Hi,
Apologies in advance if this is the wrong forum. Getting help
documentation directed me here. I'm setting up a small set of
workstations with what I hope to be three types of users, and would
like to clarify whether certain parts of the cifs configuation are
possible - something I haven't been able to determine from manuals or
google to date.
The base system is ubuntu 20.04lts:
uname -r
5.4.0-67-generic
mount.cifs -V
mount.cifs version: 6.9
The current setup of the machine successfully handles the cifs mount
via pam_mount. The mount uses ntlmssp credentials, with a command
like:
MOUNT_OPTIONS="-o
username=${USER},uid=${_UID},gid=${_GID},domain=DOMAIN,sec=ntlmssp,vers=2.1"
AD_SHARE="//ad.host/home/user${USER_FOLDER}/${USER}"
mount -t cifs ${AD_SHARE} ${_MNTPT} ${MOUNT_OPTIONS}
There is no kerberos for the cifs share available to linux.
What I'd like to know is whether it is possible to use kernel key
credentials, like those stored with cifscreds, to authenticate a mount
request at other times.
For example, might it be possible to capture those credentials in the
pam process and then later issue a mount command that does not prompt
for a password? My interpretation of the docs suggests that it isn't
possible - the credentials are used to control access to an already
mounted share, rather than perform the initial mount.
I'd like to be able to have both cifs and nfs mounts happening in the
same place under autofs control, but without placing credentials in
files. The cifscreds option seems very close, but not quite right - is
my interpretation right?
More information on why I'm asking this - I'd like a user to be able
to authenticate against AD,
get checked against some list, have an nfs mounted home directory
provided if available and the cifs share mounted elsewhere for
convenience. A cifs share gets used for home folders if the user isn't
on the special list. Any user should be able to trigger automounts of
nfs home folders by accessing them, as in a typical pure linux setup.
The other option I think may be viable is modification of the home
folder location during the login process, but I can't see how to
achieve that either.
Thanks
