Hi all! As a long slackware user I'm a total noob in pam and I'm banging my head against a wall trying to set it up correctly to play nice with slackware's default pam configuration. One of the things I'm trying to accomplish is to be able to logon while the ad domain is available and have pam_mount automount the samba shares and to be able to do an offline logon and skip the automount if the domain isn't available. Does pam_winbind export some information that could indicate if the logon was against an ad dc or using cached information that could be used to, for example, skip the pam_mount module? Thanks in advance, Best regards, Dave. Sent with Proton Mail secure email.
On 22.12.2023 19:07, bd730c5053df9efb via samba wrote:> Hi all! > > As a long slackware user I'm a total noob in pam and I'm banging my > head against a wall trying to set it up correctly to play nice with > slackware's default pam configuration. > > One of the things I'm trying to accomplish is to be able to logon > while the ad domain is available and have pam_mount automount the > samba shares and to be able to do an offline logon and skip the > automount if the domain isn't available. Does pam_winbind export some > information that could indicate if the logon was against an ad dc or > using cached information that could be used to, for example, skip the > pam_mount module? > > Thanks in advance, > Best regards, > Dave. > > Sent with Proton Mail secure email. >Hi Dave, Just a few days ago I was banging my head against a wall for automounting a Samba share when logging on. After a day and a half I realized that I had the nscd service active. If you have got that one, uninstall it immediately. Winbind does not work with it. I essentially followed this article (https://4sysops.com/archives/linux-smb-mount-for-multiple-users/). For me, also a previous Slackware buff, PAM is till this day a dark cloud. Now I'm on Debian, with a long interlude over CentOS (that goes in a direction I deeply distrust). What I setup was: fstab line =======//myserver/myshare ???? /mnt/net ? cifs credentials=/etc/samba/.creds,multiuser,sec=ntlmssp,_netdev 0 0 creds file ======domain=mydomain.splat user=myusername pass=mypassword HTH, Peter
On 22.12.2023 19:07, bd730c5053df9efb via samba wrote:> Hi all! > > As a long slackware user I'm a total noob in pam and I'm banging my head against a wall trying to set it up correctly to play nice with slackware's default pam configuration. > > One of the things I'm trying to accomplish is to be able to logon while the ad domain is available and have pam_mount automount the samba shares and to be able to do an offline logon and skip the automount if the domain isn't available. Does pam_winbind export some information that could indicate if the logon was against an ad dc or using cached information that could be used to, for example, skip the pam_mount module? > > Thanks in advance, > Best regards, > Dave. > > Sent with Proton Mail secure email. >Hi Dave, Just to make my previous answer a bit more complete. I did change a couple of things in PAM. Somebody with more knowledge about PAM than mine, may have something to say here. I made the following additions: common-auth add line ==================auth??? optional??????? pam_cifscreds.so common-session add those 2 lines ============================session required??????? pam_keyinit.so session optional??????? pam_cifscreds.so host=myserver Best regards, Peter