[Samba] helping whith pam_mount

jmpatagonia jmpatagonia at gmail.com
Thu Sep 24 17:59:06 UTC 2020 

OK, apparently the user can use the mount command (only root can), I need
to add the "user domain" to sudoers and can give execute the mount/umount
command,

Appearance the desktop application "files" mount the resource share with
gps-mount not use mount, but pam_mount use mount command.

Sep 24 12:47:04 ubuntucliente lightdm[708]: (pam_mount.c:568): pam_mount
2.14: entering session stage
Sep 24 12:47:04 ubuntucliente lightdm[708]: (mount.c:267): Mount info:
globalconf, user=prueba3 <volume fstype="cifs" server="domain-server2"
path="FS_PRUEBA_3" mountpoint="/home/POLICIA2/prueba3/compartido"
cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)"
options="" /> fstab=0 ssh=0
Sep 24 12:47:04 ubuntucliente lightdm[708]: (mount.c:664): Password will be
sent to helper as-is.
Sep 24 12:47:04 ubuntucliente lightdm[708]: command: 'mount' '-t' 'cifs'
'//domain-server2/FS_PRUEBA_3' '/home/POLICIA2/prueba3/compartido' '-o'
'username=prueba3,uid=50006,gid=50027'
Sep 24 12:47:05 ubuntucliente kernel: [10658.898831] Unable to determine
destination address.
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:72): Messages from
underlying mount program:
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:76): mount: wrong fs
type, bad option, bad superblock on //domain-server2/FS_PRUEBA_3,
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:76):        missing
codepage or helper program, or other error
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:76):        (for
several filesystems (e.g. nfs, cifs) you might
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:76):        need a
/sbin/mount.<type> helper program)
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:76):
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:76):        In some
cases useful info is found in syslog - try
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:76):        dmesg |
tail or so.
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:558): 22 27 0:21 /
/sys rw,nosuid,nodev,noexec,relatime shared:7 - sysfs sysfs rw
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:558): 23 27 0:4 /
/proc rw,nosuid,nodev,noexec,relatime shared:12 - proc proc rw
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:558): 24 27 0:6 / /dev
rw,nosuid,relatime shared:2 - devtmpfs udev
rw,size=990848k,nr_inodes=247712,mode=755
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:558): 25 24 0:22 /
/dev/pts rw,nosuid,noexec,relatime shared:3 - devpts devpts
rw,gid=5,mode=620,ptmxmode=000
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:558): 26 27 0:23 /
/run rw,nosuid,noexec,relatime shared:5 - tmpfs tmpfs
rw,size=204124k,mode=755
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:558): 27 0 8:1 / /
rw,relatime shared:1 - ext4 /dev/sda1 rw,errors=remount-ro,data=ordered
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:558): 28 22 0:7 /
/sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:8 - securityfs
securityfs rw
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:558): 29 24 0:24 /
/dev/shm rw,nosuid,nodev shared:4 - tmpfs tmpfs rw
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:558): 30 26 0:25 /
/run/lock rw,nosuid,nodev,noexec,relatime shared:6 - tmpfs tmpfs
rw,size=5120k
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:558): 31 22 0:26 /
/sys/fs/cgroup ro,nosuid,nodev,noexec shared:9 - tmpfs tmpfs ro,mode=755
Sep 24 12:47:05 ubuntucliente lightdm[708]: (mount.c:558): 32 31 0:27 /
/sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:10 - cgroup
cgroup
rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd

I stay trying to configure sudoers for give permission on mount command,
some thing is wrong

%POLICIA2\\domain\ admins ALL=(ALL:ALL) ALL

%POLICIA2\\domain\ prueba3 ALL=(ALL:ALL) ALL

%POLICIA2\\domain\ %USER ALL=(ALL:ALL) /sbin/mount
%POLICIA2\\domain\ prueba3 ALL=/bin/mount /dev/xvdg, /bin/umount /dev/xvdg

Trying from command line with a user just logged on desktop client
sudo mount -t cifs //domain-server2/FS_PRUEBA_3
/home/POLICIA2/prueba3/compartido
[sudo] password for prueba3:
(pam_mount.c:365): pam_mount 2.14: entering auth stage
prueba3 no esta en el archivo sudoers. Se informara de este incidente.

regards.



El jue., 24 sept. 2020 a las 11:19, Rowland penny via samba (<
samba at lists.samba.org>) escribió:

> On 24/09/2020 14:57, L.P.H. van Belle wrote:
> > Kerberos does that fine with ip only you must have a PTR record to the
> hostname. ;-)
> > And this only works if people didnt set rdns=no in krb5.conf
> >
> Kerberos does not work with ipaddresses, when did you last see an
> ipaddress in a keytab, UPN or SPN ??
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list