Dear All,
Im havin troubles UnMounting cifs mounts Using smb_mount.
Beside that, everything is working just fine (smb, winbind, authentication, everything....)
In fact, I can mount home directories of my users just fine. However, when a user logoff, & another one logs on the LinuxBox, The 1st user home is still mounted. I need to reboot the machine evreytime a user logoff, to unmount his home directory...
Please find below my pam_mount.conf file.
p.s: Should I send you my log files also ?!?
Thank u in advance....
pam_mount.conf:
# Turn on if you want to debug why some volume cannot be mounted etc.
# This can be overriden by user's local configuration
#
# Format: debug [ 1 | 0 ]
# Local user configuration can override this.
debug 1
mkmountpoint 1
# Loopback device to use to run fsck on loopback filesystems.
fsckloop /dev/loop7
# Users' local configuration file (if there is none, comment out this
# parameter). Will be read as ~/<file>
#
# Note: you must include either options_allow or options_deny to use
# this directive. I recommend also including options_require.
#
# Individual users may define additional volumes to mount if allowed
# by pam_mount.conf (usually ~/.pam_mount.conf). The volume keyword is
# the only valid keyword in these per-user configuration files. If the
# luserconf parameter is set in pam_mount.conf, allowing user-defined
# volume, then users may mount and unmount any volume they own at any
# mount point they own. On some filesystem configurations this may be
# a security flaw so user-defined volumes are not allowed by the example
# pam_mount.conf distributed with pam_mount.
#
# Format: luserconf <file>
# luserconf .pam_mount.conf
# These directives determine which options may be specified in a user config
# file (luserconf). You must include one of these directives if you have a
# luserconf directive. You may not include both directives.
#
# If you have an options_allow directive, then the options listed in that
# directive wil be allowed, and all others rejected. If you have an
# options_deny directive, then the options listed will be denied, and all others
# permitted.
#
# You may use the wildcard '*' to match all options.
#
options_allow nosuid,nodev,loop,encryption
# options_deny suid,dev
# options_allow *
# options_deny *
#
# I recommend not permitting the suid and dev options.
# The options listed in this directive are required for all volumes from a
# user config file. That is, any volume specified in a user config file that
# does not include these options will be ignored.
#
# Note: you must make sure that a required option is permitted (either by
# including it in options_allow, or by not including it in options_deny).
#
# I recommend requiring at least nosuid and nodev.
#
# This is ignored completely if the volume is configured to get its options
# and mount point from /etc/fstab.
#
options_require nosuid,nodev
# Commands to mount/unmount volumes. They can take parameters, as shown.
#
# If you change the -p0 argument for lclmount, you'll need to modify the
# source in mount.c (it sends the password to the stdin file descriptor
# of the child process -- look for STDIN_FILENO).
lsof /usr/sbin/lsof %(MNTPT)
fsck /sbin/fsck -p %(FSCKTARGET)
losetup /sbin/losetup -p0 "%(before=\"-e \" CIPHER)" "%(before=\"-k \" KEYBITS)" %(FSCKLOOP) %(VOLUME)
unlosetup /sbin/losetup -d %(FSCKLOOP)
cifsmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
smbmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
ncpmount /bin/mount -t ncpfs %(SERVER)/%(USER) %(MNTPT) -o "pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)"# Linux supports lazy unmounting (-l). May be dangerous for encrypted volumes.
# May also break loopback mounts because loopback devices are not freed.
# Need to unmount mount point not volume to support SMB mounts, etc.
umount /bin/umount %(MNTPT)
# On OpenBSD try "/usr/local/bin/mount_ehd" (included in pam_mount package).
lclmount /bin/mount -p0 %(VOLUME) %(MNTPT) "%(before=\"-o \" OPTIONS)"
cryptmount /bin/mount -t crypt "%(before=\"-o \" OPTIONS)" %(VOLUME) %(MNTPT)
nfsmount /bin/mount %(SERVER):%(VOLUME) "%(MNTPT)%(before=\"-o \" OPTIONS)"
mntagain /bin/mount --bind %(PREVMNTPT) %(MNTPT)
# For BSD: mntagain mount_null %(PREVMNTPT) %(MNTPT)
# For Solaris: mntagain mount -F lofs %(PREVMNTPT) %(MNTPT)
mntcheck /bin/mount # For BSD's (don't have /etc/mtab)
pmvarrun /usr/sbin/pmvarrun -u %(USER) -d -o %(OPERATION)
# Volumes that will be mounted when user triggers pam_mount module
# (usually at login).
#
# Format:
# volume <user> [smb|ncp|nfs|local] <server> <volume> <mount point> <mount options> <fs key cipher> <fs key path>
#
# General examples:
# volume user smb krueger public /home/user/krueger - - -
# volume user ncp krueger public /home/user/krueger user=user.context - -
# Linux encrypted home directory examples, using dm_crypt:
# volume user crypt - /dev/sda2 /home/user cipher=aes aes-256-ecb /home/user.key
#
# Linux encrypted home directory examples, using cryptoloop:
# volume user local - /dev/hda123 /home/user loop,encryption=aes - -
# volume user local - /home/user.img /home/user loop,user,exec,encryption=aes,keybits=256 - -
# volume user local - /home/user.img - - - -
# volume user local - /home/user.img - - aes-256-ecb /home/user4.key
#
# OpenBSD encrypted home directory example (see also lclmount above):
# volume user local - /home/user.img /home/user svnd0 - -
#
# The last two examples need a line like the following in
# /etc/fstab:
#
# /home/user4.img /home/user4 xfs user,loop,encryption=aes,keybits=256,noauto 0 0
#
# Details:
# Local user configuration can extend this.
# Mount point must be owned by the user.
#
# If there are no servers, mount options, fs key ciphers, etc. you must
# supply a "-"
#
# If a local mount is specified in a user config file, then the user must
# own the device or file being mounted.
#
# See
http://www.tldp.org/HOWTO/Loopback-E...tem-HOWTO.html
# to learn how to create a encrypted loopback filesystem.
#
# If the volume's password is different than the user's login password,
# the following technique may be used (see also README):
#
# 1. Create a file containing the volume's password (FS key). If you are
# using pam_mount to mount an loopback encrypted volume, this password
# should may generated by /dev/urandom.
#
# Simple example:
# echo <volume password> | openssl aes-256-ecb > /home/user.key
# Encrypt this file using the user's login password as the key.
#
# Verbose loopback encrypted volume example:
# a. dd if=/dev/urandom of=/home/user.img bs=1M count=<image size in MB>
# b. dd if=/dev/urandom bs=1c count=<keysize / 8> | openssl enc \
# -<fs key cipher> > /home/user.key
# Encrypt this file using the user's login password as the key.
# c. openssl enc -d -<fs key cipher> -in /home/user.key | losetup -e aes \
# -k <keysize> -p0 /dev/loop0 /home/user.img
# d. mkfs -t ext2 /dev/loop0
# e. umount /dev/loop0
# f. losetup -d /dev/loop0
#
# 3. In pam_mount.conf:
# a. Set the fs key cipher variable to the cipher used (ie: aes-256-ecb).
# b. Set the fs key path variable to the key's path (ie: /home/user.key)
# 4. If a user changes his login password, regenerate the efsk that
# was created in step 1b. A script named passwdehd is provided to do this.
#
# If fs_key_cipher is -, then the user's login password is also the volume's
# password.
# Template (or wildcard) volumes
#
# If user is "*", "&" will be replaced by name of the user logging on in the
# volume, mount point, mount options and fs key path fields. "~/*" will be
# replaced with "<user's homedir>/*." In this mode, the user need not
# own the mount point, but it must exist.
#
# volume * smb krueger & /home/& uid=&,gid=&,dmask=0750 - -
# volume * smb krueger homes /home/&/remote - - -
# volume * local - /home/&.img - - aes-256-ecb /etc/ehd/&
# Windows 2000, which requires a domain specified, example (thanks John Knox):
volume * smb 10.50.51.250 &$ /home/AUI/& workgroup=AUI - -
#uid=&,dmask=0750,
# An NCP example:
# volume user ncp SERVER /USERS/Department/user /home/user user=user.full.context,uid=user,gid=user,symlinks - -
# An example using spaces:
# volume * smb krueger 'Home\ Directories' /home/& - - -