Pam_mount problem with winbind usernames

Pierangelo Masarati ando at sys-net.it
Tue Nov 30 22:32:57 UTC 2004


Norman wrote:

> The setup is a samba server with mixed clients (samba clients and 
> windows clients).
>
> The problem,
>
> I want the linux client to mount there home to their home share on the 
> server. The problem is, I have followed the guide mentioned below and 
> everything works except that the linux usernames have the format 
> domeinnaam+username as a result of which pam_mount wants to mount 
> \\server\domeinnaam+username which naturally should be 
> \\server\username, can you think of a manner to solve this issue or 
> know of another way to solve this problem?
>
> GUIDE: http://www.hants.lug.org.uk/cgi-bin/wiki.pl?LinuxHints/SambaAuth
>
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: about to perform 
> mount operations
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: information for mount:
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: --------
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: (defined by globalconf)
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: user: AEGIDIUS+norman
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: server: server
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: volume: AEGIDIUS+norman
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: mountpoint: 
> /home/AEGIDIUS/norman
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: options: 
> uid=AEGIDIUS+norman,gid=AEGIDIUS+norman,dmask=0750,workgroup=AEGIDIUS
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: fs_key_cipher:
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: fs_key_path:
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: use_fstab: 0
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: --------
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: checking to see if 
> //server/AEGIDIUS+norman is already mounted at /home/AEGIDIUS/norman
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: checking for 
> encrypted filesystem key configuration
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: about to start 
> building mount command
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: command: 
> /usr/bin/smbmount //server/AEGIDIUS+norman /home/AEGIDIUS/norman -o 
> username=AEGIDIUS+norman,uid=AEGIDIUS+norman,gid=AEGIDIUS+
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: mount errors (should 
> be empty):
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: pam_mount: setting 
> uid to 0
> > Nov 29 14:08:17 xandros login[1050]: pam_mount: pam_mount: real and 
> effective user ID are 0 and 0.
> > Nov 29 14:08:17 xandros login[1050]: 2197: tree connect failed: 
> ERRDOS - ERRnosuchshare (You specified an invalid share name)
> > Nov 29 14:08:18 xandros login[1050]: pam_mount: SMB connection failed
>
>
> An here is the configuration rule from pam_mount.conf
>
> > # If user is "*", "&" will be replaced by name of the user logging 
> on in the
> > # volume, mount point, mount options and fs key path fields. "~/*" 
> will be
> > # replaced with "<user's homedir>/*."
> > # Format:
> > # volume <user> [smb|ncp|nfs|local] <server> <volume> <mount point> 
> <mount options> <fs key cipher> <fs key path>
>
>
> > volume * smb server & ~ uid=&,gid=&,dmask=0750,workgroup=AEGIDIUS - -
>
>
> I have been at this for a week now and still haven't found a solution, 
> big problems because this week I have to deploy the workstations :(

I'm not aware of any module like this, but, as a last resort, I'd end up 
writing a simple pam_stripdomain.so module that hacks the username right 
before it gets to pam_mount (and maybe returns it to the initial state 
right after.  All you need to do is


        pam_get_item( pamh,| ||||PAM_USER, (void **)&orig_username );
        new_username = strdup( strchr( orig_username, '+' ) + 1 );
        pam_set_item( pamh, PAM_USER, (void *)new_username );

|||(with a bit of checkings in between, of course :).  The orig_username 
should then be freed, or saved for later use, e.g. via the 
pam_set_data()/pam_get_data() mechanism.

The module should be always stacked __BEFORE__ pam_mount.so

...
xxxx    required        pam_stripdomain.so
xxxx    required        pam_mount.so
# I don't know if this is needed; it depends if there are further 
modules that need the unstripped user name.
xxxx    required        pam_putbackdomain.so
...

This solution is very specific for your needs; the next step would be to 
use a regex match, maybe with substrings expansion, and you may find out 
that there modules that do this for you even in a more versatile manner. 
 Just my 2c.

p.




    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497




More information about the Pam-list mailing list