Hi everyone,
i've just run into a snag on setting up a server system and im not sure witch direction to go to get it working.
I have virtual lucid x64 server machines that mount user homes (samba share) on login with pam_mount and unmouts them at logout, this works fine.
The problem appeared when i wanted to make the system more transparent such that the user doesn't need to give his password when connecting via ssh, to do this i used ssh keys and now the user password is no longer needed to connect but since no password is provided to pam_mount the samba mount of the home fails due to the missing password.
Does anybody have any suggestions on how to make pam_mount work without prompting the user for a password on ssh connection?
Maybe modify samba to not prompt for password for domain members (if its even possible) or a workaround to store the password on login (nx session) and use a script to start ssh in witch the password is supplied without user interaction...
for reference the smb.conf file
Quote:
[global]
# Domain name ..
workgroup = LTI
# Server name - as seen by Windows PCs ..
netbios name = SambaNX
# Be a PDC ..
domain logons = Yes
domain master = Yes
# Be a WINS server ..
wins support = true
obey pam restrictions = Yes
dns proxy = No
os level = 35
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
pam password change = Yes
# Allows users on WinXP PCs to change their password when they press Ctrl-Alt-Del
unix password sync = no
ldap passwd sync = yes
# Printing from PCs will go via CUPS ..
load printers = yes
printing = cups
printcap name = cups
# Use LDAP for Samba user accounts and groups ..
passdb backend = ldapsam:ldap://localhost
# This must match init.ldif ..
ldap suffix = dc=lti,dc=local
# The password for cn=admin MUST be stored in /etc/samba/secrets.tdb
# This is done by running 'sudo smbpasswd -w'.
ldap admin dn = cn=admin,dc=lti,dc=local
# 4 OUs that Samba uses when creating user accounts, computer accounts, etc.
# (Because we are using smbldap-tools, call them 'Users', 'Computers', etc.)
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
# Samba and LDAP server are on the same server in this example.
ldap ssl = no
# Scripts for Samba to use if it creates users, groups, etc.
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
# Script that Samba users when a PC joins the domain ..
# (when changing 'Computer Properties' on the PC)
add machine script = /usr/sbin/smbldap-useradd -w '%u'
# Values used when a new user is created ..
# (Note: '%L' does not work properly with smbldap-tools 0.9.4-1)
logon drive =
logon home =
logon path =
logon script = allusers.bat
# This is required for Windows XP client ..
server signing = auto
server schannel = Auto
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
|
Note: all authentication mechanisms in my system use ldap as backend