[Samba] Making winbindd and pam_mount play nice together (2nd try)

Buchan Milne bgmilne at cae.co.za
Fri May 30 09:40:35 GMT 2003

Hash: SHA1

> Message: 38
> Date: Thu, 29 May 2003 17:33:14 -0500
> From: Bradley Wendelboe <bradley.wendelboe at polarisind.com>
> Subject: RE: [Samba] Making winbindd and pam_mount play nice together
> 	(2nd try)
> To: "'samba at lists.samba.org'" <samba at lists.samba.org>
> Message-ID:
> 	<EC97A85D64839A408C2FC71095EF319B78223B at mpl1itsxch002.polarisind.com>
> Content-Type: text/plain
> Yes, I'm going to individual shares.  It seems that pam_mount is not
> the password information from the PAM system.  I've contacted the
author of
> pam_mount and will share any results.
> So far:
> Several people are trying to get pam_mount working with winbind.  I don't
> have a winbind setup myself, so it is difficult for me to debug.
Please be
> patient.
> The only hypothesis I have at this point revolves around pam_mounts use of
> functions like getpwnam to retrieve information about a user's account.
> Theoretically, if one configures /etc/nsswitch.conf correctly,
getpwnam can
> use services besides /etc/passwd (ie: winbind) to answer questions about a
> user.
> Pam_mount uses getpwnam to do the following:
> 1.  Determine where ~/.pam_mount.conf is.
> 2.  Determine the UID and GID that should own a mount point created by
> pam_mount.
> 3.  Determine the UID and GID that should own a user's session count file
> (/var/run/pam_mount/<user>).
> 4.  Ensure a user owns mount points and volumes for volumes defined by
> ~/.pam_mount.conf.
> The only other suspect action I can think of is pam_mount's retrieval
of a
> user's password from the PAM system.  I don't think this should be an
> if you use pam_winbind to authenticate users.
> Do any of these hints help?

I don't have a winbind system available to test on, but I maintain
pam_mount packages in Mandrake, and so have a test setup, using accounts
only in LDAP via pam_ldap.

I have no problems, currently using pam_mount 0.5.14. I haven't tried
pam_mount with winbind since it added the ~ token (which I needed), but
it did work ...

Have you tried pam_mount with local accounts to ensure that it's not
winbind that is the problem?

BTW, I have had trouble using pam_mount via a stacked pam file (like
/etc/pam.d/system-auth) before, so my test setup uses it in
/etc/pam.d/login directly.


- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Please click on http://www.cae.co.za/disclaimer.htm to read our
e-mail disclaimer.

More information about the samba mailing list