[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: (no subject)

G'Day.  I am a newbie to the list, but just thought I'd take a stab at
this.  It sounds like you were having a problem gettingg a module to
mount devices prior to authentication.  (Obviously, I am not very
familiar with this pam_mount module, so I know I am treading on thin
ice here.)

It looks like you are forcing the pam_mount module to work as a 
session module, in which case, it would have to mount their drives in
the pam_sm_open_session.  That would require the mounting to occur in
the pam_sm_open_session, rather than the pam_sm_authenticate.  You
might try placing the 

 session  required       pam_mkdir.so
 session  required       pam_mount.so

as auth modules, instead, and see if it works.  Still, if the
authentication is good, and pam_ldap succeeds, you should get a shell,
reguardless of the users home directory being mounted or created.  Try
creating one users home directory and connecting.  If it still fails,
the problem may exist in your pam_ldap configuration.  So, just run a
couple of tests, and you should be able to determine exactly where the
problem occured.

(BTW: isn't a module that returns PAM_SUCCESS supposed to do something
in that function?  If not, it should return PAM_IGNORE, right?)

Joe Lewis, Systems Integrator

> Hi,
> I administrate a 800 computers network and the authentication is
> on a ldap server and the user's data are on a samba server.
> We have a directories called '/home/common', '/home/shares'... etc.
> Users don't have their own home directory, they are authenticated
> the pam_ldap module.
> Our configuration file is the following
> auth     required       pam_nologin.so
> auth     required       pam_ldap.so
> auth     required       pam_mount.so use_firstpass
> account  required       pam_unix.so
> session  required       pam_unix.so
> session  required       pam_mkdir.so umask=0022
> session  required       pam_mkdir.so umask=0022
> session  required       pam_mount.so
> the module pam_mkdir is a module that I wrote for this purpose
> the directories, inspirated from pam_mkhomedir).
> When authenticating, the directories are created with good rights,
> shares are not mounted. Even if I put pam_mount after pam_mkdir.
> I walked into the source code of pam_mount and I saw that this
> mount the shares for the authentication and not for the session.
> <code>
> PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
>                                    int argc, const char **argv)
> {
>         return PAM_SUCCESS;
> }
> </code>
> Thus, session is useless for pam_mount.
> So, I thought that put the directory creation in the auth step could
> a good idea.
> (
> auth  required       pam_mkdir.so umask=0022 directory=/home/common
> auth  required       pam_mkdir.so umask=0022 directory=/home/shares
> auth  required       pam_mount.so use_firstpass
> )
> But the login step doesn't success, do you have an idea ?
> mine is that the pam_mount module should move its mount code from
> to session, but the module is hard to maintain (the MakeFile is
> written thus some includes are missing and we should add'em by
> Do you know other modules than pam_mount to mount the SAMBA shares ?
> Can I miss something in my pam_mkdir code for auth which differs
> session (exepted for the proto the function struct pam_module that
> change according to other source code using the auth process).
> Is it allow to be able to create de directory through the auth
process ?
> (if so.. why does the pam_mount module is able to mount shares
> Thanks a lot,
> -- 
> Sébastien Tricaud <stricaud@mwsp.net>
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []