Rob, Thanks for the response. I tried modifying the two files you suggested and removed a test user from the fuse group on one of my LTSP servers but the user was no longer able to access a fuse mounted SMB share. I then modified /etc/common-account and /etc/common-password with the same pam_group.so line. Adding the same to /etc/common-session seemed to break the log-in process so I removed it and tried again but the user still wasn't able to access the SMB share. I'm not very familiar with pam.d and I don't see a restart script in /etc/init.d so does pam not need to be restarted?
I undid all the changes and then chmod'd /dev/fuse to give 'others' rw permissions and I was still unable to get the test user to mount the share. Below are my /etc/pam.d/common-xxxx files without the modifications: /etc/pam.d/common-auth auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass /etc/pam.d/common-password password sufficient pam_ldap.so password required pam_unix.so nullok obscure min=4 max=8 md5 /etc/pam.d/common-account account sufficient pam_ldap.so account required pam_unix.so All my LTSP servers authenticate users against a remove LDAP server. -----Original Message----- From: Rob Owens [mailto:[email protected]] Sent: Friday, June 19, 2009 8:44 PM To: [email protected] Subject: Re: [Ltsp-discuss] Automate fuse group additions On Tue, Jun 09, 2009 at 04:54:51PM -0500, Masao Garcia wrote: > Hello, > > > > I was wondering if someone could help me with a little dilemma: > > > > I have multiple LTSP servers running Ubuntu 8.04 with XFCE as the GUI, along > with LDAP authentication. Thunar is the native file manager with XFCE and > I'd like to keep using Thunar. The problem with Thunar is that it doesn't > natively support SMB shares so I am using smbnetfs to allow users to connect > to remote SMB shares. This entails adding the LDAP user accounts to the > local fuse group on each server. I was wondering if it would be as easy as > rsync'ing the /etc/group file between servers to keep them all in sync or is > it more than that? Anyone have any other/better suggestions on how to keep > the local groups sync'd or if there's a way to do something in LDAP where I > could have a "LDAP fuse group"? Thanks. > Add the following line to /etc/security/group.conf near the end of the file. *;*;*;Al0000-2400;fuse (That's a lowercase l, not a number 1) For this file to have effect, you need pam_group enabled somewhere in your pam.d directory. My /etc/pam.d/common-auth contains this line: auth required pam_group.so If you do all this, every user who logs in should be given fuse group membership. Another way to handle this is to just change the permissions on /dev/fuse so that all users can read and write it. I suspect that certain system upgrades may overwrite your changes unless you take proper precautions -- and I can't remember what those are right now so maybe someone else can speak up. -Rob ---------------------------------------------------------------------------- -- Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.o rg _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net ------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
