[linux-cifs-client] Pam_mount + cifs

Diego Obetko dobetko at gmail.com
Wed Oct 17 17:46:22 GMT 2007 

*Pam_mount + cifs*

here's the thing.. i'm running a  samba-3.0.22-13.16 server on SLES 9 kernel
2.6.16.21-0.8-default as an nt domain controller, there was a migration to
Linux for the workstations so i had to implement WINBIND + PAM_MOUNT.

after searching for the right configuration y got it working with SMBFS and
here's the problem... smbfs doesn't support hardlinks or symlinks... a BIG
trouble since the workstations run KDE (dcop)...

i've tryed mounting homes with cifs insted but this is what happens....

-------------------------
pam_mount.conf
-------------------------
debug 1
mkmountpoint 1
luserconf .pam_mount.conf

options_allow   nosuid,nodev
options_deny    suid,dev
options_require nosuid,nodev

lsof /usr/sbin/lsof %(MNTPT)
fsck /sbin/fsck -p %(FSCKLOOP)
cifsmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o
"username=%(USER)%(before=\",\" OPTIONS)"
smbmount /usr/bin/smbmount  //%(SERVER)/%(VOLUME) %(MNTPT) -o
"username=%(USER),gid=%(USERGID)%(before=\",\" OPTIONS)"
umount   /bin/umount %(MNTPT)
mntagain /bin/mount --bind %(PREVMNTPT) %(MNTPT)

volume * cifs 192.168.9.15 &   /home/&
uid=&,dir_mode=0700,workgroup=COLEGIO - -

---------------------------


pam_mount(mount.c:368) information for mount:
pam_mount(mount.c:369) ----------------------
pam_mount(mount.c:370) (defined by globalconf)
pam_mount(mount.c:373) user:          dobetko
pam_mount(mount.c:374) server:        192.168.9.15
pam_mount(mount.c:375) volume:        dobetko
pam_mount(mount.c:376) mountpoint:    /home/dobetko
pam_mount(mount.c:377) options:       user=dobetko,dir_mode=0700
pam_mount(mount.c:378) fs_key_cipher:
pam_mount(mount.c:379) fs_key_path:
pam_mount(mount.c:380) use_fstab:   0
pam_mount(mount.c:381) ----------------------
pam_mount(mount.c:177) realpath of volume "/home/dobetko" is "/home/dobetko"

pam_mount(mount.c:182) checking to see if //192.168.9.15/dobetko is already
mounted at /home/dobetko
pam_mount(mount.c:799) checking for encrypted filesystem key configuration
pam_mount(mount.c:819) about to start building mount command
pam_mount(misc.c:264) command: /bin/mount [-t] [cifs]
[//192.168.9.15/dobetko] [/home/dobetko] [-o]
[username=dobetko,user=dobetko,dir_mode=0700]
pam_mount(mount.c:851) mount errors (should be empty):
pam_mount( mount.c:100) pam_mount(misc.c:341) set_myuid(pre): real
uid/gid=0:10003, effective uid/gid=0:10003
pam_mount(mount.c:100) pam_mount(misc.c:376) set_myuid(post): real
uid/gid=0:10003, effective uid/gid=0:10003
pam_mount( mount.c:854) waiting for mount
S.ficheros         Bloques de 1K   Usado    Dispon Uso% Montado en
/dev/hda1             27617036  15634032  10580132  60% /
tmpfs                   254372         0    254372   0% /lib/init/rw
udev                     10240        52     10188   1% /dev
tmpfs                   254372         0    254372   0% /dev/shm
//192.168.9.15/dobetko
                     117206592 101382352  15824240  87% /home/dobetko
pam_mount(pam_mount.c:123) clean system authtok (0)
pam_mount(misc.c:264) command: /usr/sbin/pmvarrun [-u] [dobetko] [-o] [1]
pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:10003, effective
uid/gid=0:10003
pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:10003, effective
uid/gid=0:10003
pam_mount(pam_mount.c:360) pmvarrun says login count is 3
pam_mount(pam_mount.c:491) done opening session
bash: /home/dobetko/.bashrc: Permision denied

$mount
//192.168.9.15/dobetko on /home/dobetko type cifs (rw,mand)

$ls -l /home
drwx------ 36     1181 guest    0 2007-10-17 09:33 dobetko

------------------------------------
smb.conf (server side)
------------------------------------
[global]
        server string = Samba PDC
        domain logons = Yes
        domain master = Yes
        netbios name = samba
        security = users
        wins support = Yes
#       unix password sync = yes
        workgroup = COLEGIO
        logon drive = H:
        logon path = \\%L\%U\./.perfil_win
        logon home = \\%L\profiles\%U
        add machine script = /usr/sbin/useradd  -c Machine -d
/var/lib/nobody -s /bin/false %m$
        passdb backend = smbpasswd
        veto files = /*.asf/*.wma/*.wmv/*.mp2/*.mp4/*.mp3/*.rsm/*root*/
        local master = Yes
        os level = 65
        preferred master = Yes
        ea support = yes
        unix extensions = yes
        map archive = No
        delete readonly = Yes
        create mask = 0755
        case sensitive = yes
        mangled names = no


-----------------------------------------
smb.conf (client side)
-----------------------------------------
[global]
workgroup = COLEGIO
idmap uid = 10000-20000
idmap gid = 10000-20000
security = domain
auth methods = winbind
preferred master = No
domain master = No
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = Yes
template shell = /bin/bash
template homedir = /home/%U



Thanks..
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the linux-cifs-client mailing list