+ Post New Thread
Results 1 to 4 of 4
*nix Thread, how to automount user home with Likewise Open? in Technical; We have a Win 2008 R2 server providing AD & user home directories. I have successfully joined an Ubuntu Desktop ...
  1. #1

    Join Date
    Jul 2010
    Location
    South Hadley, Massachusetts, USA
    Posts
    46
    Thank Post
    4
    Thanked 1 Time in 1 Post
    Rep Power
    0

    how to automount user home with Likewise Open?

    We have a Win 2008 R2 server providing AD & user home directories.

    I have successfully joined an Ubuntu Desktop 10.04 box to AD using Likewise Open (this is stupidly easy) and network login works.

    HOWEVER - by default, logging in as an AD user on the Ubuntu box creates a _local_ home directory for that user. That's not what I want - I want each user's network home (residing on the Win server) to be mapped to some local directory on login, so that they see all their expected files in ~/Documents, etc.

    In other words, I want it to function like an AD-bound Mac when a network user logs in.

    Has anyone done this? Online documentation is spotty and out of date (of course).
    Thanks all -

    Luke Jaeger | Technology Coordinator
    Pioneer Valley Performing Arts Charter Public School
    PVPA Charter Public School | South Hadley, Massachusetts - About PVPA
    Last edited by misterfriendly; 27th July 2012 at 04:17 PM.

  2. #2


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    This may or may not be of use to you.
    I'm using Centos clients here. Authentication is done through samba winbind and homedirectories are mapped using pam_mount.
    The install is done remotely through kickstart (in spacewalk) and the config files are deployed through spacewalk.
    my notes:

    to setup for domain membership during kickstart:
    install:

    samba
    samba-winbind
    samba-client
    pam_krb5

    *pam_mount

    during kickstart configure authconfig:
    Code:
    authconfig --enablewinbind --enablewinbindauth --smbsecurity ads  --enablewinbindoffline --smbservers=server1.domain.college.internal,server2.domain.college.internal --smbworkgroup=DOMAIN --smbrealm DOMAIN.COLLEGE.INTERNAL --winbindtemplatehomedir=/home/DOMAIN/%U --enablekrb5  --krb5realm=DOMAIN.COLLEGE.INTERNAL --enablekrb5kdcdns --enablekrb5realmdns --enablelocauthorize --enablemkhomedir --enablepamaccess --updateall --enablewinbindusedefaultdomain --krb5adminserver=SERVER1.DOMAIN.COLLEGE.INTERNAL,SERVER2.DOMAIN.COLLEGE.INTERNAL --winbindtemplateshell=/bin/bash --krb5kdc=SERVER1.DOMAIN.COLLEGE.INTERNAL,SERVER2.DOMAIN.COLLEGE.INTERNAL --update
    join domain:
    Code:
    #net ads join -u administrator
    *additionally install pam_mount-2.5-1.fc12 as centos 6 lacks the package

    upload the following to: /etc/security/pam_mount.conf.xml to client

    Code:
    <?xml version="1.0" encoding="utf-8" ?>
    <!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
    <pam_mount>
      <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,workgroup,nosetuids,noexec,nosuid,noserverino" />
      <mntoptions require="nosuid,nodev" />
      <logout wait="2" hup="0" term="yes" kill="0" />
      <mkmountpoint enable="1" remove="true" />
      <debug enable="0" />
      <volume fstype="cifs" server="student" path="%(USER)" mountpoint="/home/DOMAIN/%(USER)/H_Drive" options="workgroup=DOMAIN,uid=%(USER),dir_mode=0700,file_mode=0700,nosuid,nodev,noserverino" />
    </pam_mount>
    upload the following to /etc/pam.d/password-auth-ac to client:

    Code:
    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.
    auth        required      pam_env.so
    auth	    required	  pam_mount.so
    auth        sufficient    pam_unix.so nullok try_first_pass
    auth        requisite     pam_succeed_if.so uid >= 500 quiet
    auth        sufficient    pam_krb5.so use_first_pass
    auth        sufficient    pam_winbind.so cached_login use_first_pass
    auth        required      pam_deny.so
    
    account     required      pam_access.so
    account     required      pam_unix.so broken_shadow
    account     sufficient    pam_localuser.so
    account     sufficient    pam_succeed_if.so uid < 500 quiet
    account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
    account     [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login
    account     required      pam_permit.so
    
    password    requisite     pam_cracklib.so try_first_pass retry=3 type=
    password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
    password    sufficient    pam_krb5.so use_authtok
    password    sufficient    pam_winbind.so cached_login use_authtok
    password    required      pam_deny.so
    
    session     optional      pam_keyinit.so revoke
    session     required      pam_limits.so
    session     optional      pam_mkhomedir.so
    session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
    session     required      pam_unix.so
    session optional pam_mount.so 
    session     optional	  pam_krb5.so

  3. #3

    Join Date
    Feb 2010
    Posts
    87
    Thank Post
    36
    Thanked 2 Times in 2 Posts
    Rep Power
    10
    I wrestled with this for ages. I got it to automount shared mounts but I'm afraid I gave up on the home directory in the end. This was a couple of years ago so it may be easier now but I wouldn't hold your breath.
    Last edited by will_; 12th August 2012 at 01:33 PM. Reason: typo

  4. #4
    morganw's Avatar
    Join Date
    Apr 2009
    Location
    Cambridge
    Posts
    816
    Thank Post
    46
    Thanked 132 Times in 126 Posts
    Rep Power
    39
    I think that Centrify DirectControl Express has the option to mount the home folder you have set in AD, rather than use a local folder.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 20
    Last Post: 30th April 2012, 01:26 PM
  2. [NetRestore] **How to image OS X with NetRestore**
    By Rozzer in forum O/S Deployment
    Replies: 13
    Last Post: 12th April 2012, 10:40 AM
  3. Replies: 2
    Last Post: 18th July 2008, 01:43 PM
  4. How to link 2 sites with VPN
    By MarkB in forum How do you do....it?
    Replies: 4
    Last Post: 25th February 2008, 12:04 PM
  5. How To Run Sims Registers With Pre Admissions Inc?
    By schoolbunny in forum MIS Systems
    Replies: 1
    Last Post: 4th July 2007, 05:08 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •