[gentoo-server] Mount Samba shares as home

[gentoo-server] Mount Samba shares as home

[Alexander Zimmerling]

[-- Attachment #1: Type: text/plain, Size: 1851 bytes --]

Hi guys,

I've got a nice problem here.

My situation:

I have different clients, windows and linux and a gentoo-samba-pdc.

As you might know, windows domains are supporting a 'homeshare' which
are mounted (mapped) to a specific driveletter (here m:)

The windows boxes are domain members. The linux boxes aren't.
Some of the users need to login to windows and linux clients. The
linux-usernames are unfortunately not equal with the domain-usernames.

The generel problem is to provide the logged in linux user the
corresponding (domain-user) homeshare.

Postings in the forums pointed me to pam_mount.

I'll give you an example:

Colleague Bob Example.

Has a domain-user-login, bob.example. He can login on all windows
workstations without any trouble, the share is mapped to m: etc.

He has a linux username, also. Just "bob".

Bob is an unprivileged user and using this command ends in an error:

>>
mount.cifs //server/bob.example /home/bob -o user=bob.example
<<

error returned:
>>
mount error 1 = Operation not permitted 
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
<<


As I said the guys in the forum told me to look for pam_mount.
I installed this module, set it up in /etc/pam.d/system-auth and
configured the /etc/security/pam_mount.conf.xml

added this line:

>>
<volume user="bob" fstype="cifs" server="server" path="bob.example"
options="user=bob.example">
<<

I saw, that pam_mount uses $(user) to identify the user, and pass this
to mount.cifs. I've deleted this part and added
options="user=bob.example".

Well this is where I'm stucked now. 

The main problem is that the username on the old linux boxes differing
from the domain user names.

Do you have any ideas or a better documentation for pam_mount? or had
sth similar?

Kind Regards

Alex

[-- Attachment #2: Dies ist ein digital signierter Nachrichtenteil --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-server] Mount Samba shares as home

[robert anstuther]

Hi, is it not just down to having a smbusers file for mapping linux to
windows user names?





> Hi guys,
>
> I've got a nice problem here.
>
> My situation:
>
> I have different clients, windows and linux and a gentoo-samba-pdc.
>
> As you might know, windows domains are supporting a 'homeshare' which
> are mounted (mapped) to a specific driveletter (here m:)
>
> The windows boxes are domain members. The linux boxes aren't.
> Some of the users need to login to windows and linux clients. The
> linux-usernames are unfortunately not equal with the domain-usernames.
>
> The generel problem is to provide the logged in linux user the
> corresponding (domain-user) homeshare.
>
> Postings in the forums pointed me to pam_mount.
>
> I'll give you an example:
>
> Colleague Bob Example.
>
> Has a domain-user-login, bob.example. He can login on all windows
> workstations without any trouble, the share is mapped to m: etc.
>
> He has a linux username, also. Just "bob".
>
> Bob is an unprivileged user and using this command ends in an error:
>
>>>
> mount.cifs //server/bob.example /home/bob -o user=bob.example
> <<
>
> error returned:
>>>
> mount error 1 = Operation not permitted
> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
> <<
>
>
> As I said the guys in the forum told me to look for pam_mount.
> I installed this module, set it up in /etc/pam.d/system-auth and
> configured the /etc/security/pam_mount.conf.xml
>
> added this line:
>
>>>
> <volume user="bob" fstype="cifs" server="server" path="bob.example"
> options="user=bob.example">
> <<
>
> I saw, that pam_mount uses $(user) to identify the user, and pass this
> to mount.cifs. I've deleted this part and added
> options="user=bob.example".
>
> Well this is where I'm stucked now.
>
> The main problem is that the username on the old linux boxes differing
> from the domain user names.
>
> Do you have any ideas or a better documentation for pam_mount? or had
> sth similar?
>
> Kind Regards
>
> Alex
>


-- 
gentoo-server@lists.gentoo.org mailing list

Re: [gentoo-server] Mount Samba shares as home

[Alexander Zimmerling]

[-- Attachment #1: Type: text/plain, Size: 2463 bytes --]

Can you give me some more details?
Is this a file where all smbusers and their passwords are stored?

If yes: this is not an option!

thank you so far

Alex


Am Donnerstag, den 17.04.2008, 17:44 +0200 schrieb robert anstuther:
> Hi, is it not just down to having a smbusers file for mapping linux to
> windows user names?
> 
> 
> 
> 
> 
> > Hi guys,
> >
> > I've got a nice problem here.
> >
> > My situation:
> >
> > I have different clients, windows and linux and a gentoo-samba-pdc.
> >
> > As you might know, windows domains are supporting a 'homeshare' which
> > are mounted (mapped) to a specific driveletter (here m:)
> >
> > The windows boxes are domain members. The linux boxes aren't.
> > Some of the users need to login to windows and linux clients. The
> > linux-usernames are unfortunately not equal with the domain-usernames.
> >
> > The generel problem is to provide the logged in linux user the
> > corresponding (domain-user) homeshare.
> >
> > Postings in the forums pointed me to pam_mount.
> >
> > I'll give you an example:
> >
> > Colleague Bob Example.
> >
> > Has a domain-user-login, bob.example. He can login on all windows
> > workstations without any trouble, the share is mapped to m: etc.
> >
> > He has a linux username, also. Just "bob".
> >
> > Bob is an unprivileged user and using this command ends in an error:
> >
> >>>
> > mount.cifs //server/bob.example /home/bob -o user=bob.example
> > <<
> >
> > error returned:
> >>>
> > mount error 1 = Operation not permitted
> > Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
> > <<
> >
> >
> > As I said the guys in the forum told me to look for pam_mount.
> > I installed this module, set it up in /etc/pam.d/system-auth and
> > configured the /etc/security/pam_mount.conf.xml
> >
> > added this line:
> >
> >>>
> > <volume user="bob" fstype="cifs" server="server" path="bob.example"
> > options="user=bob.example">
> > <<
> >
> > I saw, that pam_mount uses $(user) to identify the user, and pass this
> > to mount.cifs. I've deleted this part and added
> > options="user=bob.example".
> >
> > Well this is where I'm stucked now.
> >
> > The main problem is that the username on the old linux boxes differing
> > from the domain user names.
> >
> > Do you have any ideas or a better documentation for pam_mount? or had
> > sth similar?
> >
> > Kind Regards
> >
> > Alex
> >
> 
> 

[-- Attachment #2: Dies ist ein digital signierter Nachrichtenteil --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-server] Mount Samba shares as home

[robert anstuther]

The file only maps the user names, but does not contain the passwords,
eg. bob = bob.example, sorry do not remember if windows name is first or
second. Look on the Samba web site.





> Hi guys,
>
> I've got a nice problem here.
>
> My situation:
>
> I have different clients, windows and linux and a gentoo-samba-pdc.
>
> As you might know, windows domains are supporting a 'homeshare' which
> are mounted (mapped) to a specific driveletter (here m:)
>
> The windows boxes are domain members. The linux boxes aren't.
> Some of the users need to login to windows and linux clients. The
> linux-usernames are unfortunately not equal with the domain-usernames.
>
> The generel problem is to provide the logged in linux user the
> corresponding (domain-user) homeshare.
>
> Postings in the forums pointed me to pam_mount.
>
> I'll give you an example:
>
> Colleague Bob Example.
>
> Has a domain-user-login, bob.example. He can login on all windows
> workstations without any trouble, the share is mapped to m: etc.
>
> He has a linux username, also. Just "bob".
>
> Bob is an unprivileged user and using this command ends in an error:
>
>>>
> mount.cifs //server/bob.example /home/bob -o user=bob.example
> <<
>
> error returned:
>>>
> mount error 1 = Operation not permitted
> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
> <<
>
>
> As I said the guys in the forum told me to look for pam_mount.
> I installed this module, set it up in /etc/pam.d/system-auth and
> configured the /etc/security/pam_mount.conf.xml
>
> added this line:
>
>>>
> <volume user="bob" fstype="cifs" server="server" path="bob.example"
> options="user=bob.example">
> <<
>
> I saw, that pam_mount uses $(user) to identify the user, and pass this
> to mount.cifs. I've deleted this part and added
> options="user=bob.example".
>
> Well this is where I'm stucked now.
>
> The main problem is that the username on the old linux boxes differing
> from the domain user names.
>
> Do you have any ideas or a better documentation for pam_mount? or had
> sth similar?
>
> Kind Regards
>
> Alex
>


-- 
gentoo-server@lists.gentoo.org mailing list

Re: [gentoo-server] Mount Samba shares as home

[Alexander Zimmerling]

[-- Attachment #1: Type: text/plain, Size: 2521 bytes --]

Okay, found the entry in the manual. 

My question now is: 
Do I need to configure this on the server?

Kind Regards

Alex


Am Donnerstag, den 17.04.2008, 18:01 +0200 schrieb robert anstuther:
> The file only maps the user names, but does not contain the passwords,
> eg. bob = bob.example, sorry do not remember if windows name is first or
> second. Look on the Samba web site.
> 
> 
> 
> 
> 
> > Hi guys,
> >
> > I've got a nice problem here.
> >
> > My situation:
> >
> > I have different clients, windows and linux and a gentoo-samba-pdc.
> >
> > As you might know, windows domains are supporting a 'homeshare' which
> > are mounted (mapped) to a specific driveletter (here m:)
> >
> > The windows boxes are domain members. The linux boxes aren't.
> > Some of the users need to login to windows and linux clients. The
> > linux-usernames are unfortunately not equal with the domain-usernames.
> >
> > The generel problem is to provide the logged in linux user the
> > corresponding (domain-user) homeshare.
> >
> > Postings in the forums pointed me to pam_mount.
> >
> > I'll give you an example:
> >
> > Colleague Bob Example.
> >
> > Has a domain-user-login, bob.example. He can login on all windows
> > workstations without any trouble, the share is mapped to m: etc.
> >
> > He has a linux username, also. Just "bob".
> >
> > Bob is an unprivileged user and using this command ends in an error:
> >
> >>>
> > mount.cifs //server/bob.example /home/bob -o user=bob.example
> > <<
> >
> > error returned:
> >>>
> > mount error 1 = Operation not permitted
> > Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
> > <<
> >
> >
> > As I said the guys in the forum told me to look for pam_mount.
> > I installed this module, set it up in /etc/pam.d/system-auth and
> > configured the /etc/security/pam_mount.conf.xml
> >
> > added this line:
> >
> >>>
> > <volume user="bob" fstype="cifs" server="server" path="bob.example"
> > options="user=bob.example">
> > <<
> >
> > I saw, that pam_mount uses $(user) to identify the user, and pass this
> > to mount.cifs. I've deleted this part and added
> > options="user=bob.example".
> >
> > Well this is where I'm stucked now.
> >
> > The main problem is that the username on the old linux boxes differing
> > from the domain user names.
> >
> > Do you have any ideas or a better documentation for pam_mount? or had
> > sth similar?
> >
> > Kind Regards
> >
> > Alex
> >
> 
> 

[-- Attachment #2: Dies ist ein digital signierter Nachrichtenteil --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-server] Mount Samba shares as home

[pkoelle]

Alexander Zimmerling schrieb:
> Okay, found the entry in the manual. 
> 
> My question now is: 
> Do I need to configure this on the server?
On the samba server, yes.

cheers
  Paul
-- 
gentoo-server@lists.gentoo.org mailing list

Re: [gentoo-server] Mount Samba shares as home

[Alexander Zimmerling]

[-- Attachment #1: Type: text/plain, Size: 463 bytes --]

Thank you,

I've added bob = bob.example to the smbusers and username map
= /etc/samba/smbusers to /etc/samba/smb.conf.

Anything more I have to do?

kind regards

alex


Am Donnerstag, den 17.04.2008, 19:23 +0200 schrieb pkoelle@gmail.com:
> Alexander Zimmerling schrieb:
> > Okay, found the entry in the manual. 
> > 
> > My question now is: 
> > Do I need to configure this on the server?
> On the samba server, yes.
> 
> cheers
>   Paul

[-- Attachment #2: Dies ist ein digital signierter Nachrichtenteil --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-server] Mount Samba shares as home

[Alexander Zimmerling]

[-- Attachment #1: Type: text/plain, Size: 657 bytes --]

Update:

It's now impossible to log on on windows with this account!


Am Donnerstag, den 17.04.2008, 20:02 +0200 schrieb Alexander Zimmerling:
> Thank you,
> 
> I've added bob = bob.example to the smbusers and username map
> = /etc/samba/smbusers to /etc/samba/smb.conf.
> 
> Anything more I have to do?
> 
> kind regards
> 
> alex
> 
> 
> Am Donnerstag, den 17.04.2008, 19:23 +0200 schrieb pkoelle@gmail.com:
> > Alexander Zimmerling schrieb:
> > > Okay, found the entry in the manual. 
> > > 
> > > My question now is: 
> > > Do I need to configure this on the server?
> > On the samba server, yes.
> > 
> > cheers
> >   Paul

[-- Attachment #2: Dies ist ein digital signierter Nachrichtenteil --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-server] Mount Samba shares as home

[pkoelle]

Alexander Zimmerling schrieb:
> Thank you,
> 
> I've added bob = bob.example to the smbusers and username map
> = /etc/samba/smbusers to /etc/samba/smb.conf.
> 
> Anything more I have to do?
Who knows? My crystal ball is broken. The usual technique is setting 
"log level" in smb.conf and look why authentication fails. You'll see 
exactly what kind of username windows sends and if mapping and auth succeed.
Another option would be getting rid of the wrong names and joining the 
linux boxen to the domain (or use {pam,nss}_winbind).

cheers
  Paul
-- 
gentoo-server@lists.gentoo.org mailing list

Re: [gentoo-server] Mount Samba shares as home

[robert anstuther]

Also checkout smbpasswd/ smbpassword set up
 Boba.

> Alexander Zimmerling schrieb:
>> Thank you,
>>
>> I've added bob = bob.example to the smbusers and username map
>> = /etc/samba/smbusers to /etc/samba/smb.conf.
>>
>> Anything more I have to do?
> Who knows? My crystal ball is broken. The usual technique is setting
> "log level" in smb.conf and look why authentication fails. You'll see
> exactly what kind of username windows sends and if mapping and auth
> succeed.
> Another option would be getting rid of the wrong names and joining the
> linux boxen to the domain (or use {pam,nss}_winbind).
>
> cheers
>   Paul
> --
> gentoo-server@lists.gentoo.org mailing list
>
>


-- 
gentoo-server@lists.gentoo.org mailing list