[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1851
  • Last Modified:

Mapping users drives using OpenSuse 11.1 in a windows AD environment

We want to setup an OpenSuse 11.1 lab. I have gotten OpenSues to authenticate with our DC. All users have a mapped drive where all their files are stored.

-how do I pull their mapped drive on login?
-how do I map their My Documents folder
0
scottman29
Asked:
scottman29
  • 6
  • 5
1 Solution
 
nociSoftware EngineerCommented:
pam_mount can be used to map/mount a cifs share onto a local directory during logon.
I am not sure pam_mount is available by default on OpenSuse.

Why not use pam_mount for My documents as well?

0
 
scottman29Author Commented:
Do you know of a script i can use to achieve this?
0
 
nociSoftware EngineerCommented:
man pam_mount can help...

pam_mount needs to be added to your login paths though pam
(probably the system-auth profiles in the /etc/pam.d directory).

it needs to be there for auth and session, the auth thing will capture the password, the session thing will mount the volume.

The /etc/security/pam_mount.conf.xml file holds entries that will assist in
mounting the remote volumes.
It should be fairly commented if not I can upload an example.

b.t.w. it is not scripting and you run in the context of root still when all this is active.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
scottman29Author Commented:
the problem is we are using this in a lab where multiple people will be logging on to the same machine.  So we need something that will change dynamically with the user logging in.  Pam only works for that session.  That's why I'm looking for a script.
0
 
nociSoftware EngineerCommented:
pam will use the context the user logging in.
itis used in almost all authentication frontends. (login, *getty, kdm, xdm, gdm).
pam_mount  can be differentiated various ways, like using shell variables, selection on username etc.

Is John logs on John's profiles is used,
he loggs off, then Mary comes and logs on her profile is used.

Then your system manager comes along and using ssh so his profile is activated too.
etc.

Maybe you need to have per user directoryies mounted like
/home/john/central //nasserver/john
/home/mary/cental //nasserver/john

You can have two people have mount
/central   //nasserver/john
and at the same time on the same machine have a
/central //nasserver/mary

pam_mount.xml needs entries like:

<cifsmount>mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o
    "user=%(USER),uid=%(USERUID),gid=%(USERGID)%(before=\",\" OPTIONS)"</cifsmount>

to know HOW to mount a cifs share. (as you can see highly parameterized)
in addition you need entries like:

<volume user="john" fstype="cifs" server="nassserver" path="homes"
        mountpoint="/home/%(USER)/central" />

Which will access nasserver using the homes share for the user john and use /home/john/central  as mount point.

user="*" will match all users. You can also match on GID, UID etc.
pam_mount.xml is probably the scrpt you are looking for.

0
 
nociSoftware EngineerCommented:
From the previous entry... a NOT should have been added....!

You can NOT have two people have mount
/central   //nasserver/john
and at the same time on the same machine have a
/central //nasserver/mary
0
 
scottman29Author Commented:
can you extract information from Active Directory on where the location of their home folder is, and then use that with PAM?
0
 
nociSoftware EngineerCommented:
The local location of the home folder?
or the home folder within the cifs? server.

If cifs is used then there is the 'homes' share, that maps on the home directory from ldap as seen by the server.  

If you mean the local home then you can specify ~ as a shortcut.
The earlier example could have been rewritten as:
<volume user="john" fstype="cifs" server="nassserver" path="homes"
        mountpoint="~/central" />
0
 
scottman29Author Commented:
I mean the user's home folder on active directory server...
0
 
nociSoftware EngineerCommented:
Active directory is LDAP + Kerberos + some MS specifics.

File access is: LANMANAGER/SMB protocol so you probably mean to ask:

Can I access the home folder on the file server (that also happens to be my Active directory server[, although not relevant for the mounting part])..., in the previous examples that was:

//nasserver/homes

homes is a construct os samba that allows to use NET USE U: /HOME
and will connect it to the Home directory

In the case of Active directory access, you might first need to integrate your linux system into an active directory environment, please check the documentation on the SAMBA product. (if you want to make it an backupDC or also a server)
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-member

Your keywords for further research might be:
nss winbind like in:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html

This might also help...
http://www.novell.com/communities/node/1854/creating-user-cifs-share-path-active-directory
0
 
scottman29Author Commented:
Thanks for all your help.  It's really getting me going in the right direction.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now