Hi Richard,
Why not use cifscreds to store your user credentials against the
server? And then use an additional mount option "multiuser".
I haven't tried this yet, but I feel that should work for your use case.
Let me know if I'm missing anything here.
Regards,
Shyam
On Thu, Mar 18, 2021 at 3:41 AM Richard Beare <richard.beare@xxxxxxxxx> wrote:
>
> Hi,
> Apologies in advance if this is the wrong forum. Getting help
> documentation directed me here. I'm setting up a small set of
> workstations with what I hope to be three types of users, and would
> like to clarify whether certain parts of the cifs configuation are
> possible - something I haven't been able to determine from manuals or
> google to date.
>
> The base system is ubuntu 20.04lts:
>
> uname -r
> 5.4.0-67-generic
>
> mount.cifs -V
> mount.cifs version: 6.9
>
> The current setup of the machine successfully handles the cifs mount
> via pam_mount. The mount uses ntlmssp credentials, with a command
> like:
>
> MOUNT_OPTIONS="-o
> username=${USER},uid=${_UID},gid=${_GID},domain=DOMAIN,sec=ntlmssp,vers=2.1"
> AD_SHARE="//ad.host/home/user${USER_FOLDER}/${USER}"
>
> mount -t cifs ${AD_SHARE} ${_MNTPT} ${MOUNT_OPTIONS}
>
> There is no kerberos for the cifs share available to linux.
> What I'd like to know is whether it is possible to use kernel key
> credentials, like those stored with cifscreds, to authenticate a mount
> request at other times.
>
> For example, might it be possible to capture those credentials in the
> pam process and then later issue a mount command that does not prompt
> for a password? My interpretation of the docs suggests that it isn't
> possible - the credentials are used to control access to an already
> mounted share, rather than perform the initial mount.
>
> I'd like to be able to have both cifs and nfs mounts happening in the
> same place under autofs control, but without placing credentials in
> files. The cifscreds option seems very close, but not quite right - is
> my interpretation right?
>
>
> More information on why I'm asking this - I'd like a user to be able
> to authenticate against AD,
> get checked against some list, have an nfs mounted home directory
> provided if available and the cifs share mounted elsewhere for
> convenience. A cifs share gets used for home folders if the user isn't
> on the special list. Any user should be able to trigger automounts of
> nfs home folders by accessing them, as in a typical pure linux setup.
>
> The other option I think may be viable is modification of the home
> folder location during the login process, but I can't see how to
> achieve that either.
> Thanks
--
Regards,
Shyam
