I am really working in an Active Directory environment and using Samba
with Winbind on my Linux systems to have the users and groups of my
domain recognized. However this always worked for me in pam_mount. See
the comparison of same configuration on a computer with Ubuntu 16.04 and
another with Ubuntu 18.04 in my environment. The example with "MYGROUP"
was hypothetical. My real scenario is as follows:
Outputs in Ubuntu 16.04 and libpam-mount 2.14-1.1:
eduardo.moraes@URU0095285LVM03:~$ grep NGTI /etc/security/pam_mount.conf.xml
<volume sgrp="NGTI" fstype="cifs" server="sca01uru" path="NGTI$"
mountpoint="~/NGTI"
options="gid=NGTI,iocharset=utf8,file_mode=0770,dir_mode=0770" />
<volume sgrp="NGTI" fstype="cifs" server="sca01uru" path="SCAN_NGTI$"
mountpoint="~/SCAN_NGTI"
options="gid=NGTI,iocharset=utf8,file_mode=0770,dir_mode=0770" />
eduardo.moraes@URU0095285LVM03:~$ id
uid=111141(eduardo.moraes) gid=110513(usuários do domínio)
groups=110513(usuários do
domínio),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),113(lpadmin),128(sambashare),10000(BUILTIN\administrators),10001(BUILTIN\users),110512(admins.
do domínio),110572(grupo de replicação de senha rodc
negado),111141(eduardo.moraes),111240(adm),111251(ngti),112043(mdd_sra),112047(autenticadores),112756(cfcv)
eduardo.moraes@URU0095285LVM03:~$ mount | grep 'NGTI'
//sca01uru/NGTI$ on /home/eduardo.moraes/NGTI type cifs
(rw,relatime,vers=default,cache=strict,username=eduardo.moraes,domain=,uid=111141,forceuid,gid=111251,forcegid,addr=10.120.100.71,file_mode=0770,dir_mode=0770,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)
//sca01uru/SCAN_NGTI$ on /home/eduardo.moraes/SCAN_NGTI type cifs
(rw,relatime,vers=default,cache=strict,username=eduardo.moraes,domain=,uid=111141,forceuid,gid=111251,forcegid,addr=10.120.100.71,file_mode=0770,dir_mode=0770,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)
Outputs in Ubuntu 18.04 and libpam-mount 2.16-3ubuntu0.1:
eduardo.moraes@URU0095285LVM02:~$ grep NGTI /etc/security/pam_mount.conf.xml
<volume sgrp="NGTI" fstype="cifs" server="sca01uru" path="NGTI$"
mountpoint="~/NGTI"
options="gid=NGTI,iocharset=utf8,file_mode=0770,dir_mode=0770" />
<volume sgrp="NGTI" fstype="cifs" server="sca01uru" path="SCAN_NGTI$"
mountpoint="~/SCAN_NGTI"
options="gid=NGTI,iocharset=utf8,file_mode=0770,dir_mode=0770" />
eduardo.moraes@URU0095285LVM02:~$ id
uid=111141(eduardo.moraes) gid=110513(usuários do domínio)
groups=110513(usuários do
domínio),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lpadmin),126(sambashare),10000(BUILTIN\administrators),10001(BUILTIN\users),110512(admins.
do domínio),110572(grupo de replicação de senha rodc
negado),111141(eduardo.moraes),111240(adm),111251(ngti),112043(mdd_sra),112047(autenticadores),112756(cfcv)
eduardo.moraes@URU0095285LVM02:~$ mount | grep 'NGTI'
eduardo.moraes@URU0095285LVM02:~$
Although the NGTI group is on the remote base of the AD Domain
Controller, the "libnss-winbind" library allows the name service switch
(NSS) to availables domain users and groups to the local system. Look:
eduardo.moraes@URU0095285LVM03:~$ getent group ngti
ngti:x:111251:eduardo.moraes,miliane.oliveira,virgilio.rodrigues,noel.costa
eduardo.moraes@URU0095285LVM02:~$ getent group ngti
ngti:x:111251:virgilio.rodrigues,noel.costa,miliane.oliveira,eduardo.moraes
I do not know what has changed in libpam-mount from version 2.14 to
2.16, but something does not allow sgrp and any other control attributes
to evaluate my users and AD domain groups. I also do not know if there's
anything to Samba or Winbind right now, but apparently everything that
is related to these is normal and does not seem to have had some kind of
alteration in the overall operation.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1830117
Title:
pam_mount does not mount the volumes that contain defined control
attributes (user, pgrp, sgrp, uid, and gid)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-mount/+bug/1830117/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
