use of pam-mount to mount home from server

[dinuzz]

hi there

I'm trying to mount the home directories of the users on the server to the respective desktops. I would like to use the libpam-mount module. do you guys know, how make it run? Im using 9.10 both server and desktop and the most recent pam-mount module.

I know that the /etc/security/pam_mount.conf.xml needs to be edited.

I added the following to it:

Code:

 
<volume user="username" fstype="cifs" server="IP-Server" path="/home/username" mountpoint="/media/server" />

anybody successfully made it run?


cheers

[BkkBonanza]

I believe you want to use %(USER) variables in your volume statement,
and mount to the user's home, eg.

<volume fstype="cifs" server="IP-Server" path="/server_path_to_homes/%(USER)" mountpoint="~" />

Note no user tag if you don't want to limit which user can mount the volume. You may use sgrp="whatever" if you want a group of users to have remote mounted homes.

You may also want,
<mkmountpoint enable="1" remove="true" />
if you don't have user home directories existing for each user on all machines.

And then you will need to add the pam_mount module to the pam stack for logins. On Ubuntu I believe this is "/etc/pam.d/common-auth". I'm not sure about that but I've been looking at how my encrypted home gets mounted and this appears to be the right place to add,

auth optional pam_mount.so

More info here,
http://manpages.ubuntu.com/manpages/...nt.conf.5.html

You may want to enable debug mode in the conf to help track down what isn't right.
It's been a while since I did this, so I'm going on memory here.

[dinuzz]

Hmmm... Still doesn't work, how can I get to the debug information to check whats going wrong?
thanks

[BkkBonanza]

According to the docs,

<debug enable="1" />

in the pam_mount.conf.xml should output log messages to /var/log/syslog (and also stderr). I haven't tried it. If you get some output relayed to pam_mount then post it here and maybe can help.

[dinuzz]

Hmmm, this entry in the syslog seems interesting:

Code:

Jan  8 16:04:24 desktop kernel: [   42.965294]  CIFS VFS: cifs_mount failed w/return code = -6

[BkkBonanza]

As far as I can tell that -6 error means "non-existant share". I couldn't find a reliable docs page defining the error codes so this may not be right.

I may be wrong up above regarding the user=... maybe you need it so pam passes on the user name for authenticating like, user="%(USER)"

Make sure any mount you try can be mounted manually first before trying it through the pam_mount. It's too bad it doesn't seem to give more info about the actual mount it's trying.

[dinuzz]

Yeah - Tried to look for the same explanation, but found the same info in different forums...

I mounted the share already manually and it worked fine... I will test this later again, since Im working on a virtual machine, both client and server... so this could be an issue...

will test this later on a different infrastructure and post back here if the same error occurs and also if I was successful...

thanks for now...

[BkkBonanza]

Regarding my idea for user="..." - I now think that is wrong. I believe the user needs to be passed as a mount option after the mount point... so smbmount gets it.
eg.

<volume fstype="cifs" server="IP-Server" path="/server_path_to_homes/%(USER)" mountpoint="~" options="username=%(USER)" />

Here is a useful page,
http://www.kroon.co.za/howto.php?howto=cifs_pam_mount
it's OLD so uses the old format for the volume. But I think some of the other info is probably right. Like there needs to be two entries made in /etc/pam.d/common-auth - one for auth and one for session.

[dinuzz]

all right, I tested the config on my other infrastructure... it works now... pretty easy, all I had to do is adding the share definition to the config file /etc/security/pam_mount.conf.xml


the user needs to be added to the share definition, since the credentials will be used from the login procedure on ubuntu login.

thanks
cheers

[BkkBonanza]

Can you post a working example of the config file. I would be interested in the final syntax that works. Thanks.