[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam_mount problem with winbind usernames



Norman wrote:

The setup is a samba server with mixed clients (samba clients and windows clients).

The problem,

I want the linux client to mount there home to their home share on the server. The problem is, I have followed the guide mentioned below and everything works except that the linux usernames have the format domeinnaam+username as a result of which pam_mount wants to mount \\server\domeinnaam+username which naturally should be \\server\username, can you think of a manner to solve this issue or know of another way to solve this problem?

GUIDE: http://www.hants.lug.org.uk/cgi-bin/wiki.pl?LinuxHints/SambaAuth

> Nov 29 14:08:17 xandros login[1050]: pam_mount: about to perform mount operations
> Nov 29 14:08:17 xandros login[1050]: pam_mount: information for mount:
> Nov 29 14:08:17 xandros login[1050]: pam_mount: --------
> Nov 29 14:08:17 xandros login[1050]: pam_mount: (defined by globalconf)
> Nov 29 14:08:17 xandros login[1050]: pam_mount: user: AEGIDIUS+norman
> Nov 29 14:08:17 xandros login[1050]: pam_mount: server: server
> Nov 29 14:08:17 xandros login[1050]: pam_mount: volume: AEGIDIUS+norman
> Nov 29 14:08:17 xandros login[1050]: pam_mount: mountpoint: /home/AEGIDIUS/norman
> Nov 29 14:08:17 xandros login[1050]: pam_mount: options: uid=AEGIDIUS+norman,gid=AEGIDIUS+norman,dmask=0750,workgroup=AEGIDIUS
> Nov 29 14:08:17 xandros login[1050]: pam_mount: fs_key_cipher:
> Nov 29 14:08:17 xandros login[1050]: pam_mount: fs_key_path:
> Nov 29 14:08:17 xandros login[1050]: pam_mount: use_fstab: 0
> Nov 29 14:08:17 xandros login[1050]: pam_mount: --------
> Nov 29 14:08:17 xandros login[1050]: pam_mount: checking to see if //server/AEGIDIUS+norman is already mounted at /home/AEGIDIUS/norman
> Nov 29 14:08:17 xandros login[1050]: pam_mount: checking for encrypted filesystem key configuration
> Nov 29 14:08:17 xandros login[1050]: pam_mount: about to start building mount command
> Nov 29 14:08:17 xandros login[1050]: pam_mount: command: /usr/bin/smbmount //server/AEGIDIUS+norman /home/AEGIDIUS/norman -o username=AEGIDIUS+norman,uid=AEGIDIUS+norman,gid=AEGIDIUS+
> Nov 29 14:08:17 xandros login[1050]: pam_mount: mount errors (should be empty):
> Nov 29 14:08:17 xandros login[1050]: pam_mount: pam_mount: setting uid to 0
> Nov 29 14:08:17 xandros login[1050]: pam_mount: pam_mount: real and effective user ID are 0 and 0.
> Nov 29 14:08:17 xandros login[1050]: 2197: tree connect failed: ERRDOS - ERRnosuchshare (You specified an invalid share name)
> Nov 29 14:08:18 xandros login[1050]: pam_mount: SMB connection failed



An here is the configuration rule from pam_mount.conf


> # If user is "*", "&" will be replaced by name of the user logging on in the
> # volume, mount point, mount options and fs key path fields. "~/*" will be
> # replaced with "<user's homedir>/*."
> # Format:
> # volume <user> [smb|ncp|nfs|local] <server> <volume> <mount point> <mount options> <fs key cipher> <fs key path>



> volume * smb server & ~ uid=&,gid=&,dmask=0750,workgroup=AEGIDIUS - -



I have been at this for a week now and still haven't found a solution, big problems because this week I have to deploy the workstations :(

I'm not aware of any module like this, but, as a last resort, I'd end up writing a simple pam_stripdomain.so module that hacks the username right before it gets to pam_mount (and maybe returns it to the initial state right after. All you need to do is



pam_get_item( pamh,| ||||PAM_USER, (void **)&orig_username ); new_username = strdup( strchr( orig_username, '+' ) + 1 ); pam_set_item( pamh, PAM_USER, (void *)new_username );

|||(with a bit of checkings in between, of course :). The orig_username should then be freed, or saved for later use, e.g. via the pam_set_data()/pam_get_data() mechanism.

The module should be always stacked __BEFORE__ pam_mount.so

...
xxxx required pam_stripdomain.so
xxxx required pam_mount.so
# I don't know if this is needed; it depends if there are further modules that need the unstripped user name.
xxxx required pam_putbackdomain.so
...


This solution is very specific for your needs; the next step would be to use a regex match, maybe with substrings expansion, and you may find out that there modules that do this for you even in a more versatile manner. Just my 2c.

p.




SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]