[Samba] Automount Windows filesystems with dynamic mapping

Kueffer, Walter K (PIP - San Diego) wk at hp.com
Wed Jun 1 21:54:17 GMT 2005


I've run into a problem that I've found no existing solution to.  Any
help with this problem would be greatly appreciated.  I've outlined the
requirements below.

*** Linux users need to access Windows shares without typing out the
entire mount command.  
For example, with automounter /net functionality a user can simply cd
/net/HOSTNAME/EXPORT and gain access to the nfs export if he has the
proper credentials according to nfs.

*** Identity needs to be preserved.  
So I set about achieving this using the automounter with the following
settings.

In /etc/auto.master:
  /smb	/etc/auto.smb

In /etc/auto.smb:
  *	-fstype=autofs,-Dhost=& file:/etc/auto.smb.sub

And in /etc/auto.smb.sub:
  *
-fstype=smbfs,workgroup=WINDOMAIN,username=WALTER,password=MYPASS
://${host}/&

and this works.  I can cd /smb/SERVER/SHARE and it mounts and unmounts
as expected.  However, I would have to  have my password in cleartext in
/etc/auto.smb.sub (or in a credentials file) and any files that were
touched  from a linux client would have my username, WALTER, associated
with it.

*** Password should not be in a text file, regardless of permissions or
smbutil crypt.
Storing the password in a text file is not an option.  It would be
acceptable to me for the user to type in  the password if prompted by
automounter, but there is no way that I have found to do this.  The cd
/smb/SERVER/SHARE triggers the automounter, but the automounter's
execution is not a child of the terminal from which the "cd" was
executed and thus we cannot converse with the user.

*** A table should not be required.
I found the pam_mount module which showed some promise.  With this
module I can execute mount commands based  through the execution of a
PAM-using program.  For example, when a user login occurs, I can call
pam_mount which will then execute a smbmount command if there exists an
entry in the pam_mount.conf file.  The problem with this is that I have
several thousand Windows machines and several hundred Linux machines and
the number shrinks and grows daily.

*** Host should not have to join the Windows domain.
It seems that one could join the linux system to the Windows domain and
then run an smbsh shell.  However, this isn't always possible and it
shouldn't be a prerequisite.  This is the solution I'm leaning towards,
but I'm still trying to get it working.

Is there an existing solution to this problem?

If not, I think a decent solution to this problem would to make smbmount
a PAM-using program, or at least make  it an option.  By using PAM
modules, we can prompt the user for his password upon issuing the mount
-t smbfs command and use that password to authenticate with the SMB
server.


More information about the samba mailing list