[Ubuntu] how to automount user home with Likewise Open?

[misterfriendly]

We have a Win 2008 R2 server providing AD & user home directories.

I have successfully joined an Ubuntu Desktop 10.04 box to AD using Likewise Open (this is stupidly easy) and network login works.

HOWEVER - by default, logging in as an AD user on the Ubuntu box creates a _local_ home directory for that user. That's not what I want - I want each user's network home (residing on the Win server) to be mapped to some local directory on login, so that they see all their expected files in ~/Documents, etc.

In other words, I want it to function like an AD-bound Mac when a network user logs in.

Has anyone done this? Online documentation is spotty and out of date (of course).
Thanks all -

Luke Jaeger | Technology Coordinator
Pioneer Valley Performing Arts Charter Public School
PVPA Charter Public School | South Hadley, Massachusetts - About PVPA

[CyberNerd]

This may or may not be of use to you.
I'm using Centos clients here. Authentication is done through samba winbind and homedirectories are mapped using pam_mount.
The install is done remotely through kickstart (in spacewalk) and the config files are deployed through spacewalk.
my notes:

to setup for domain membership during kickstart:
install:

samba
samba-winbind
samba-client
pam_krb5

*pam_mount

during kickstart configure authconfig:

Code:

authconfig --enablewinbind --enablewinbindauth --smbsecurity ads  --enablewinbindoffline --smbservers=server1.domain.college.internal,server2.domain.college.internal --smbworkgroup=DOMAIN --smbrealm DOMAIN.COLLEGE.INTERNAL --winbindtemplatehomedir=/home/DOMAIN/%U --enablekrb5  --krb5realm=DOMAIN.COLLEGE.INTERNAL --enablekrb5kdcdns --enablekrb5realmdns --enablelocauthorize --enablemkhomedir --enablepamaccess --updateall --enablewinbindusedefaultdomain --krb5adminserver=SERVER1.DOMAIN.COLLEGE.INTERNAL,SERVER2.DOMAIN.COLLEGE.INTERNAL --winbindtemplateshell=/bin/bash --krb5kdc=SERVER1.DOMAIN.COLLEGE.INTERNAL,SERVER2.DOMAIN.COLLEGE.INTERNAL --update

join domain:

Code:

#net ads join -u administrator

*additionally install pam_mount-2.5-1.fc12 as centos 6 lacks the package

upload the following to: /etc/security/pam_mount.conf.xml to client

Code:

<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
  <mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other,workgroup,nosetuids,noexec,nosuid,noserverino" />
  <mntoptions require="nosuid,nodev" />
  <logout wait="2" hup="0" term="yes" kill="0" />
  <mkmountpoint enable="1" remove="true" />
  <debug enable="0" />
  <volume fstype="cifs" server="student" path="%(USER)" mountpoint="/home/DOMAIN/%(USER)/H_Drive" options="workgroup=DOMAIN,uid=%(USER),dir_mode=0700,file_mode=0700,nosuid,nodev,noserverino" />
</pam_mount>

upload the following to /etc/pam.d/password-auth-ac to client:

Code:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth	    required	  pam_mount.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_krb5.so use_first_pass
auth        sufficient    pam_winbind.so cached_login use_first_pass
auth        required      pam_deny.so

account     required      pam_access.so
account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_krb5.so use_authtok
password    sufficient    pam_winbind.so cached_login use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     optional      pam_mkhomedir.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session optional pam_mount.so 
session     optional	  pam_krb5.so

[will_]

I wrestled with this for ages. I got it to automount shared mounts but I'm afraid I gave up on the home directory in the end. This was a couple of years ago so it may be easier now but I wouldn't hold your breath.

[morganw]

I think that Centrify DirectControl Express has the option to mount the home folder you have set in AD, rather than use a local folder.