Hello there,
I'm trying to install a long awaited (by myself, because I only have 3 boxes)
full ldap based authentification, with smb as network filesystem for both
Linux and Windows worstation (I want to throw away nfs and anyway I have to
use samba for my windows box, stupid ?).
The ldap based authentification and samba-ldap are fine working. Last step is
therefore using pam_mount for home directory (+ few other shares).
Here is what I faced, could you please tell me if I'm wrong ....
pam_mount is able to pass password to the stack, but not to keep it back from
the stack -> pam_mount must be stacked first in the auth section.
I don't know why, but if I stack pam_mount after pam_ldap in the session
section, mount operation will abort with the following message :
pam_mount: unable to open /var/run/pam_mount/foo
pam_mount: received order to close things
(...)
su: unbind.c:40: ldap_unbind_ext: Assertion `( (ld)->ld_options.ldo_valid ==
0x2 )' failed.
(...)
If I toggle pam_ldap & pam_mount, things are ok, but I still have the
following warning message (last line, /var/run/pam_mount is root owned):
pam_mount: --------
pam_mount: checking to see if //192.168.1.12/foo is already mounted at
/home/foo
pam_mount: creating mount /home/foo
pam_mount: checking for encrypted filesystem key configuration
pam_mount: about to start building mount command
pam_mount: mount type is SMBMOUNT
pam_mount: waiting for homedir mount
pam_mount: command: /bin/mount mount -t smbfs //192.168.1.12/foo /home/foo
-o username=foo,uid=foo,gid=foo,dmask=0700
pam_mount: unable to open /var/run/pam_mount/toto
[EMAIL PROTECTED] /]$
Does anyone has yet faced (and understood) the above errors/warnings (I've
found nothing on it googling) ?
Thanks in advance,
S�bastien.
PS :
It's on an up to date 9.2 :
pam_mount-0.9.2-3mdk
pam_ldap-164-2mdk
samba3-common-3.0.0-2mdk
samba3-client-3.0.0-2mdk
samba3-server-3.0.0-2mdk
The last pam_mount version is the 9.4, I'll compile it and see if things are
going to another way.
The pam.d/system-auth used was
----------
auth required /lib/security/pam_env.so
auth required /lib/security/pam_mount.so
auth sufficient /lib/security/pam_unix.so nullok use_first_pass
auth sufficient /lib/security/pam_ldap.so use_first_pass
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
account sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_cracklib.so retry=3 minlen=2
dcredit=0 ucredit=0
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
shadow
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_mount.so
session optional /lib/security/pam_ldap.so
----------
and I've commented out the pam_rootok.so line in pam.d/su to only use the
service=system methode in auth section (I 'll se this point later ... ;-) )
