a scuola terminata sto facendo alcune prove nel laboratorio nuovo, dove
è stata installata Ubuntu (8.10).
il problema è quello di fare automontare alle macchine nella directory
documenti la directory che sta sul fileserver (che è anche Active
Directory server) windoz.
i problemi successivi saranno quelli di far montare differenti directory
in base al tipo di utente (insegnante / studente)
qui quello che ho fatto finora
#######################################
# i pezzi che servono
#######################################
installare libpam-mount
sudo apt-get install libpam-mount
sudo apt-get install smbfs
se chiede se convertire automaticamente il file di config
rispondere no
#######################################
#per risolvere server1
#######################################
in /etc/nsswitch.conf
cambiare la riga che inizia per hosts:
a (cioè aggiungere nis):
hosts: files dns nis [NOTFOUND=return]
configurare /etc/samba/smb.conf per l'uso di wins
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its
WINS Server
wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT
both
wins server = 172.25.1.1
# This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
# What naming service and in what order should we use to resolve
host names
# to IP addresses
name resolve order = lmhosts host wins bcast
#######################################
# per usare pam_mount
#######################################
in /etc/pam.d/common-auth
inserire la riga
auth optional pam_mount.so try_first_pass
dopo le righe
# here are the per-package modules (the "Primary" block)
auth [success=2 default=ignore] pam_lwidentity.so
auth [success=1 default=ignore] pam_unix.so nullok_secure
try_first_pass
# here's the fallback if no module succeeds
auth requisite pam_deny.so
in /etc/pam.d/common-session
inserire la riga
session optional pam_mount.so try_first_pass
prima di qualsiasi comando
#######################################
# per montare la cartella
#######################################
in /etc/security/pam_mount.conf.xml
aggiungere
<volume options="uid=%(USER),gid=%(USER),dmask=0700,workgroup=H2O"
user="*" mountpoint="/home/LICEO/%(USER)/Scrivania/Documenti"
path="/insegnanti/%(USER)" server="server1" fstype="smbfs" />
qui authlog
Jun 15 14:44:53 lab2-u18 login[22285]: pam_lwidentity(login:auth): PAM
config: global:krb5_ccache_type 'FILE'
Jun 15 14:44:53 lab2-u18 login[22285]: pam_lwidentity(login:auth):
failed to get GP info
Jun 15 14:44:53 lab2-u18 login[22285]: pam_lwidentity(login:auth):
getting password (0x00000000)
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:auth):
enabling krb5 login flags
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:auth):
enabling cached login flag
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:auth):
enabling request for a FILE krb5 ccache type
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:auth):
Received UPN of: cassisamarco@xxxxxxxxxxx cassisamarco@xxxxxxxxxxx
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:auth):
Password for user cassisamarco will need to change at 1251196665. It is
now 1245069897
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(pam_mount.c:307) saving
authtok for session code
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:account):
PAM config: global:krb5_ccache_type 'FILE'
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:account): No
membership check being enforced
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:account):
Returning 0 for user "cassisamarco"
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:account):
user 'cassisamarco' granted access
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:account):
homedir is /home/LICEO/cassisamarco
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:setcred):
PAM config: global:krb5_ccache_type 'FILE'
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:setcred):
homedir is /home/LICEO/cassisamarco
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(pam_mount.c:459)
Entered pam_mount session stage
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(pam_mount.c:480) back
from global readconfig
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(pam_mount.c:482)
per-user configurations not allowed by pam_mount.conf.xml
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(misc.c:43) Session
open: (uid=0, euid=0, gid=122159617, egid=122159617)
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(rdconf2.c:181) checking
sanity of volume record (/insegnanti/cassisamarco)
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(pam_mount.c:534) about
to perform mount operations
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:369)
information for mount:
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:370)
----------------------
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:371) (defined
by globalconf)
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:372)
user: cassisamarco
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:373)
server: server1
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:374)
volume: /insegnanti/cassisamarco
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:375)
mountpoint: /home/LICEO/cassisamarco/Scrivania/Documenti
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:376)
options: uid=%(USER)
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:377)
fs_key_cipher:
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:378)
fs_key_path:
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:379)
use_fstab: 0
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:380)
----------------------
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:172) realpath
of volume "/home/LICEO/cassisamarco/Scrivania/Documenti" is
"/home/LICEO/cassisamarco/Scrivania/Documenti"
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:176) checking
to see if //server1//insegnanti/cassisamarco is already mounted at
/home/LICEO/cassisamarco/Scrivania/Documenti
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:821) checking
for encrypted filesystem key configuration
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:847) about to
start building mount command
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(misc.c:275) command:
smbmount [//server1//insegnanti/cassisamarco]
[/home/LICEO/cassisamarco/Scrivania/Documenti] [-o]
[username=cassisamarco,uid=122161210,gid=122159617,uid=%(USER)]
Jun 15 14:44:57 lab2-u18 login[22672]: pam_mount(misc.c:43)
set_myuid<pre>: (uid=0, euid=0, gid=122159617, egid=122159617)
Jun 15 14:44:57 lab2-u18 login[22672]: pam_mount(misc.c:43)
set_myuid<post>: (uid=0, euid=0, gid=122159617, egid=122159617)
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(mount.c:899) waiting
for mount
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(pam_mount.c:537) mount
of /insegnanti/cassisamarco failed
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(pam_mount.c:127) clean
system authtok (0)
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(misc.c:275) command:
pmvarrun [-u] [cassisamarco] [-o] [1]
Jun 15 14:44:57 lab2-u18 login[22677]: pam_mount(misc.c:43)
set_myuid<pre>: (uid=0, euid=0, gid=122159617, egid=122159617)
Jun 15 14:44:57 lab2-u18 login[22677]: pam_mount(misc.c:43)
set_myuid<post>: (uid=0, euid=0, gid=122159617, egid=122159617)
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(pam_mount.c:424)
pmvarrun says login count is 1
Jun 15 14:44:57 lab2-u18 login[22285]: pam_mount(pam_mount.c:547) done
opening session (ret=3)
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:session):
PAM config: global:krb5_ccache_type 'FILE'
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:session):
homedir is /home/LICEO/cassisamarco
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:session):
Looking up name 'cassisamarco'
Jun 15 14:44:57 lab2-u18 login[22285]: pam_lwidentity(login:session):
Looking up SID 'S-1-5-21-3846980651-908072843-2280118205-2106'
Jun 15 14:44:57 lab2-u18 login[22285]: pam_unix(login:session): session
opened for user cassisamarco by cassisamarco(uid=0)
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(pam_mount.c:589)
received order to close things
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(misc.c:43) Session
close: (uid=0, euid=0, gid=122159617, egid=122159617)
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(misc.c:275) command:
pmvarrun [-u] [cassisamarco] [-o] [-1]
Jun 15 14:45:00 lab2-u18 login[22874]: pam_mount(misc.c:43)
set_myuid<pre>: (uid=0, euid=0, gid=122159617, egid=122159617)
Jun 15 14:45:00 lab2-u18 login[22874]: pam_mount(misc.c:43)
set_myuid<post>: (uid=0, euid=0, gid=122159617, egid=122159617)
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(pam_mount.c:424)
pmvarrun says login count is 0
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(pam_mount.c:621) going
to unmount
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:369)
information for mount:
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:370)
----------------------
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:371) (defined
by globalconf)
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:372)
user: cassisamarco
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:373)
server: server1
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:374)
volume: /insegnanti/cassisamarco
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:375)
mountpoint: /home/LICEO/cassisamarco/Scrivania/Documenti
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:376)
options: uid=%(USER)
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:377)
fs_key_cipher:
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:378)
fs_key_path:
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:379)
use_fstab: 0
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:380)
----------------------
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(misc.c:275) command:
lsof [/home/LICEO/cassisamarco/Scrivania/Documenti]
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:131) waiting
for lsof
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(misc.c:275) command:
smbumount [/home/LICEO/cassisamarco/Scrivania/Documenti]
Jun 15 14:45:00 lab2-u18 login[22877]: pam_mount(misc.c:43)
set_myuid<pre>: (uid=0, euid=0, gid=122159617, egid=122159617)
Jun 15 14:45:00 lab2-u18 login[22877]: pam_mount(misc.c:43)
set_myuid<post>: (uid=0, euid=0, gid=122159617, egid=122159617)
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(mount.c:552) waiting
for umount
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(pam_mount.c:624)
unmount of /insegnanti/cassisamarco failed
Jun 15 14:45:00 lab2-u18 login[22285]: pam_mount(pam_mount.c:635)
pam_mount execution complete
Jun 15 14:45:00 lab2-u18 login[22285]: pam_lwidentity(login:session):
PAM config: global:krb5_ccache_type 'FILE'
Jun 15 14:45:00 lab2-u18 login[22285]: pam_unix(login:session): session
closed for user cassisamarco
in realtà non viene montato nulla..
sta cosa dell'authtok è un po' strana, ma non so se è quella
però
root@lab2-u18:/home/liceo# mount -t smbfs
//server1/insegnanti/cassisamarco
/home/LICEO/cassisamarco/Scrivania/Documenti/ -o user=cassisamarco
funziona...
invece da utente non superuser non funziona... ma non credo che
pam_mount agisca come un utente normale, no?
mi aiutate?
ah, già che ci sono magari postereste anche qualche link affidabile
intorno al Grande Problema come mantenere una serie di macchine (uguali)
con ubuntu?
grazieeee!!
Il giorno 30 marzo 2009 11.34, Giuliano Natali <diaolin@xxxxxxxxxxx
<mailto:diaolin@xxxxxxxxxxx>> ha scritto:
On Lun, Marzo 30, 2009, 11:38 am, marco cassisa disse:
> Il problema irrisolto è quello di automontare la home dell'utente
(e ci
> sarebbe poi anche la directory della classe...) che si trova sul
server
> AD.
OK
>
> Gli utenti sono divisi in OU=insegnanti OU=studenti OU=tecnici. Hanno
> username tipo cognomenome.
> Ciascun membro di OU=studenti appartiene ad un gruppo classe (es:
3DSc
> -->
> classe terza sezione D Scientifico).
> La directory dell'utente sarà dunque qualcosa del tipo
> \\server1\studenti\3DSc\cognomestudentenomestudente
> oppure \\server1\insegnanti\cognomeinsegnantenomeinsegnante
mmmmmmmmmm
quindi un utente si autentica e riceve dal server l'OK ad entrare, tu
vorresti
che al momento della login il client facesse l'automount della cartella
remota.
Giusto?
http://foss.stat.unipd.it/mediawiki/index.php/Debian_Client_in_a_Samba_Domain
pam_mount
* /etc/security/pam_mount.conf
debug 0
mkmountpoint 1
luserconf .pam_mount.conf
options_allow nosuid,nodev
options_deny suid,dev
options_require nosuid,nodev
lsof /usr/sbin/lsof %(MNTPT)
fsck /sbin/fsck -p %(FSCKLOOP)
cifsmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -S -o
"user=%(USER)%(before=\",\" OPTIONS)"
smbmount /usr/bin/smbmount //%(SERVER)/%(VOLUME) %(MNTPT) -o
"username=%(USER)%(before=\",\" OPTIONS)"
smbumount /usr/bin/smbumount %(MNTPT)
umount /bin/umount %(MNTPT)
mntagain /bin/mount --bind %(PREVMNTPT) %(MNTPT)
# volume <user> [smb|ncp|nfs|local] <server> <volume> <mount point>
<mount options>
# <fs key cipher> <fs key path>
volume * smb pdc homes /home/&
uid=&,gid=&,dmask=0700,workgroup=H2O - -
volume * smb pdc dati /mnt/dati
uid=&,gid=&,dmask=0700,workgroup=H2O - -
volume * smb pdc esame /mnt/esame
uid=&,gid=&,dmask=0700,workgroup=H2O - -
volume * smb pdc tmp /mnt/tmp
uid=&,gid=&,dmask=0700,workgroup=H2O - -
>
>
> Credo che ciò che serve sia winbind, ma, un po' per la difficoltà di
> replicare a casa l'ambiente, non riesco a dar consigli su come
rendere
> l'integrazione un po' più trasparente.
>
> Voi potete aiutarmi gentilmente? So che likewise enterprise ha
una serie
> di
> script per fare tutto ciò (e altro), ma sarebbe meglio risparmiare.
Traduci meglio il termine risparmiare...
Non capisco!
Significa che questa sarebbe a pagamento?
Diaolin
--
col sò capèl de sàs
sentàdi ‘n mèz al bosc’
i ghe fà vegia ai ghìmpeni
che i ghe fà ‘l nìo ‘n la gaida
Giuliano
--
Per iscriversi (o disiscriversi), basta spedire un messaggio con
OGGETTO
"subscribe" (o "unsubscribe") a
mailto:linuxtrent-request@xxxxxxxxxxxxx
<mailto:linuxtrent-request@xxxxxxxxxxxxx>
