+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 21
*nix Thread, Automount SMB share in Technical; Teachers want to run an old dos application, but I'm having problems with it. Decided to try running it on ...
  1. #1


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Automount SMB share

    Teachers want to run an old dos application, but I'm having problems with it. Decided to try running it on dosbox and it appears fine - so the plan is to allow students to log in to linux server and run the app. Students already use server for a php/mysql course but use local directories autocreated with pam_mkhomedir.so. Winbind/Samba etc is working.
    Now I need to mount the \\server\username share on mount as a subdirectory of the /home/DOMAIN/user , I've looked at pam_mount and it supports smb/cifs but anyone know a good howto for pam_mount or can post a config as a starting point? sevrer is Centos4.4 but anything will help. TIA
    pam is a headache

  2. #2

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,596
    Thank Post
    109
    Thanked 764 Times in 595 Posts
    Rep Power
    181

    Re: Automount SMB share

    Was thinking about something similar earlier today... don't know why. I was thinking along the lines of writing a bash script to mount the folder to a directory... could this not be done?

  3. #3


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Automount SMB share

    probably, but I can forsee permissions being a mess.
    I think pam_mount is the way forward.
    I found this:
    http://wiki.ltsp.org/twiki/bin/view/Ltsp/WinIntegration
    and will give it a try when my head recovers

  4. #4

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,596
    Thank Post
    109
    Thanked 764 Times in 595 Posts
    Rep Power
    181

    Re: Automount SMB share

    Just thinking out loud but surely if you use Samba, etc. the user permissions/authentication will be sorted out for you.

  5. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Automount SMB share

    .. I think to do that the user would need to re-enter the password in order to mount the share (using a script) but I can't see this working on logon easily without the pam_mount. I'm having problems with domain users smbmounting anything at the moment. I needed to do "chmod +s smbmnt" - but still I get permissions problems. Not tried with the pam_mount yet - does this overcome these problems by using root permissions instead of normal user to mount ? or do I need to get normal users mounting drives first? I'm not sure of the security implications here.

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Automount SMB share

    pam_mount runs suid (as do the other pam modules), so yes there's no problem with permissions.

    As a rule of thumb, running suid is bad. Any bugs in the suid software opens your box to being rooted.

  7. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    866
    Thanked 849 Times in 671 Posts
    Rep Power
    196

    Re: Automount SMB share

    Just out of being nosy - any reason why you cant run it in DOSBox under win32?

    I run "Railroad Tycoon" under that environment, and its fine. Well, until my g/f tells me to stop playing "that stupid train game"

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Automount SMB share

    Cybernerd has Linux based systems/thin clients IIRC...

  9. #9


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Automount SMB share

    TBO, I didn't realised Dosbos ran on windows (goes and looks at website...)
    I just tested it on my ubuntu workstation and it was fine. I'd like to get a *nix application server running in any case - it would be good for older educational apps that run fine in wine (but not on windows Citrix servers), for our php/mysql course and maybe we could even move cross-platform apps to FreeNX and save some windows licenses.

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Automount SMB share

    Another thought occurred to me. Do you also have pam_krb5 installed as part of the login process. They wont be able to mount anything on the AD based servers unless they have a valid kerberos ticket.

  11. #11


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Automount SMB share

    Cybernerd has Linux based systems/thin clients IIRC...
    The majority our users see is Windows Desktop via Citrix - although the TC clients are linux.

  12. #12


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Automount SMB share

    @ Geoff, thanks - I'll try and work through this documentation when I get a chance http://cb-net.co.uk/readarticle.php?article_id=5 It has a setup of all the different pam options.

  13. #13


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Automount SMB share

    I've had some luck with this - not with Centos though, couldn't find a new enough package of pam_mount, dependancy hell - tried Ubuntu and it worked in ssh after some fscking around (not that dosbox will run in ssh but that's beside the point now). Still having problems with permissions after pam_mount has mounted the windows share - also it doesn't want to unmount it when the user logs off, but otherwise ok in testing. will post a howto for you lot to rip to shreds when I have time.

  14. #14
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,009
    Thank Post
    120
    Thanked 282 Times in 260 Posts
    Rep Power
    108

    Re: Automount SMB share

    Quote Originally Posted by CyberNerd
    will post a howto for you lot to rip to shreds when I have time.
    What are you trying to say

  15. #15


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Automount SMB share

    partly from memory, partly from bash_history.

    please improve this and I'll add to wiki:

    Installing a Multi user Ubuntu system in a MS Active Directory environment with homedrives on windows share -non kerberos method.

    Install Ubuntu server 6.06
    Enable multiverse and Universe repositories by

    Code:
     sudo vi /etc/apt/sources/
    update sources, upgrade and install a text editor

    Code:
     sudo apt-get update && sudo apt-get upgrade && sudo apt-get install joe
    Install and configure ntpdate to keep the time in sync with Active Directory servers – this is only really necessary using kerberos, which this method does not, but it's nice to be time-synced.
    edit : when I originally did this I did setup kerberos before it was joined to the domain.
    Code:
    sudo apt-get install ntpdate
    Edit the /etc/default/ntpdate file using the following command and add you Active Directory Time servers
    Code:
     sudo jmacs /etc/default/ntpdate
    ntpdate will automatically run while booting the system. Ubuntu stores script at /etc/network/if-up.d/ntpdate location.
    If you wish to just run script again just type command
    Code:
     sudo /etc/network/if-up.d/ntpdate
    Install Samba, Winbind, libpam-mount etc
    Code:
     sudo apt-get install winbind samba libpam-mount smbfs smbclient
    Configure Samba
    Code:
     jmacs /etc/samba/smb.conf 
    
    [global]
            workgroup = DOMAIN
            obey pam restrictions = yes
            security = ads
            realm = DOMAIN.EXAMPLE
            password server = AD-server-IP-goes-here
    #       winbind separator = +
            idmap uid = 10000-20000
            idmap gid = 10000-20000
            winbind enum users = yes
            winbind enum groups = yes
            template homedir = /home/%D/%U
            template shell = /bin/bash
            client use spnego = yes
            client ntlmv2 auth = yes
            encrypt passwords = yes
            winbind use default domain = yes
            restrict anonymous = 2
    # to avoid the workstation from
    # trying to become a master browser
    # on your windows network add the
    # following lines
            domain master = no
            local master = no
            preferred master = no
            os level = 0
    restart samba
    Code:
    /etc/init.d/winbind stop
    /etc/init.d/samba restart
    /etc/init.d/winbind start
    join to domain
    Code:
     sudo net ads join -U administrator
    check users and groups :
    Code:
    wbinfo -u
    wbingo -g
    edit nsswitch:
    Code:
    sudo jmacs /etc/nsswitch.conf
    
    # /etc/nsswitch.conf
    #
    # Example configuration of GNU Name Service Switch functionality.
    # If you have the `glibc-doc' and `info' packages installed, try:
    # `info libc "Name Service Switch"' for information about this file.
    
    passwd:         compat winbind
    group:          compat winbind
    shadow:         compat
    
    hosts:          files dns mdns
    networks:       files
    
    protocols:      db files
    services:       db files
    ethers:         db files
    rpc:            db files
    
    netgroup:       nis
    test – should see all domain accounts:
    Code:
     getent passwd
    edit the following files:
    Code:
    jmacs /etc/pam.d/common-account
    jmacs /etc/pam.d/common-auth
    jmacs /etc/pam.d/common-session
    jmacs /etc/security/pam_mount.conf
    Code:
    # /etc/pam.d/common-account - authorization settings common to all services
    #
    # This file is included from other service-specific PAM config files,
    # and should contain a list of the authorization modules that define
    # the central access policy for use on the system.  The default is to
    # only deny service to users whose accounts are expired in /etc/shadow.
    #
    account sufficient      pam_winbind.so
    account required        pam_unix.so
    Code:
    # /etc/pam.d/common-auth - authentication settings common to all services
    #
    # This file is included from other service-specific PAM config files,
    # and should contain a list of the authentication modules that define
    # the central authentication scheme for use on the system
    # (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
    # traditional Unix authentication mechanisms.
    #
    #auth   required        pam_unix.so nullok_secure
    auth    required        pam_mount.so
    
    #next line will validate ONLY off of network
    #auth   required        pam_winbind.so use_first_pass
    
    ## use the TWO "auth" lines below for either network or local validation -
    ## will validate off of EITHER network or local passwd db
    
    auth    sufficient      pam_winbind.so use_first_pass
    Code:
    # /etc/pam.d/common-session - session-related modules common to all services
    # This file is included from other service-specific PAM config files,
    # and should contain a list of modules that define tasks to be performed
    # at the start and end of sessions of *any* kind (both interactive and
    # non-interactive).  The default is pam_unix.
    
    session required        pam_unix.so
    
    session required        pam_mkhomedir.so umask=0022 skel=/etc/skel/
    session optional        pam_mount.so



    create the default directory
    Code:
     sudo mkdir /home/DOMAIN
    maybe change perms on this?


    This bit does the Automount \\server\student$ homedrives on login:
    from /etc/security/pam_mount.conf
    comment out:
    options_require nosuid,nodev

    add
    Code:
    volume * cifs FileServerName &$ /home/DOMAIN/& username=&,uid=&,dmask=0750,workgroup=DOMAIN - -
    login.

    install desktop

    Code:
     sudo apt-get install xubunu-desktop
    install and configure FreeNX........


    refs:
    http://tech.canterburyschool.org/tec...tuWorkstations

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Automount Issues
    By richard in forum *nix
    Replies: 0
    Last Post: 21st November 2007, 07:44 AM
  2. I've just got to share this...
    By tech_guy in forum General Chat
    Replies: 30
    Last Post: 26th August 2007, 06:23 PM
  3. Samba share
    By apeo in forum *nix
    Replies: 17
    Last Post: 16th July 2007, 12:21 PM
  4. Map XP Share to Win 98
    By thom in forum Wireless Networks
    Replies: 7
    Last Post: 6th December 2006, 09:20 AM
  5. Share Permissions
    By wesleyw in forum Windows
    Replies: 6
    Last Post: 30th August 2006, 09:37 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •