[Samba] Making winbindd and pam_mount play nice together (2nd try)

jim feldman jmf at jim-liesl.org
Thu May 29 04:48:23 GMT 2003


We're trying to set up linux based workstations that use a win2k AD/DC for 
authentication, and pam_mount to mount a share as the user's home directory. 
It looks like winbind isn't passing on the credentials (although it is 
getting us logged in).  If anyone has made this work, I'd love the details.  
It looks like winbind isn't passing the auth information 

thanks
jim feldman 

RH 7.3/samba 2.2.7a/pam_mount 0.90 

Red Hat Linux release 7.3 (Valhalla)
Kernel 2.4.18-27.7.x on an i586
login: oterostaff1
Password:
pam_mount: adding to command: /usr/sbin/lsof lsof
pam_mount: reading options_require...
pam_mount: options: nosuid nodev
pam_mount: adding to command: /bin/mount mount -t smbfs
pam_mount: adding to command: /bin/umount umount
pam_mount: adding to command: /bin/mount mount -p0
pam_mount: checking sanity of volume record
pam_mount: back from global readconfig
pam_mount:  does not exist or is not owned by user
pam_mount: expand_wildcard for &
pam_mount: expand_wildcard for oterostaff1
pam_mount: expand_wildcard for /home/winnt/&
pam_mount: expand_wildcard for /home/winnt/oterostaff1
pam_mount: expand_wildcard for uid=&,gid=&,dmask=0750,workgroup=MAIN
pam_mount: expand_wildcard for 
uid=oterostaff1,gid=&,dmask=0750,workgroup=MAIN
pam_mount: expand_wildcard for 
uid=oterostaff1,gid=oterostaff1,dmask=0750,workgroup=MAIN
pam_mount: real and effective user ID are 0 and 0.
pam_mount: about to perform mount operations
pam_mount: information for mount:
pam_mount: --------
pam_mount: (defined by globalconf)
pam_mount: user:          oterostaff1
pam_mount: server:        mainad1
pam_mount: volume:        oterostaff1
pam_mount: mountpoint:    /home/winnt/oterostaff1
pam_mount: options:       
uid=oterostaff1,gid=oterostaff1,dmask=0750,workgroup=MAIN
pam_mount: fs_key_cipher:
pam_mount: fs_key_path:
pam_mount: mount command:          /bin/mount
mount
 -t
smbfs 

pam_mount: --------
pam_mount: checking to see if //mainad1/oterostaff1 is already mounted
pam_mount: checking for encrypted filesystem key configuration
pam_mount: about to start building mount command
pam_mount: mount type is SMBMOUNT
pam_mount: waiting for homedir mount
pam_mount: arg is: /bin/mount
pam_mount: arg is: mount
pam_mount: arg is: -t
pam_mount: arg is: smbfs
pam_mount: arg is: //mainad1/oterostaff1
pam_mount: arg is: /home/winnt/oterostaff1
pam_mount: arg is: -o
pam_mount: arg is: 
username=oterostaff1,uid=oterostaff1,gid=oterostaff1,dmask=0750,workgroup=MA 
IN
Error reading password from file descriptor 0: empty password 

Last login: Wed May 28 19:52:17 from localhost 

messages says that winbindd looks happy 

May 28 22:11:31 localhost pam_winbind[1827]: user 'oterostaff1' granted 
acces
May 28 22:11:31 localhost pam_winbind[1827]: user 'oterostaff1' granted 
acces
May 28 22:11:31 localhost login(pam_unix)[1827]: session opened for user 
oterostaff1 by (uid=0) 


The pam file for login looks like:
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       sufficient   /lib/security/pam_winbind.so
auth       sufficient   /lib/security/pam_unix.so use_first_pass
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    sufficient   /lib/security/pam_winbind.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so
session   required  /usr/lib/security/pam_mount.so use_first_pass
auth      required  /usr/lib/security/pam_mount.so use_first_pass 




More information about the samba mailing list