The soultion seems to be to use pam_mount to pass on the password to mount the encrypted volume. My common_pammount, common_auth and common_session look like this:
Code:
#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth requisite pam_unix.so nullok_secure
auth optional pam_smbpass.so migrate missingok
auth optional pam_mount.so try_first_pass
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive). The default is pam_unix.
#
session required pam_unix.so
session optional pam_mount.so
# Include this file in every /etc/pam.d/SERVICE you use for login:
# [...]
# @include common-auth
# @include common-session
# [...]
# # added for libpam-mount
# @include common-pammount
#
# Make sure that the common-auth and common-session includes are
# above the common-pammount include (just as in the example above).
# replace "optional" with "required" if a user must mount the specified
# volumes, for example the home directory
# make sure that there is no PAM module loaded with a "sufficient"
# priority before these entries, else the pam_mount module is not
# executed
# for configuration details about different login programs see
# /usr/share/doc/libpam-mount/README.Debian.gz
auth optional pam_mount.so try_first_pass
session optional pam_mount.so try_first_pass
These files are included in the samba file in /etc/pam.d as well as in the login file.
The pam_mount.conf.xml file has the following lines in it:
Code:
<pam_mount>
<volume
user="ntheis"
fstype="truecrypt"
server="j1112801"
path="/dev/sda1"
mountpoint="/home/ntheis/crypt"
/>
When I log in as user "ntheis", the samba log file for the windows machine I logging in with shows the following lines:
Code:
[2008/10/04 12:18:21, 0] lib/util_sock.c:write_data(562)
write_data: write failure in writing to client 192.168.0.100. Error Connection reset by peer
[2008/10/04 12:18:21, 0] lib/util_sock.c:send_smb(761)
Error writing 4 bytes to client. -1. (Connection reset by peer)
pam_mount(pam_mount.c:460) Entered pam_mount session stage
pam_mount(pam_mount.c:481) back from global readconfig
pam_mount(pam_mount.c:483) per-user configurations not allowed by pam_mount.conf.xml
pam_mount(pam_mount.c:512) error trying to retrieve authtok from auth code
pam_mount(pam_mount.c:202) enter read_password
pam_mount(pam_mount.c:515) error trying to read password
pam_mount(pam_mount.c:548) done opening session (ret=7)
pam_mount(pam_mount.c:460) Entered pam_mount session stage
pam_mount(pam_mount.c:481) back from global readconfig
pam_mount(pam_mount.c:483) per-user configurations not allowed by pam_mount.conf.xml
pam_mount(pam_mount.c:512) error trying to retrieve authtok from auth code
pam_mount(pam_mount.c:202) enter read_password
pam_mount(pam_mount.c:515) error trying to read password
pam_mount(pam_mount.c:548) done opening session (ret=7)
pam_mount(pam_mount.c:116) Clean global config (0)
[2008/10/04 12:18:23, 1] smbd/service.c:make_connection_snum(1033)
freakbox (192.168.0.100) connect to service crypt initially as user ntheis (uid=1001, gid=1001) (pid 6246)
What am I doing wrong? Can somebody please help me with this?
Thanks in advance
Run Seven
Truecrypt & Samba
