windows/domain
One file server
A mount for home shares can be configured very easily with a generic mount. Configure the mount as follows and save it by clicking on the small tick icon. A red square (bad) or green circle (good) tells you whether access to the share was successful, with the currently logged in user.
| Folder name | External Storage | Authentication | Configuration/Host | Configuration/Share | Configuration/Remote Subfolder | Configuration/Domain | Available for |
|---|---|---|---|---|---|---|---|
| Home | SMB/CIFS | Log-in credentials, save in session | <HOST or IP> | / | $user | <WINDOWS DOMAIN> |
Multiple file servers
If users' home directories are stored on multiple servers, such as in an UCS@school multi server environment with file servers at each school, the package univention-nextcloud-samba-home-share-config from the Cool Solutions Repository can be installed on the Nextcloud server to automatically configure Home share mounts for ALL schools in the domain. For the package to function the groups "Domain Users <OU>" must be activated for Nextcloud. univention-nextcloud-enable-for-classes-and-workgroups does this automatically as mentioned above.
univention-install univention-nextcloud-samba-home-share-config
Prerequisites
The packages mentioned in the following paragraphs require the roles feature, introduced in UCS@school 4.3 v4. To enable it, execute the following on your UCS domaincontroller master:
ucr set ucsschool/feature/roles=yes /usr/share/ucs-school-import/scripts/migrate_ucsschool_roles --all-objects --modify
Since mounts for classes and workgroups can't be configured as generic as the home shares, Univention developed a package for that purpose. It automatically checks all groups that are enabled for Nextcloud and configures a mount for a share of the same name, if there is one.
If a Domain Users <OU> group is enabled, it configures the common share Marktplatz for that OU. If don't want mounts for the Marktplatz share, set the following variable on the Nextcloud host before you install the package univention-nextcloud-samba-group-share-config:
ucr set nextcloud-samba-group-share-config/ignoreMarktplatz=true
The module can also configure mounts for UCS@school roleshares. Those are mostly used to give teachers access to student's home directories. Since roleshares are not active and the relevant package is not installed by default, an UCR variable must be set before the installation to make the package configure mounts for them:
ucr set nextcloud-samba-group-share-config/configureRoleshares=true
The package comes from the Cool Solutions Repository and must be installed on the UCS server on which the Nextcloud app is installed.
univention-install univention-nextcloud-samba-group-share-config
By default a common share called "Marktplatz" is configured for every school in UCS@school. Users can also create more shares available for all users via the web interface and mount them for all users in the Windows logon scripts using the UCR variable ucsschool/userlogon/commonshares.
To also configure a mount for all common shares on a certain server, the package univention-nextcloud-samba-common-share-config from the Cool Solutions Repository can be used. It is triggered on changes of ucsschool/userlogon/commonshares and configures a mount for the shares from that variable on a remote Nextcloud host. The Nextcloud host must be reachable via SSH from the system, where univention-nextcloud-samba-common-share-config is installed!
First, set a few variables to configure univention-nextcloud-samba-common-share-config:
ucr set nextcloud-samba-share-config/remoteUser=<USER to SSH into remote Nextcloud host> ucr set nextcloud-samba-share-config/remotePwFile=<PASSWORD FILE for USER on remote Nextcloud host> ucr set nextcloud-samba-share-config/remoteHost=<HOSTNAME or IP of remote Nextcloud host> ucr set nextcloud-samba-share-config/nextcloudGroup=<GROUP to allow acces to the common shares, should be Domain Users <OU> in most cases>
Afterwards the package can be installed:
univention-install univention-nextcloud-samba-common-share-config
Make sure to separate common shares with commas and no additional spaces like so:
ucr set ucsschool/userlogon/commonshares=share1,share2
Known issues
External storage admin GUI becomes unusable
Nextcloud's web UI allows admins to configure and manage external storage mounts (Settings -> External Storages). The web UI's performance doesn't scale and it becomes unusable with several hundred SMB share mounts configured. The rest of the UI is not affected by this. External storages can still be managed via the official CLI tool "occ". See the official documentation for usage info: https://docs.nextcloud.com/server/14/admin_manual/configuration_server/occ_command.html#files-external-label
