This is how we do it now using Ubuntu 10.04 to automatically mount our remote documents directory from a Linux server. As we no longer use Windows around here, most of us have replaced Samba mounts with SSHFS mounts, however the configuration is mostly the same.
The /etc/security/pam_mount.conf.xml file in my workstation is:
Code:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<debug enable="0" />
<luserconf name=".pam_mount.conf.xml" />
<mntoptions require="" />
<mntoptions allow="*" />
<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />
</pam_mount>
which the only thing it does is to define that each user has his own configuration file in their home directory as ~/.pam_mount.conf.xml. This allow each user to define if they use smbfs/cifs or sshfs and what directory to mount.
I didn't modify the /etc/pam.d/* files.
My ~/.pam_mount.conf.xml is:
Code:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<volume fstype="fuse" path="sshfs#mvaldez@wintermute:/home/mvaldez/SHARE" mountpoint="/home/mvaldez/Mis_Documentos" options="reconnect,idmap=user,password_stdin" />
</pam_mount>
In this example "mvaldez" is my username in the remote server, "wintermute" is the remote server name, "/home/mvaldez/SHARE" is the path in the remote server, and "/home/mvaldez/Mis_Documentos" is the path in my computer.
The "reconnect" option for SSHFS is very important if the computer is allowed to suspend; otherwise the mount won't try to reconnect after waking up. The password_stdin is needed so sshfs would accept the user password from stdin (I think this won't work with older versions of sshfs).
If I would use a Samba share, then I'd use:
Code:
<volume fstype="cifs" server="wintermute" path="mvaldez" mountpoint="/home/mvaldez/Mis_Documentos" options="iocharset=utf8,domain=biofmds,noperm" />
Just a few notes:
If the home directory for the user is encrypted with ecryptfs (I mean, not only a Private directory, but the whole user home directory) then PAM will try to mount the remote directories before unwrapping the ecryptfs mount password and it won't be able to read the ~/.pam_mount.conf.xml file. In that case you'll need to change the order of some items in the files /etc/pam.d/common-auth, common-session and common-session-noninteractive. You need to change the lines from:
Code:
auth optional pam_mount.so
auth optional pam_ecryptfs.so unwrap
to:
Code:
auth optional pam_ecryptfs.so unwrap
auth optional pam_mount.so
However, in that case you still have the problem that pam_mount will refuse to mount anything inside the decrypted directory. For users with this setup we had to mount in a special directory /home/share/username (and they have a bookmark in Nautilus for easy access).
Hope this helps anyone in a similar situation.
Regards, MV.
Bookmarks