Automatically mounting Samba and NCP shares using PAM
Novell Cool Solutions: Feature
By Kirk Coombs
Digg This -
Posted: 19 May 2005
Pluggable Authentication Modules (PAM) is the method used by SUSE Linux to authenticate users from diverse sources in a flexible and extensible way. For example, it allows users to be authenticated from the local machine, a Smart card, a LDAP directory, or any other source which has a module for PAM. Modules can also be executed as a user authenticates to perform other actions. One such module is pam_mount, which mounts remote file systems as a user logs in, and unmounts them as a user logs out.
why use pam_mount?
The benefits to mounting remote file systems with PAM are subtle, but significant. The primary alternative to using PAM is to place the entries in /etc/fstab (or /etc/samba/smbfstab). This method works great, but is not flexible. The files /etc/fstab and /etc/samba/smbfstab are only writable by root, so only root can add and remove shares. Moreover, shares are either mounted automatically on system boot, or are manually mounted later. Lastly, if a share only applies to a single user, that share is still mounted when that user logs out. pam_mount deals with both of these cases quite well.
The pam_mount module is not installed on SUSE Professional by default. It must be installed via YaST before it can be used.
PAM has most of its configuration files in /etc/pam.d/. There is a configuration file for each service that PAM supports. In the case of pam_mount it makes most sense to have the module invoked when a user logs in, thus the proper file to edit is login. The login file contains a list of the PAM modules to invoke when /sbin/login is executed. Add two lines for the pam_mount.so module as follows:
/etc/pam.d/login: #%PAM-1.0 auth required pam_securetty.so auth include common-auth auth required pam_nologin.so auth required pam_mail.so auth optional pam_mount.so use_first_pass account include common-account password include common-password session include common-session session required pam_resmgr.so session optional pam_mount.so
Now, the pam_mount module must be configured. The main configuration file is /etc/security/pam_mount.conf.
There are three major areas to edit in the file.
Line 7 (debug 1): When set to 1, pam_mount gives verbose output when logging in if any errors or warnings are encountered. Set it to 0 to eliminate this output. It is useful to have this set to 1 while configuring mount points, but should probably be disabled later.
Line 28 (# luserconf .pam_mount.conf): Uncomment this line to allow individual users to define their own volumes to import. By default they add them to ~/.pam_mount.conf.
If you enable this option, you must also uncomment one of lines 41-44.
Around Line 84: Here the instructions begin specifying how to add volumes to be mounted. The general syntax given is:
volume <user> [smb|ncp|nfs|local] <server> \ <volume> <mount point> <mount options> \ <fs key cipher> <fs key path>
The <fs key cipher> and <fs key path> fields are used if mounting an encrypted file system. If they, or any other field, are not used then a '-' must be given.
As an example, suppose local user jdoe wants to mount a NCP volume share on server geeko with user testuser.geeko, mounted to /home/jdoe/share. The server geeko has the DNS name geeko.someorg.us. The proper syntax is:
volume jdoe ncp geeko share /home/jdoe/share \ defaults,ipserver=geeko.someorg.us,multiple,\ user=testuser.geeko - -
Or, suppose a local user jsmith wants to mount a Samba volume share on server geeko with user testuser, mounted to /home/jsmith/share. The server GEEKO has the DNS name geeko.someorg.us. The proper syntax is:
volume jsmith smb geeko.someorg.us SHARE \ /home/jsmith username=kcoombs - -
Any options which would be used in /etc/fstab or /etc/samba/smbfstab, such as permissions and ownership, can be specified as well.
Now, every time jdoe logs in, his NCP share is mounted to /home/jdoe/share, and every time jsmith logs in, his Samba share is mounted to /home/jsmith/share. These shares are also unmounted when they log out.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com