Bug 721 - Automount AD Home share as local /home/ at login
Summary: Automount AD Home share as local /home/ at login
Status: RESOLVED LATER
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: ntlm_auth tool (show other bugs)
Version: 3.0.0
Hardware: All Linux
: P3 enhancement
Target Milestone: none
Assignee: Andrew Bartlett
QA Contact:
URL: http://lists.samba.org/archive/samba/...
Keywords:
Depends on:
Blocks:
 
Reported: 2003-11-05 22:10 UTC by Mike Ely
Modified: 2005-02-08 20:40 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Ely 2003-11-05 22:10:12 UTC 
What I need to get working:
A switch so that any domain user logging on will automatically have
home mapped to their share on the win2k server (we have 3 fileservers
for the user accounts).

In an earlier message, Jerry pointed me to pam_mount.so, which I see 
in
/lib/security, but I don't have any documentation on how to use it, 
and
so far google hasn't brought any joy either.  Can someone help?

*************************************************************************

This is all quite possible, but we need to do a bit of work to
intergrate the components.  Currently pam_winbind can't tell pam_mount
what server to mount, for example.  Also, we have the problem of
special files over CIFS - your Win2k server probably will not like
attemptes to create symbolic links.

At the very least what we need to do is modify pam_winbind to store a
token containing the homedir location, for pam_mount to pinch.

Andrew Bartlett

*************************************************************************

Ok.  Before I start digging into the source I wanted to ask if this is 
an appropriate question to put to samba-technical.  Also, to clarify, 
when you use the word "we" here, are you referring to you and I, or you 
and the rest of the intrepid Samba team?  While I will happily do what 
I can, I'm not sure that I'd be much help when it comes to editing much 
more than a shell script =]

*************************************************************************

'we' probably referes to whowever decides do take on doing some code
in this project ;-)

It isn't actually that hard.  What you need to do is cause
nsswitch/winbind_pam.c to return the extra information as in a
structured string format.  pam_winbind then reads the extra strings
off the end of the logon reply, and stashes the information away.  We
already return the NDR encoded form of this data, but that isn't much
use for external tools such as pam_mount.

File a bug against this, so it can be tracked.  pick ntlm_auth as the
component (that is where the implementation should start, then put it
into pam_winbind).

Andrew Bartlett
Comment 1 Mike Ely 2003-12-02 14:19:03 UTC 
It seems to me that one big component of this is that when a user logs in, Samba >should< pick 
up a kerberos ticket for that user, but this is not what is happening in my case at least.  klist shows 
that the primary ticket is set to the domain user who is logged in, but kinit is not occurring - I have 
to actually run kinit (and enter the password) to pick up the ticket.  It is only then that I can use the 
ticket for smbclient, etc. to get into my home directory.  Is this a secondary bug, or do I just need 
to fix a config issue?
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-02-08 20:40:22 UTC 
later.  no one has touched it in a year.