Pam_mount problem with winbind usernames
Pierangelo Masarati
ando at sys-net.it
Tue Nov 30 22:32:57 UTC 2004
Norman wrote:
> The setup is a samba server with mixed clients (samba clients and
> windows clients).
>
> The problem,
>
> I want the linux client to mount there home to their home share on the
> server. The problem is, I have followed the guide mentioned below and
> everything works except that the linux usernames have the format
> domeinnaam+username as a result of which pam_mount wants to mount
> \\server\domeinnaam+username which naturally should be
> \\server\username, can you think of a manner to solve this issue or
> know of another way to solve this problem?
>
> GUIDE: http://www.hants.lug.org.uk/cgi-bin/wiki.pl?LinuxHints/SambaAuth
>
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: about to perform
> mount operations
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: information for mount:
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: --------
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: (defined by globalconf)
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: user: AEGIDIUS+norman
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: server: server
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: volume: AEGIDIUS+norman
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: mountpoint:
> /home/AEGIDIUS/norman
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: options:
> uid=AEGIDIUS+norman,gid=AEGIDIUS+norman,dmask=0750,workgroup=AEGIDIUS
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: fs_key_cipher:
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: fs_key_path:
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: use_fstab: 0
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: --------
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: checking to see if
> //server/AEGIDIUS+norman is already mounted at /home/AEGIDIUS/norman
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: checking for
> encrypted filesystem key configuration
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: about to start
> building mount command
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: command:
> /usr/bin/smbmount //server/AEGIDIUS+norman /home/AEGIDIUS/norman -o
> username=AEGIDIUS+norman,uid=AEGIDIUS+norman,gid=AEGIDIUS+
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: mount errors (should
> be empty):
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: pam_mount: setting
> uid to 0
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: pam_mount: real and
> effective user ID are 0 and 0.
> > Nov 29 14:08:17 xandros login[1050]: 2197: tree connect failed:
> ERRDOS - ERRnosuchshare (You specified an invalid share name)
> > Nov 29 14:08:18 xandros login[1050]: pam_mount: SMB connection failed
>
>
> An here is the configuration rule from pam_mount.conf
>
> > # If user is "*", "&" will be replaced by name of the user logging
> on in the
> > # volume, mount point, mount options and fs key path fields. "~/*"
> will be
> > # replaced with "<user's homedir>/*."
> > # Format:
> > # volume <user> [smb|ncp|nfs|local] <server> <volume> <mount point>
> <mount options> <fs key cipher> <fs key path>
>
>
> > volume * smb server & ~ uid=&,gid=&,dmask=0750,workgroup=AEGIDIUS - -
>
>
> I have been at this for a week now and still haven't found a solution,
> big problems because this week I have to deploy the workstations :(
I'm not aware of any module like this, but, as a last resort, I'd end up
writing a simple pam_stripdomain.so module that hacks the username right
before it gets to pam_mount (and maybe returns it to the initial state
right after. All you need to do is
pam_get_item( pamh,| ||||PAM_USER, (void **)&orig_username );
new_username = strdup( strchr( orig_username, '+' ) + 1 );
pam_set_item( pamh, PAM_USER, (void *)new_username );
|||(with a bit of checkings in between, of course :). The orig_username
should then be freed, or saved for later use, e.g. via the
pam_set_data()/pam_get_data() mechanism.
The module should be always stacked __BEFORE__ pam_mount.so
...
xxxx required pam_stripdomain.so
xxxx required pam_mount.so
# I don't know if this is needed; it depends if there are further
modules that need the unstripped user name.
xxxx required pam_putbackdomain.so
...
This solution is very specific for your needs; the next step would be to
use a regex match, maybe with substrings expansion, and you may find out
that there modules that do this for you even in a more versatile manner.
Just my 2c.
p.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
More information about the Pam-list
mailing list