G'Day. I am a newbie to the list, but just thought I'd take a stab at
this. It sounds like you were having a problem gettingg a module to
mount devices prior to authentication. (Obviously, I am not very
familiar with this pam_mount module, so I know I am treading on thin
ice here.)
It looks like you are forcing the pam_mount module to work as a
session module, in which case, it would have to mount their drives in
the pam_sm_open_session. That would require the mounting to occur in
the pam_sm_open_session, rather than the pam_sm_authenticate. You
might try placing the
session required pam_mkdir.so
session required pam_mount.so
as auth modules, instead, and see if it works. Still, if the
authentication is good, and pam_ldap succeeds, you should get a shell,
reguardless of the users home directory being mounted or created. Try
creating one users home directory and connecting. If it still fails,
the problem may exist in your pam_ldap configuration. So, just run a
couple of tests, and you should be able to determine exactly where the
problem occured.
(BTW: isn't a module that returns PAM_SUCCESS supposed to do something
in that function? If not, it should return PAM_IGNORE, right?)
Joe Lewis, Systems Integrator
-------------------
> Hi,
>
> I administrate a 800 computers network and the authentication is
based
> on a ldap server and the user's data are on a samba server.
> We have a directories called '/home/common', '/home/shares'... etc.
> Users don't have their own home directory, they are authenticated
using
> the pam_ldap module.
>
> Our configuration file is the following
> auth required pam_nologin.so
> auth required pam_ldap.so
> auth required pam_mount.so use_firstpass
> account required pam_unix.so
> session required pam_unix.so
> session required pam_mkdir.so umask=0022
directory=/home/common
> session required pam_mkdir.so umask=0022
directory=/home/shares
> session required pam_mount.so
>
> the module pam_mkdir is a module that I wrote for this purpose
(creating
> the directories, inspirated from pam_mkhomedir).
> When authenticating, the directories are created with good rights,
but
> shares are not mounted. Even if I put pam_mount after pam_mkdir.
> I walked into the source code of pam_mount and I saw that this
module
> mount the shares for the authentication and not for the session.
>
> <code>
> PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
> int argc, const char **argv)
> {
> return PAM_SUCCESS;
> }
> </code>
>
> Thus, session is useless for pam_mount.
>
> So, I thought that put the directory creation in the auth step could
be
> a good idea.
> (
> auth required pam_mkdir.so umask=0022 directory=/home/common
> auth required pam_mkdir.so umask=0022 directory=/home/shares
> auth required pam_mount.so use_firstpass
> )
>
>
> But the login step doesn't success, do you have an idea ?
>
> mine is that the pam_mount module should move its mount code from
auth
> to session, but the module is hard to maintain (the MakeFile is
badly
> written thus some includes are missing and we should add'em by
hand).
>
> Do you know other modules than pam_mount to mount the SAMBA shares ?
> Can I miss something in my pam_mkdir code for auth which differs
from
> session (exepted for the proto the function struct pam_module that
I've
> change according to other source code using the auth process).
>
> Is it allow to be able to create de directory through the auth
process ?
> (if so.. why does the pam_mount module is able to mount shares
here?)
>
>
> Thanks a lot,
>
>
> --
> Sébastien Tricaud <stricaud@mwsp.net>
>
>
>
> _______________________________________________
>
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
>
_______________________________________________
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list
