samba - Mar 2004 - Trouble mounting a windows share from Linux

I have Fedora Core 1 workstations configured with winbind logging onto our
NT domain.  Everything is going well except that I cannot seem to figure out
how to connect to a windows home directory on a Win2000 server.  Here is the
scenario:
 
W2K server with home directories for each user:
 
Each user has modify permissions to their share
Administrator has full control
 
First off, I need to somehow connect the workstations to these shares after
the user logs in.  I can successfully connect to them with smbclient, but I
need a much more user friendly connection, such as a mount point using
smbmount.  My attempts to use smbmount have failed, and I was a bit
discouraged when I read through the man page and noted that smbmount is for
"Linux smb filesystems."  Does that mean that smbmount will only work
with a
samba server, not an NT server?
 
Furthermore, I want to figure out a way to autoconnect to these shares upon
login.  I am hoping that winbind would provide some functionality here since
it maps the SIDs to UIDs.  
 
I am hoping someone might be able to help me out here.  If this kind of
connection cannot not be done to at least some extent, it will be a show
stopper for deploying Linux in our LAN because all students must have access
to their home directories (they carry assignments and projects from
elementary all the way to graduation).
 
Unfortunately, I cannot create separate Linux NFS or SMB home directories
for these machines because then the students will not have access to their
files from windows machines. :-(
 
-- 
Shawn Iverson
Technology Associate
New Castle Community School Corporation
765-593-6691
shawn@nccsc.k12.in.us

> First off, I need to somehow connect the workstations to these shares after
> the user logs in.  I can successfully connect to them with smbclient, but I
> need a much more user friendly connection, such as a mount point using 
> smbmount.  My attempts to use smbmount have failed,  
> 
What does "failed" mean? Didn't work at all, permission problem,
or what?
 
>and I was a bit 
> discouraged when I read through the man page and noted that smbmount is for
> "Linux smb filesystems."  Does that mean that smbmount will only
work with a
> samba server, not an NT server? 
> 
Well, I' m sure that I have used smbmount to connect to Windows servers in
the past.
   
Stefan 
--   
  
*****************************************  
in-put GbR - Das Linux-Systemhaus  
Stefan-Michael G?nther  
Moltkestra?e 49	D-76133 Karlsruhe  
Tel./Fax : +49 (0)721 / 83044 - 98/93  
http://www.in-put.de/  
*****************************************  
_______________________________________________________________________
... and the winner is... WEB.DE FreeMail! - Deutschlands beste E-Mail
ist zum 39. Mal Testsieger (PC Praxis 03/04) http://f.web.de/?mc=021191

On Thursday, March 11, 2004 10:27 AM, Fernando Pintabona
said:
> 
> Right at the end of smbmount man page, you have an example using mount.
> SMB type of filesystem is the way linux sees a SAMBA (or NT
> domain/workgroup )share. You may want to try specifying the domain also.
> 
> Fernando P
> 
Sorry, I could not find an example on the man page on this particular
machine.

snip
> > What does "failed" mean? Didn't work at all, permission
problem, or
> what?
> >
Aplologies for not posting the output.  Here it is:

Using smbclient works:

[shawn@sambaclient1 shawn]$ smbclient //testtech/shawn -U shawn
Password:
smb: \> ls
  .                                  DA        0  Thu Mar 11 11:53:32 2004
  ..                                 DA        0  Thu Mar 11 11:53:32 2004
  New Folder                          D        0  Thu Mar 11 11:53:32 2004
 
                49580 blocks of size 65536. 48830 blocks available
smb: \> quit

Using smbmount fails.  I am unsure how to install smbmnt as suid root:

[shawn@sambaclient1 shawn]$ smbmount //testtech/shawn /home/shawn/mnt
username=shawn uid=shawn gid=shawn fmask=0755 gmask=0755 workgroup=tech rw
Password:
smbmnt must be installed suid root for direct user mounts (503,503)
smbmnt failed: 1

Attempted as root:

 [root@sambaclient1 root]# smbmount //testtech/shawn /home/shawn/mnt
username=shawn uid=root gid=root fmask=0755 gmask=0755 workgroup=tech rw
Password:
4606: session setup failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed

-----Original Message-----
From: Shawn Iverson 
Sent: Thursday, March 11, 2004 2:07 PM
To: 'fernando@sertecnet.com'
Cc: samba@lists.samba.org
Subject: RE: [Samba] Trouble mounting a windows share from Linux


On Thursday, March 11, 2004 1:07 PM Fernando Pintabona
wrote:
> 
> Sorry, my memory failed...
> 
> I really meant when you execute smbmount with no parameters. :)
> and not the man page.
> 
> Fernando p
> 
Ahh...it works great when using mount instead of smbmount.  Thanks!  I can't
believe I overlooked that.

Next questions:

Is there a way that I can have this share mounted during login without
prompting for a password and still keep the share secure to the user?  After
all, the user did just enter their password during login.  Perhaps I could
add something to .bashrc?  Unfortunately, I must do this without exposing
the user's password as plain text in any form.  BTW, does smbmount encrypt
the password?

> Using smbmount fails.  I am unsure how to install smbmnt as suid root: 
>  
chmod u+s /usr/bin/smbmount 
 
Hm, suid root -not a really good idea ... 
 
>  [root@sambaclient1 root]# smbmount //testtech/shawn /home/shawn/mnt 
> username=shawn uid=root gid=root fmask=0755 gmask=0755 workgroup=tech rw 
> Password: 
> 4606: session setup failed: ERRDOS - ERRnoaccess (Access denied.) 
> SMB connection failed 
> --  
Did you add root to smbpasswd? Maybe the reason,why it fails. 
 
Is it really necessary that your user are able to mount the shares manually or
is it acceptable for you that
the user shares are mounted automatically when the computer starts? 
If second option is ok for you, you shoudl have a look at how SuSE deals with
this problem. SuSE uses a
file called smbfstab in /etc/samba: 
 
# service       moint-point     options 
 
;//fjall/test   /data/test      username=tridge,password=foobar 
 
This file is used for a start script (/etc/init.d/smbfs) which mounts all smb
filesystems during system
start. 
 
Hope that helps a bit, 
 
Stefan 
 
--   
  
*****************************************  
in-put GbR - Das Linux-Systemhaus  
Stefan-Michael G?nther  
Moltkestra?e 49	D-76133 Karlsruhe  
Tel./Fax : +49 (0)721 / 83044 - 98/93  
http://www.in-put.de/  
*****************************************  
_____________________________________________________________________
Der WEB.DE Virenschutz schuetzt Ihr Postfach vor dem Wurm Beagle.A-J!
Kostenfrei fuer FreeMail Nutzer. http://f.web.de/?mc=021158

On Thursday, March 11, 2004 3:05 PM Stefan G?nther
wrote:
>
> chmod u+s /usr/bin/smbmount
> 
> Hm, suid root -not a really good idea ...
> 
Can sudo be used instead?
> >  [root@sambaclient1 root]# smbmount //testtech/shawn /home/shawn/mnt
> > username=shawn uid=root gid=root fmask=0755 gmask=0755 workgroup=tech
rw
> > Password:
> > 4606: session setup failed: ERRDOS - ERRnoaccess (Access denied.)
> > SMB connection failed
> > --
> Did you add root to smbpasswd? Maybe the reason,why it fails.
> 
I'm not using samba as a domain controller, so I don't think that this
applies.  Using mount -t smbfs... works, though.  I think my typo above had
something to do with it (gmask instead of dmask) because I can use smbmount
now.
> Is it really necessary that your user are able to mount the shares
> manually or is it acceptable for you that
> the user shares are mounted automatically when the computer starts?
> If second option is ok for you, you shoudl have a look at how SuSE deals
> with this problem. SuSE uses a
> file called smbfstab in /etc/samba:
> 
> # service       moint-point     options
> 
> ;//fjall/test   /data/test      username=tridge,password=foobar
> 
> This file is used for a start script (/etc/init.d/smbfs) which mounts all
> smb filesystems during system
> start.
> 
Well, since many users will be using these computers and there is no way of
knowing which user may sit down at a machine, this will not work.  I need
something that will work for all users when they log in, and I cannot have
the password in plain text anywhere, not even in a file.  

What I need is a pam_exec module that will execute a mount command and
substitute the username and password in the command.

On Thursday, March 11, 2004 7:03 PM Shawn wrote:
> 
> Well, since many users will be using these computers and there is no way
> of
> knowing which user may sit down at a machine, this will not work.  I need
> something that will work for all users when they log in, and I cannot have
> the password in plain text anywhere, not even in a file.
> 
> What I need is a pam_exec module that will execute a mount command and
> substitute the username and password in the command.
I did it!  I can now log in and access a share while only prompting for a
password once!  Here is how I did it:

I downloaded pam_mount from
http://www.flyn.org/projects/pam_mount/index.html

and installed it.

I then edited the /etc/security/pam_mount.conf and added the following near
the end:

volume * smb testtech & /home/&/mnt uid=&,gid=& - -

I also edited my /etc/pam.d/system-auth accordingly.  Oh what a great
utility!  This is exactly what I was looking for!