HPE Community
Operating System - Linux
1752783 Members
6000 Online
108789 Solutions
New Discussion юеВ

Re: Linux authenticating with Windows AD and automounting home directories.

 
SOLVED
Go to solution
Simeon Harwood
Regular Advisor

тАО03-10-2011 08:30 AM

тАО03-10-2011 08:30 AM

Linux authenticating with Windows AD and automounting home directories.

Afternoon all.
Anyone fancy a crack at this?
I'm trying to get Linux integrated into Windows AD (2008R2). I'm almost there, the last little bit is getting autofs to work correctly with users home directories via samba.
I've got the Linux box in the Domain, no problem, I can authenticate users from the domain, again no problem. I'm now trying to configure autofs to mount users home directories. I can get them mounted, but this is where it falls over: -
If I'm logged in as root, and "su - TEST\\testuser", the home directory mounts fine and dandy with the correct user and premissions. However if I am a local user, and NOT root, and do the same test, I end up with the home directory being mounted with the local user ID. This basically gives me a read only home directory becuase my AD users dosn't own it.

My version of Linux is CentOS v5.5
My Windows AD server is 2008R2 (Up to date)
I've put Samba3x on my Linux box.

# tail /etc/auto.master
/home/TEST /etc/auto.home

# tail /etc/auto.home
* -fstype=cifs,rw,credentials=/root/.adpasswd,uid=${UID},gid=${UID},dir_mode=0755,file_mode=0755,nosuid,soft ://adsvr1/users/&

Like I said the mechanism works, but it the permissions that I end up with that are causing me a headache.

If I open the permissions wide, then everything works, but it's not secure, so if I have several AD users, they can all write to each other home directories.(Don't like this!!)
There must be a happy medium setting somewhere that works.
If anyone has got any ideas I would very much appreciate them.

Thanks,
Sime.
You never had this problem with a pencil and paper!
0 Kudos
5 REPLIES 5
Matti_Kurkela
Honored Contributor

тАО03-10-2011 09:42 AM

тАО03-10-2011 09:42 AM

Solution

Re: Linux authenticating with Windows AD and automounting home directories.

Essentially, you would want each login to automatically mount the appropriate home directory using the identity of the _user him/herself_, not using some central administrator identity as you seem to be doing now.

Have you tried to use pam_mount instead of autofs? It would seem to be designed to solve this exact problem.

Configuration example:
https://www.sit.auckland.ac.nz/How_to_automount_CIFS/NFS_share_on_Linux_upon_logon%3F

Autofs is originally designed for NFS and filesystems sharing a common Unix UID/GID space. As you've discovered, it does not work too well with Windows disk sharing (SMB/CIFS), since it does not have access to user's authentication credentials. But the PAM modules have that access.

MK
MK
0 Kudos
iinfi1
Super Advisor

тАО03-10-2011 11:39 PM

тАО03-10-2011 11:39 PM

Re: Linux authenticating with Windows AD and automounting home directories.

hi ... i blogged it long time back ... i took help from this very forum for it ... may people in this forum helped

http://blog.palalinha.com/2009/04/integrate-linux-box-with-windows-ad.html

i m using 2003 DC in that case not 2008
see if this helps
0 Kudos
Simeon Harwood
Regular Advisor

тАО03-11-2011 03:26 AM

тАО03-11-2011 03:26 AM

Re: Linux authenticating with Windows AD and automounting home directories.

Thanks for the replies. Reading up on it, it looks like pam_mount is the way to go, but it's not easy to find the RPM for CentOS v5 anywhere. I can't even find it in Dag Wieers site.
I'm going to try and compile from source code to see if it works, but I was hoping to find an RPM so that I can document the procedure for others to do the same. It all gets a bit messy if you have to show others how to compile source code.

Sime.
You never had this problem with a pencil and paper!
0 Kudos
Matti_Kurkela
Honored Contributor

тАО03-11-2011 03:47 AM

тАО03-11-2011 03:47 AM

Re: Linux authenticating with Windows AD and automounting home directories.

Here's a simple procedure for compiling it using source RPMs from Fedora 9:

http://blog.sumostyle.net/robg/2008/10/13/building-pam_mount-on-centos-5-rhel/

MK
MK
0 Kudos
Simeon Harwood
Regular Advisor

тАО03-11-2011 04:35 AM

тАО03-11-2011 04:35 AM

Re: Linux authenticating with Windows AD and automounting home directories.

I saw that page, but the links are dead. I'm sure I can find the source rpm's somewhere.
Thank.
You never had this problem with a pencil and paper!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.