Authenticated user credentials? Single Sign on?
Stefan Kania
stefan at kania-online.de
Fri Jan 29 09:00:19 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 28.01.2016 um 17:19 schrieb Jeff Sadowski:
> smb.conf [global] security = ads realm = SUBDOMAIN.DOMAIN.FOREST
> workgroup = SUBDOMAIN idmap config * : backend = tdb idmap config *
> : range = 2000-7999 idmap config SUBDOMAIN:backend = ad idmap
> config SUBDOMAIN:schema_mode = rfc2307 idmap config SUBDOMAIN:range
> = 8000-9999999 idmap uid = 8000-99999 idmap gid = 8000-99999
> winbind nss info = rfc2307 winbind use default domain = yes winbind
> nested groups=yes winbind expand groups=10 winbind enum users =
> yes winbind enum groups = yes
>
>
> My smb.conf looks as above. When a user logs in is there something
> I can use for that user to mount stuff as that user so they do not
> need to authenticate again as that user?
>
> I'd like to mount the users home directory as that user?
>
> Single sign on?
>
You can use pam_mount.
Just install the package and edit /etc/securiy/pam_mount.conf.xml
Here are two examples:
- ----------------
<mkmountpoint enable="1" remove="true" />
<volume
fstype="cifs"
server="fs1.example.net"
path="users/%(DOMAIN_USER)"
mountpoint="/home/EXAMPLE/%(DOMAIN_USER)"
options="sec=krb5,workgroup=EXAMPLE" />
<volume
fstype="cifs"
server="fs1.example.net"
path="department"
mountpoint="/department"
option="sec=krb5,workgroup=EXAMPLE" />
- ----------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlarKiMACgkQ2JOGcNAHDTb2wQCg5BzbVlwk/R1oRKTy1KHGMyd1
r9IAoJHyyu2cP46iRsGpmnIYhzfMa7w0
=kZwD
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list