On Sat, Jun 20, 2009 at 01:42:45PM -0500, Masao Garcia wrote: > Rob, > > Thanks for the response. I tried modifying the two files you suggested and > removed a test user from the fuse group on one of my LTSP servers but the > user was no longer able to access a fuse mounted SMB share. I then modified > /etc/common-account and /etc/common-password with the same pam_group.so > line. Adding the same to /etc/common-session seemed to break the log-in > process so I removed it and tried again but the user still wasn't able to > access the SMB share. > I'm not very familiar with pam.d and I don't see a restart script in > /etc/init.d so does pam not need to be restarted? > I'm not an expert on pam. I think changes are immediate, and nothing needs to be restarted. I know that the order of the lines within a pam file is sometimes important.
> I undid all the changes and then chmod'd /dev/fuse to give 'others' rw > permissions and I was still unable to get the test user to mount the share. > I would have thought changing the permissions on /dev/fuse would fix it for sure. > Below are my /etc/pam.d/common-xxxx files without the modifications: > > /etc/pam.d/common-auth > > auth sufficient pam_ldap.so > auth required pam_unix.so nullok_secure use_first_pass > My /etc/pam.d/common-auth: auth required pam_group.so auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass > /etc/pam.d/common-password > > password sufficient pam_ldap.so > password required pam_unix.so nullok obscure min=4 max=8 md5 > My /etc/pam.d/common-password is the same as yours, but doesn't have the 'min' and 'max'. > /etc/pam.d/common-account > > account sufficient pam_ldap.so > account required pam_unix.so > My /etc/pam.d/common-account: account required pam_unix.so account sufficient pam_ldap.so And just for the record, my /etc/pam.d/common-session: session required pam_mkhomedir.so umask=0077 session sufficient pam_ldap.so session required pam_unix.so > > All my LTSP servers authenticate users against a remove LDAP server. > Note that some groups cannot be added using /etc/security/group.conf. For instance, plugdev does not work. From what I've read, it's got something to do with plugdev membership needing to be assigned earlier than /etc/security/group.conf can do it. But I just tested the fuse group with pam_group and /etc/security/group.conf on my system and it works. I'm running Debian Lenny. -Rob > > > > -----Original Message----- > From: Rob Owens [mailto:[email protected]] > Sent: Friday, June 19, 2009 8:44 PM > To: [email protected] > Subject: Re: [Ltsp-discuss] Automate fuse group additions > > On Tue, Jun 09, 2009 at 04:54:51PM -0500, Masao Garcia wrote: > > Hello, > > > > > > > > I was wondering if someone could help me with a little dilemma: > > > > > > > > I have multiple LTSP servers running Ubuntu 8.04 with XFCE as the GUI, > along > > with LDAP authentication. Thunar is the native file manager with XFCE and > > I'd like to keep using Thunar. The problem with Thunar is that it doesn't > > natively support SMB shares so I am using smbnetfs to allow users to > connect > > to remote SMB shares. This entails adding the LDAP user accounts to the > > local fuse group on each server. I was wondering if it would be as easy > as > > rsync'ing the /etc/group file between servers to keep them all in sync or > is > > it more than that? Anyone have any other/better suggestions on how to > keep > > the local groups sync'd or if there's a way to do something in LDAP where > I > > could have a "LDAP fuse group"? Thanks. > > > > Add the following line to /etc/security/group.conf near the end of the > file. > > *;*;*;Al0000-2400;fuse > > (That's a lowercase l, not a number 1) > > For this file to have effect, you need pam_group enabled somewhere in your > pam.d directory. My /etc/pam.d/common-auth contains this line: > > auth required pam_group.so > > If you do all this, every user who logs in should be given fuse group > membership. > > Another way to handle this is to just change the permissions on /dev/fuse > so that all users can read and write it. I suspect that certain system > upgrades may overwrite your changes unless you take proper precautions -- > and I can't remember what those are right now so maybe someone else can > speak up. > > -Rob > > ---------------------------------------------------------------------------- > -- > Are you an open source citizen? Join us for the Open Source Bridge > conference! > Portland, OR, June 17-19. Two days of sessions, one day of unconference: > $250. > Need another reason to go? 24-hour hacker lounge. Register today! > http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.o > rg > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net > > > ------------------------------------------------------------------------------ > Are you an open source citizen? Join us for the Open Source Bridge conference! > Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. > Need another reason to go? 24-hour hacker lounge. Register today! > http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net ------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
