+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
*nix Thread, cifs/smbfs Machine Account in Technical; Is it possible to use machine account to authenticate against using cifs/smbfs? I mean in smbclient you can use -P ...
  1. #1
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41

    cifs/smbfs Machine Account

    Is it possible to use machine account to authenticate against using cifs/smbfs? I mean in smbclient you can use -P to tell it to use the machine account of the local computer, rather then using a user and password.

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Can explain exactly what you are trying to do? Which machine account? The local one? Authenticate to do what? Connect to a share? A printer? Interactive Login?

  3. #3
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41
    Sorry, Im mounting a windows share from a nix server and using the machine account in AD i.e. the computer object that is registered for the nix server in AD. The smbclient would be:

    sudo smbclient //windowsserver/share -P

    Just wondering if its possible to cifs/smbfs mount using these credentials instead of providing a username and password, and if it would work in fstab.

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    assuming the *nix machine is correctly joned to the domain then yes.

  5. #5
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41
    so what would the cifs/smbfs command/options be?

    If it was in fstab it would be something like:

    //servername/sharename /media/windowsshare cifs username=username,password=password,iocharset=utf8 ,file_mode=0777,dir_mode=0777 0 0

    but what would i put in instead of username and password?

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    You can't do that within the fstab.

  7. #7
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    111
    You should use PAM_MOUNT to mount the folder

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    heck you could even use fuse

  9. #9
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41
    Ah ok, I'll have a read about FUSE and PAM_MOUNT

  10. #10
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41
    Well after doing some reading and I cant figure out how to use either FUSE or PAM_MOUNT in fstab i.e. mount on boot. Didnt even get to the point where i had an entry into fstab let alone trying to see it it would use machine account credentials (i.e. the computer object that is registered in AD). Can someone send me in the right direction so I can look it up?

  11. #11


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by apeo View Post
    Well after doing some reading and I cant figure out how to use either FUSE or PAM_MOUNT in fstab i.e. mount on boot. Didnt even get to the point where i had an entry into fstab let alone trying to see it it would use machine account credentials (i.e. the computer object that is registered in AD). Can someone send me in the right direction so I can look it up?
    I can help with pam_mount. It works on login, rather than in fstab, so not sure it's what you need really.
    install samba-client and pam_mount etc

    and set this in /etc/pam.d/password-auth

    Code:
    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth        required      pam_env.so
    auth	    required	  pam_mount.so 
    auth        sufficient    pam_unix.so nullok try_first_pass
    auth        requisite     pam_succeed_if.so uid >= 500 quiet
    auth        sufficient    pam_krb5.so use_first_pass
    auth        sufficient    pam_winbind.so cached_login use_first_pass
    auth        required      pam_deny.so
    
    account     required      pam_access.so
    account     required      pam_unix.so broken_shadow
    account     sufficient    pam_localuser.so
    account     sufficient    pam_succeed_if.so uid < 500 quiet
    account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
    account     [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login
    account     required      pam_permit.so
    
    password    requisite     pam_cracklib.so try_first_pass retry=3 type=
    password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
    password    sufficient    pam_krb5.so use_authtok
    password    sufficient    pam_winbind.so cached_login use_authtok
    password    required      pam_deny.so
    
    session     optional      pam_keyinit.so revoke
    session     required      pam_limits.so
    session     optional      pam_mkhomedir.so
    session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
    session     required      pam_unix.so
    session optional pam_mount.so 
    session     optional	  pam_krb5.so
    and this in /etc/security/pam_mount.conf

    Code:
    <?xml version="1.0" encoding="utf-8" ?>
    <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
    <pam_mount>
      <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,workgroup,nosetuids,noexec,nosuid,noserverino" />
      <mntoptions require="nosuid,nodev" />
      <logout wait="2" hup="0" term="yes" kill="0" />
      <mkmountpoint enable="1" remove="true" />
      <debug enable="0" />
      <volume fstype="cifs" server="student" path="%(USER)" mountpoint="/home/%(USER)" options="workgroup=CURRIC,uid=%(USER),dir_mode=0700,file_mode=0700,nosuid,nodev,noserverino" />
    </pam_mount>

  12. #12
    apeo's Avatar
    Join Date
    Sep 2005
    Location
    Lost
    Posts
    1,612
    Thank Post
    95
    Thanked 115 Times in 111 Posts
    Rep Power
    41
    Thanks for that, I was really looking at mounting on boot rather then login. Appreciate the info though as its useful for the future.

    It seems that you cant use the machine account to mount windows share on boot, just annoying that its possible with smbclient.

  13. #13

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,613
    Thank Post
    1,229
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by apeo View Post
    Just wondering if its possible to cifs/smbfs mount using these credentials instead of providing a username and password, and if it would work in fstab.
    If you can't use fstab, can you put the appropriate command in /etc/rc.local to be run on boot?

  14. #14


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by dhicks View Post
    If you can't use fstab, can you put the appropriate command in /etc/rc.local to be run on boot?
    That would work, you could also have a cron script to check if it is still mounted and remount if the server goes down.

    In preference I usually mount using NFS, I appreciate its more difficult on a windows server, we don't have any windows fileservers as linux has superseded them all.

  15. #15

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    If you install services for unix on the windows server you can expose the windows shares over NFS.

    http://technet.microsoft.com/en-us/l...(v=ws.10).aspx

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 4
    Last Post: 5th March 2012, 02:41 PM
  2. Replies: 4
    Last Post: 2nd November 2011, 07:28 PM
  3. Research Machines
    By KeithFermor in forum Bad Experiences
    Replies: 46
    Last Post: 30th November 2007, 02:52 PM
  4. Replies: 7
    Last Post: 21st August 2007, 01:11 PM
  5. Problem accessing machines from a sub-domain
    By mark in forum Wireless Networks
    Replies: 13
    Last Post: 22nd August 2005, 03:52 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •