Re: [Samba] Making winbindd and pam_mount play nice together (2nd try)
pam_unix (the default under RH) and pam_mount work fine for me. I'll attach the log to the bottom. From: Andrew Bartlett [EMAIL PROTECTED] pam_winbind hasn't in the past been the best at passing on/keeping all the credentials. It it quite possible that there are issues there. If you can show it works for another PAM module, I'll try to see what's different about it. My employment contract would make it difficult for me to contribute code, but I'll be happy to test and document. I know this seems like a niche request, but this is a big thing for pulling Linux into the schools here. If we can make this fly, I think we could displace 10% of the M$ desktops in the first year. Our other impediment is some horrificly written, WINE proof windoze code, but thats another battle. I'm also quite interested in the idea that we could pass pam_mount some of the information we get from the logon request - like the location of the home directory, if somebody wants to work with me on developing such features. Red Hat Linux release 7.3 (Valhalla) Kernel 2.4.18-27.7.x on an i586 login: bob Password: pam_mount: adding to command: /usr/sbin/lsof lsof pam_mount: reading options_require... pam_mount: options: nosuid nodev pam_mount: adding to command: /bin/mount mount -t smbfs pam_mount: adding to command: /bin/umount umount pam_mount: adding to command: /bin/mount mount -p0 pam_mount: checking sanity of volume record pam_mount: back from global readconfig pam_mount: does not exist or is not owned by user pam_mount: expand_wildcard for pam_mount: expand_wildcard for bob pam_mount: expand_wildcard for /home/winnt/ pam_mount: expand_wildcard for /home/winnt/bob pam_mount: expand_wildcard for uid=,gid=,dmask=0750,workgroup=MAIN pam_mount: expand_wildcard for uid=bob,gid=,dmask=0750,workgroup=MAIN pam_mount: expand_wildcard for uid=bob,gid=bob,dmask=0750,workgroup=MAIN pam_mount: real and effective user ID are 0 and 0. pam_mount: about to perform mount operations pam_mount: information for mount: pam_mount: pam_mount: (defined by globalconf) pam_mount: user: bob pam_mount: server:mainad1 pam_mount: volume:bob pam_mount: mountpoint:/home/winnt/bob pam_mount: options: uid=bob,gid=bob,dmask=0750,workgroup=MAIN pam_mount: fs_key_cipher: pam_mount: fs_key_path: pam_mount: mount command: /bin/mount mount -t smbfs pam_mount: pam_mount: checking to see if //mainad1/bob is already mounted pam_mount: creating mount /home/winnt/bob pam_mount: checking for encrypted filesystem key configuration pam_mount: about to start building mount command pam_mount: mount type is SMBMOUNT pam_mount: waiting for homedir mount pam_mount: arg is: /bin/mount pam_mount: arg is: mount pam_mount: arg is: -t pam_mount: arg is: smbfs pam_mount: arg is: //mainad1/bob pam_mount: arg is: /home/winnt/bob pam_mount: arg is: -o pam_mount: arg is: username=bob,uid=bob,gid=bob,dmask=0750,workgroup=MAIN Last login: Sat May 31 12:33:30 from localhost [EMAIL PROTECTED] bob]$ df Filesystem 1k-blocks Used Available Use% Mounted on /dev/hde6 1004024124568828452 14% / /dev/hde523270 8334 13735 38% /boot /dev/hde83107913 29462 1% /boot2 /dev/hdf9 4032092 2058116 1769152 54% /home none111764 0111764 0% /dev/shm /dev/hde9 5463156 3535616 1650020 69% /usr /dev/hdf8 396623 61662314480 17% /var /dev/hdf6 10231392 9370616860776 92% /music //mainad1/bob 19543040 1450496 18092544 8% /home/winnt/bob -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making winbindd and pam_mount play nice together (2nd try)
On Sat, May 31, 2003 at 01:04:13PM -0600, jim feldman wrote: My employment contract would make it difficult for me to contribute code, but I'll be happy to test and document. I know this seems like a niche request, but this is a big thing for pulling Linux into the schools here. If we can make this fly, I think we could displace 10% of the M$ desktops in the first year. Our other impediment is some horrificly written, WINE proof windoze code, but thats another battle. Can you give me more details on that (the wine proof code :-) ? I'm currently collecting details on obstacles to Linux desktop migration for various vendors, and this would be very useful input. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making winbindd and pam_mount play nice together (2nd try)
On Fri, 2003-05-30 at 18:55, John Simovic wrote: My problem is that I am using rh 8 and cannot winbind to authenticate users. wbinfo returns all users and groups and getent passwd works but no joy! Unless Samba is joined correctly to the domain then winbind can't authenticate users. Check the output of wbinfo -t and wbinfo -a Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making winbindd and pam_mount play nice together (2nd try)
On Thu, 2003-05-29 at 14:48, jim feldman wrote: We're trying to set up linux based workstations that use a win2k AD/DC for authentication, and pam_mount to mount a share as the user's home directory. It looks like winbind isn't passing on the credentials (although it is getting us logged in). If anyone has made this work, I'd love the details. It looks like winbind isn't passing the auth information pam_winbind hasn't in the past been the best at passing on/keeping all the credentials. It it quite possible that there are issues there. If you can show it works for another PAM module, I'll try to see what's different about it. I'm also quite interested in the idea that we could pass pam_mount some of the information we get from the logon request - like the location of the home directory, if somebody wants to work with me on developing such features. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Making winbindd and pam_mount play nice together (2nd try)
I tested using a local account -- same. Next I tried uninstalling the 0.9.1 pam_mount and using pam_mount-0.5.9. After some creative ln -s for libcrypto and libssl it seems to work *except* that it only works once per boot. Here's what I see: User logs in, winbind does its thing and then pam_mount. User is in and the share is mounted. Logout and pam_mount removes the mount. So far so good. Next login the debug shows all is well, (user logged, share mounted) except that the console hangs and pmhelper never returns. The share is mounted at this point but the login times out. I don't have a winbind system available to test on, but I maintain pam_mount packages in Mandrake, and so have a test setup, using accounts only in LDAP via pam_ldap. I have no problems, currently using pam_mount 0.5.14. I haven't tried pam_mount with winbind since it added the ~ token (which I needed), but it did work ... Have you tried pam_mount with local accounts to ensure that it's not winbind that is the problem? BTW, I have had trouble using pam_mount via a stacked pam file (like /etc/pam.d/system-auth) before, so my test setup uses it in /etc/pam.d/login directly. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+1ycTrJK6UGDSBKcRAiRiAJwLvVUb7+54ipP/O6ugCOMEossUgQCeLcbk +czGA66Li9IttDGBejRb0OE= =HJXq -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re:[Samba] Making winbindd and pam_mount play nice together (2nd try)
I'm also trying to get this working with the same results on RH 9/Samba 2.2.7a/pam_mount 0.9.1 Bradley -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making winbindd and pam_mount play nice together (2nd try)
Are you folders shared on the windows side. The individual folders need to be shared, not a level above apparently. On Thu, 29 May 2003 14:09:35 -0500 Bradley Wendelboe [EMAIL PROTECTED] wrote: I'm also trying to get this working with the same results on RH 9/Samba 2.2.7a/pam_mount 0.9.1 Bradley -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Making winbindd and pam_mount play nice together (2nd try)
Yes, I'm going to individual shares. It seems that pam_mount is not getting the password information from the PAM system. I've contacted the author of pam_mount and will share any results. So far: Several people are trying to get pam_mount working with winbind. I don't have a winbind setup myself, so it is difficult for me to debug. Please be patient. The only hypothesis I have at this point revolves around pam_mounts use of functions like getpwnam to retrieve information about a user's account. Theoretically, if one configures /etc/nsswitch.conf correctly, getpwnam can use services besides /etc/passwd (ie: winbind) to answer questions about a user. Pam_mount uses getpwnam to do the following: 1. Determine where ~/.pam_mount.conf is. 2. Determine the UID and GID that should own a mount point created by pam_mount. 3. Determine the UID and GID that should own a user's session count file (/var/run/pam_mount/user). 4. Ensure a user owns mount points and volumes for volumes defined by ~/.pam_mount.conf. The only other suspect action I can think of is pam_mount's retrieval of a user's password from the PAM system. I don't think this should be an issue if you use pam_winbind to authenticate users. Do any of these hints help? -Original Message- From: John Simovic [mailto:[EMAIL PROTECTED] Sent: Friday, May 30, 2003 3:21 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Making winbindd and pam_mount play nice together (2nd try) Are you folders shared on the windows side. The individual folders need to be shared, not a level above apparently. On Thu, 29 May 2003 14:09:35 -0500 Bradley Wendelboe [EMAIL PROTECTED] wrote: I'm also trying to get this working with the same results on RH 9/Samba 2.2.7a/pam_mount 0.9.1 Bradley -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Making winbindd and pam_mount play nice together (2nd try)
My problem is that I am using rh 8 and cannot winbind to authenticate users. wbinfo returns all users and groups and getent passwd works but no joy! On Thu, 29 May 2003 17:33:14 -0500 Bradley Wendelboe [EMAIL PROTECTED] wrote: Yes, I'm going to individual shares. It seems that pam_mount is not getting the password information from the PAM system. I've contacted the author of pam_mount and will share any results. So far: Several people are trying to get pam_mount working with winbind. I don't have a winbind setup myself, so it is difficult for me to debug. Please be patient. The only hypothesis I have at this point revolves around pam_mounts use of functions like getpwnam to retrieve information about a user's account. Theoretically, if one configures /etc/nsswitch.conf correctly, getpwnam can use services besides /etc/passwd (ie: winbind) to answer questions about a user. Pam_mount uses getpwnam to do the following: 1. Determine where ~/.pam_mount.conf is. 2. Determine the UID and GID that should own a mount point created by pam_mount. 3. Determine the UID and GID that should own a user's session count file (/var/run/pam_mount/user). 4. Ensure a user owns mount points and volumes for volumes defined by ~/.pam_mount.conf. The only other suspect action I can think of is pam_mount's retrieval of a user's password from the PAM system. I don't think this should be an issue if you use pam_winbind to authenticate users. Do any of these hints help? -Original Message- From: John Simovic [mailto:[EMAIL PROTECTED] Sent: Friday, May 30, 2003 3:21 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Making winbindd and pam_mount play nice together (2nd try) Are you folders shared on the windows side. The individual folders need to be shared, not a level above apparently. On Thu, 29 May 2003 14:09:35 -0500 Bradley Wendelboe [EMAIL PROTECTED] wrote: I'm also trying to get this working with the same results on RH 9/Samba 2.2.7a/pam_mount 0.9.1 Bradley -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Making winbindd and pam_mount play nice together (2nd try)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Message: 38 Date: Thu, 29 May 2003 17:33:14 -0500 From: Bradley Wendelboe [EMAIL PROTECTED] Subject: RE: [Samba] Making winbindd and pam_mount play nice together (2nd try) To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain Yes, I'm going to individual shares. It seems that pam_mount is not getting the password information from the PAM system. I've contacted the author of pam_mount and will share any results. So far: Several people are trying to get pam_mount working with winbind. I don't have a winbind setup myself, so it is difficult for me to debug. Please be patient. The only hypothesis I have at this point revolves around pam_mounts use of functions like getpwnam to retrieve information about a user's account. Theoretically, if one configures /etc/nsswitch.conf correctly, getpwnam can use services besides /etc/passwd (ie: winbind) to answer questions about a user. Pam_mount uses getpwnam to do the following: 1. Determine where ~/.pam_mount.conf is. 2. Determine the UID and GID that should own a mount point created by pam_mount. 3. Determine the UID and GID that should own a user's session count file (/var/run/pam_mount/user). 4. Ensure a user owns mount points and volumes for volumes defined by ~/.pam_mount.conf. The only other suspect action I can think of is pam_mount's retrieval of a user's password from the PAM system. I don't think this should be an issue if you use pam_winbind to authenticate users. Do any of these hints help? I don't have a winbind system available to test on, but I maintain pam_mount packages in Mandrake, and so have a test setup, using accounts only in LDAP via pam_ldap. I have no problems, currently using pam_mount 0.5.14. I haven't tried pam_mount with winbind since it added the ~ token (which I needed), but it did work ... Have you tried pam_mount with local accounts to ensure that it's not winbind that is the problem? BTW, I have had trouble using pam_mount via a stacked pam file (like /etc/pam.d/system-auth) before, so my test setup uses it in /etc/pam.d/login directly. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+1ycTrJK6UGDSBKcRAiRiAJwLvVUb7+54ipP/O6ugCOMEossUgQCeLcbk +czGA66Li9IttDGBejRb0OE= =HJXq -END PGP SIGNATURE- ** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer. ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
