[Samba] winbind and pam_mount playing together

jim feldman jmf at jim-liesl.org
Fri May 16 21:02:40 GMT 2003

win2k AD/PDC, Linux 2.4.18 (rh 7.3), samba 2.2.7a 

I configure nsswitch and winbind to do authentication against either the 
local passwd file OR the win2k box.  Works fine.  My need is to mount the 
users share under their login directory.  Pam_mount would seem to be the 
answer.  It was failing so I turned on debugging, and only now and then does 
pam_mount seem to get the password from winbind.  My suspicion is around the 
caching of answers that winbind does.  It looks like that regardless of what 
you have the password cache setting at, if it has got a correct answer for 
this user once, and the DB on the win2k server hasn't changed, we don't 
really ask (which is fine), but it seems we don't pass the password on to 
other modules that might want a look at it.  I've included my pam config for 
login below.  Pam_mount seems to work fine for local users. 

Am I in the weeds? Feature? bug? 

jim feldman 

auth       required     /lib/security/pam_securetty.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   /lib/security/pam_unix.so use_first_pass
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so
session   required  /lib/security/pam_mount.so use_first_pass
auth      required  /lib/security/pam_mount.so use_first_pass 

More information about the samba mailing list